{"@context":"https://openvex.dev/ns/v0.2.0","@id":"pkg:docker/agent@7.78.1","author":"security@datadoghq.com","author_role":"Vulnerability Management","last_updated":"2026-05-14T11:44:31.587549541Z","statements":[{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.161976Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.161975Z","products":[{"@id":"pkg:golang/stdlib@1.25.9"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.161975Z","vulnerability":{"name":"CVE-2026-39820"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.16184Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.161839Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.161839Z","vulnerability":{"name":"CVE-2026-3087"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.157945Z","impact_statement":"The product is not affected by CVE-2019-16294 as the vulnerable component SciLexer.dll is not present","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T11:17:51.157945Z","products":[{"@id":"pkg:generic/scintilla@4.4.6"}],"status":"not_affected","timestamp":"2026-05-14T11:17:51.157945Z","vulnerability":{"name":"CVE-2019-16294"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.158063Z","impact_statement":"The agent uses Java for JMXFetch which runs only trusted, administrator-installed code to gather metrics from JMX-enabled applications making the exploitation scenario described in this CVE inapplicable to the agent's use case.","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-05-14T11:17:51.158062Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"not_affected","timestamp":"2026-05-14T11:17:51.158062Z","vulnerability":{"name":"CVE-2025-30749"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.158222Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.158221Z","products":[{"@id":"pkg:generic/sqlite@3.43.2"},{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"affected","timestamp":"2026-05-14T11:17:51.158221Z","vulnerability":{"name":"CVE-2025-6965"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.158353Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.158353Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-05-14T11:17:51.158352Z","vulnerability":{"name":"CVE-2025-50106"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.158412Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.158411Z","products":[{"@id":"pkg:generic/sqlite@3.43.2"},{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"affected","timestamp":"2026-05-14T11:17:51.158411Z","vulnerability":{"name":"CVE-2025-3277"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.158455Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.158455Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-05-14T11:17:51.158455Z","vulnerability":{"name":"CVE-2025-21587"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.158503Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.158503Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-05-14T11:17:51.158503Z","vulnerability":{"name":"CVE-2025-50059"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.15856Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.15856Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-05-14T11:17:51.15856Z","vulnerability":{"name":"CVE-2025-30698"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.158604Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.158604Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-05-14T11:17:51.158604Z","vulnerability":{"name":"CVE-2025-30761"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.158633Z","impact_statement":"The Datadog Agent does not load or run untrusted Java code and is not a sandboxed Java runtime for customer applications. Accordingly, under normal and supported usage, Datadog has identified no viable exploit path for these vulnerabilities","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-05-14T11:17:51.158633Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"not_affected","timestamp":"2026-05-14T11:17:51.158633Z","vulnerability":{"name":"CVE-2025-30754"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.158688Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.158687Z","products":[{"@id":"pkg:generic/sqlite@3.43.2"},{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"affected","timestamp":"2026-05-14T11:17:51.158687Z","vulnerability":{"name":"CVE-2025-29087"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.158852Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.158851Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.158851Z","vulnerability":{"name":"CVE-2026-6100"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.159778Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.159778Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.159778Z","vulnerability":{"name":"CVE-2026-22016"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.160012Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.160012Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-05-14T11:17:51.160012Z","vulnerability":{"name":"CVE-2025-21502"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.160165Z","impact_statement":"The detected artifact (`libpq.dll`) is the PostgreSQL client connection library bundled with the psycopg3 binary wheel and does not contain the vulnerable dump/restore code","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T11:17:51.160165Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-05-14T11:17:51.160165Z","vulnerability":{"name":"CVE-2025-8715"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.160287Z","impact_statement":"This vulnerability detection is a false positive caused by overly broad CPE matching in vulnerability databases. The CVE does not apply to the Windows Datadog Agent.","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T11:17:51.160287Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-05-14T11:17:51.160287Z","vulnerability":{"name":"CVE-2017-8806"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.160465Z","impact_statement":"The vulnerability affects the `mimetypes` module's use of Unix-style paths on Windows, requiring a local user to plant malicious files. No agent code uses `mimetypes`, no local users exist in the container, and the CVSS score is 2.3/Low","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-05-14T11:17:51.160465Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"not_affected","timestamp":"2026-05-14T11:17:51.160465Z","vulnerability":{"name":"CVE-2024-3220"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.16065Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.16065Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.16065Z","vulnerability":{"name":"CVE-2026-3298"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.161267Z","impact_statement":"Oracle's advisory explicitly exempts server-side Java deployments running trusted code and the Datadog Agent JMX fetcher is a server-side process running only the trusted jmxfetch.jar","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-05-14T11:17:51.161267Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"not_affected","timestamp":"2026-05-14T11:17:51.161267Z","vulnerability":{"name":"CVE-2026-21945"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.161334Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.161333Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-05-14T11:17:51.161333Z","vulnerability":{"name":"CVE-2025-53066"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.161403Z","impact_statement":"The Datadog Agent uses libpq exclusively as a client library for database connections; it does not host a PostgreSQL server or load server extensions","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T11:17:51.161402Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-05-14T11:17:51.161402Z","vulnerability":{"name":"CVE-2026-2004"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.161492Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.161492Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.161491Z","vulnerability":{"name":"CVE-2026-34282"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.161577Z","impact_statement":"No agent code uses `imaplib`, the agent is an infrastructure monitoring tool with no email/IMAP functionality","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T11:17:51.161577Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"not_affected","timestamp":"2026-05-14T11:17:51.161577Z","vulnerability":{"name":"CVE-2025-15366"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.16171Z","impact_statement":"interpreter. The vulnerability is a command injection via newlines in the `poplib` module (Python's POP3 email client library). No agent code uses `poplib`,","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T11:17:51.16171Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"not_affected","timestamp":"2026-05-14T11:17:51.16171Z","vulnerability":{"name":"CVE-2025-15367"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.162135Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.162134Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.162134Z","vulnerability":{"name":"CVE-2026-1502"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.16225Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.16225Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-05-14T11:17:51.16225Z","vulnerability":{"name":"CVE-2025-53057"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.162327Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.162327Z","products":[{"@id":"pkg:generic/sqlite@3.43.2"},{"@id":"pkg:generic/sqlite@3.23.2"},{"@id":"pkg:generic/sqlite3@3.50.4.0"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.162326Z","vulnerability":{"name":"CVE-2025-70873"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.162371Z","impact_statement":"The detected artifact (`libpq.dll`) is the PostgreSQL client connection library bundled with the psycopg3 binary wheel and does not contain the vulnerable dump/restore code","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T11:17:51.162371Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-05-14T11:17:51.162371Z","vulnerability":{"name":"CVE-2025-8714"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.162402Z","impact_statement":"The Datadog Agent uses libpq exclusively as a client library for database connections; it does not host a PostgreSQL server or load server extensions","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T11:17:51.162401Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-05-14T11:17:51.162401Z","vulnerability":{"name":"CVE-2026-2006"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.162456Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.162456Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.162456Z","vulnerability":{"name":"CVE-2026-22013"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.162531Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.162531Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.162531Z","vulnerability":{"name":"CVE-2026-22021"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.162552Z","impact_statement":"Oracle advisory explicitly excludes server deployments; AWT/JavaFX not used; UI:R unsatisfiable","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-05-14T11:17:51.162552Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"not_affected","timestamp":"2026-05-14T11:17:51.162552Z","vulnerability":{"name":"CVE-2026-21932"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.162591Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.162591Z","products":[{"@id":"pkg:pypi/lxml@6.0.1"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.162591Z","vulnerability":{"name":"CVE-2026-41066"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.162619Z","impact_statement":"The Datadog Agent uses libpq exclusively as a client library for database connections; it does not host a PostgreSQL server or load server extensions","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T11:17:51.162618Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-05-14T11:17:51.162618Z","vulnerability":{"name":"CVE-2026-2005"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.162667Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.162667Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.162667Z","vulnerability":{"name":"CVE-2025-12818"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.162781Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.162781Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.162781Z","vulnerability":{"name":"CVE-2026-7210"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.163035Z","impact_statement":"The vulnerability only affects applications that use the `altchars` parameter or `urlsafe_b64decode()` with a custom alphabet. Neither pattern are used in the agent.","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T11:17:51.163035Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"not_affected","timestamp":"2026-05-14T11:17:51.163035Z","vulnerability":{"name":"CVE-2025-12781"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.163201Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.163201Z","products":[{"@id":"pkg:golang/stdlib@1.25.9"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.1632Z","vulnerability":{"name":"CVE-2026-42499"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.163445Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.163445Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.163445Z","vulnerability":{"name":"CVE-2026-21925"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.163495Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.163495Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.163495Z","vulnerability":{"name":"CVE-2026-22018"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.16353Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.163529Z","products":[{"@id":"pkg:golang/stdlib@1.25.9"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.163529Z","vulnerability":{"name":"CVE-2026-33814"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.164076Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.164076Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.164075Z","vulnerability":{"name":"CVE-2025-12817"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.164135Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.164135Z","products":[{"@id":"pkg:golang/stdlib@1.25.9"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.164135Z","vulnerability":{"name":"CVE-2026-39836"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.164386Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.164386Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.164386Z","vulnerability":{"name":"CVE-2026-6019"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.164575Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.164574Z","products":[{"@id":"pkg:golang/github.com/prometheus/prometheus@v0.309.2-0.20260113170727-c7bc56cf6c8f"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.164574Z","vulnerability":{"name":"CVE-2026-42154"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.164665Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.164665Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.164664Z","vulnerability":{"name":"CVE-2025-8713"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.164733Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.164733Z","products":[{"@id":"pkg:golang/github.com/moby/spdystream@v0.5.0"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.164733Z","vulnerability":{"name":"CVE-2026-35469"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.164776Z","impact_statement":"This is an incomplete-mitigation bypass of CVE-2026-4519: %action substitution in webbrowser.open() can bypass the leading-dash check and allow command injection. The fix was merged into CPython main via PR #148170 on 2026-04-13. The 3.13 backport PR #148517 is open but not yet merged. This fix did not make it into Python 3.13.13 (released 2026-04-07). We are actively tracking until the 3.13 backport merges and ships in the next 3.13.x release.","justification":"","last_updated":"2026-05-14T11:17:51.164776Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"affected","timestamp":"2026-05-14T11:17:51.164776Z","vulnerability":{"name":"CVE-2026-4786"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.164915Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.164915Z","products":[{"@id":"pkg:pypi/cryptography@46.0.6"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.164915Z","vulnerability":{"name":"CVE-2026-39892"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.164971Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.164971Z","products":[{"@id":"pkg:golang/stdlib@1.25.9"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.164971Z","vulnerability":{"name":"CVE-2026-33811"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.16512Z","impact_statement":"The Datadog Agent uses libpq as a client only and does not host PostgreSQL server code.","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T11:17:51.16512Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-05-14T11:17:51.16512Z","vulnerability":{"name":"CVE-2026-2003"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.16516Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.165159Z","products":[{"@id":"pkg:golang/github.com/docker/docker@v28.5.2%2Bincompatible"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.165159Z","vulnerability":{"name":"CVE-2026-33997"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.16522Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.165219Z","products":[{"@id":"pkg:golang/stdlib@1.25.9"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.165219Z","vulnerability":{"name":"CVE-2026-39826"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.165493Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.165493Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.165493Z","vulnerability":{"name":"CVE-2026-23865"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.165542Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.165541Z","products":[{"@id":"pkg:golang/stdlib@1.25.9"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.165541Z","vulnerability":{"name":"CVE-2026-39817"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.165928Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.165928Z","products":[{"@id":"pkg:golang/stdlib@1.25.9"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.165928Z","vulnerability":{"name":"CVE-2026-42501"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.166303Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.166303Z","products":[{"@id":"pkg:golang/stdlib@1.25.9"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.166303Z","vulnerability":{"name":"CVE-2026-39825"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.166494Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.166494Z","products":[{"@id":"pkg:pypi/pip@26.0.1"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.166494Z","vulnerability":{"name":"CVE-2026-6357"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.166531Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.16653Z","products":[{"@id":"pkg:pypi/pip@26.0.1"}],"status":"affected","timestamp":"2026-05-14T11:17:51.16653Z","vulnerability":{"name":"CVE-2026-3219"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.166563Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.166562Z","products":[{"@id":"pkg:golang/stdlib@1.25.9"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.166562Z","vulnerability":{"name":"CVE-2026-39823"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.166797Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.166796Z","products":[{"@id":"pkg:golang/github.com/prometheus/prometheus@v0.309.2-0.20260113170727-c7bc56cf6c8f"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.166796Z","vulnerability":{"name":"CVE-2026-42151"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.166953Z","impact_statement":"The datadog-agent uses docker exclusively as a client library. It never runs dockerd, never loads or exposes AuthZ plugins, and never executes the daemon-side authorization plugins where the vulnerability lives.","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T11:17:51.166953Z","products":[{"@id":"pkg:golang/github.com/docker/docker@v28.5.2%2Bincompatible"}],"status":"not_affected","timestamp":"2026-05-14T11:17:51.166953Z","vulnerability":{"name":"CVE-2026-34040"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.167344Z","impact_statement":"The UI:R (user interaction required) prerequisite is structurally unsatisfiable in a containerized agent service, and the attack path described targets sandboxed client deployments","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-05-14T11:17:51.167344Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"not_affected","timestamp":"2026-05-14T11:17:51.167344Z","vulnerability":{"name":"CVE-2026-21933"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.167407Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.167407Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.167407Z","vulnerability":{"name":"CVE-2026-22007"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.167458Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.167458Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.167458Z","vulnerability":{"name":"CVE-2026-34268"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.167528Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.167528Z","products":[{"@id":"pkg:golang/github.com/prometheus/prometheus@v0.309.2-0.20260113170727-c7bc56cf6c8f"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.167528Z","vulnerability":{"name":"CVE-2026-40179"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.167559Z","impact_statement":"The Datadog Agent's Go binary uses Go's standard library `compress/zlib` (pure Go, no linkage to system libz), and Python's `zlib` module, while linking against system libz, does not expose `crc32_combine64` to Python userspace.","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-05-14T11:17:51.167559Z","products":[{"@id":"pkg:generic/zlib@1.3.1"},{"@id":"pkg:deb/ubuntu/zlib1g@1%3A1.3.dfsg-3.1ubuntu2.1?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=zlib"},{"@id":"pkg:deb/ubuntu/zlib1g@1%3A1.3.dfsg-3.1ubuntu2.1?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=zlib"}],"status":"not_affected","timestamp":"2026-05-14T11:17:51.167559Z","vulnerability":{"name":"CVE-2026-27171"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.167587Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.167586Z","products":[{"@id":"pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp@v0.16.0"},{"@id":"pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp@v1.40.0"},{"@id":"pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.40.0"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.167586Z","vulnerability":{"name":"CVE-2026-39882"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.167658Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.167658Z","products":[{"@id":"pkg:golang/stdlib@1.25.9"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.167658Z","vulnerability":{"name":"CVE-2026-39819"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.168375Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.168375Z","products":[{"@id":"pkg:pypi/paramiko@4.0.0"}],"status":"affected","timestamp":"2026-05-14T11:17:51.168375Z","vulnerability":{"name":"CVE-2026-44405"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.168557Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.168556Z","products":[{"@id":"pkg:pypi/urllib3@2.6.3"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.168556Z","vulnerability":{"name":"CVE-2026-44431"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.168599Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.168599Z","products":[{"@id":"pkg:pypi/urllib3@2.6.3"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.168598Z","vulnerability":{"name":"CVE-2026-44432"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.168631Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.168631Z","products":[{"@id":"pkg:golang/github.com/prometheus/prometheus@v0.309.2-0.20260113170727-c7bc56cf6c8f"}],"status":"under_investigation","timestamp":"2026-05-14T11:17:51.168631Z","vulnerability":{"name":"CVE-2026-44903"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:17:51.168665Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.168664Z","products":[{"@id":"pkg:pypi/setuptools@75.1.0?catalog_name=setuptools3\u0026download_url=https%3A%2F%2Fgithub.com%2Fpypa%2Fsetuptools%2Farchive%2Fv75.1.0.tar.gz\u0026checksum=sha256:514dc60688d3118c9883a3dd54a38b28128ea912c01ea325d6e204a93da3b524"}],"status":"affected","timestamp":"2026-05-14T11:17:51.168664Z","vulnerability":{"name":"CVE-2025-47273"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.250439Z","products":[{"@id":"pkg:generic/python@3.13.12"}],"status":"fixed","timestamp":"2026-05-14T11:17:51.250439Z","vulnerability":{"name":"CVE-2026-3644"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.250475Z","products":[{"@id":"pkg:generic/python@3.13.12"}],"status":"fixed","timestamp":"2026-05-14T11:17:51.250475Z","vulnerability":{"name":"CVE-2026-4224"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.250483Z","products":[{"@id":"pkg:golang/stdlib@1.25.8"}],"status":"fixed","timestamp":"2026-05-14T11:17:51.250483Z","vulnerability":{"name":"CVE-2026-27143"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.250487Z","products":[{"@id":"pkg:generic/python@3.13.12"}],"status":"fixed","timestamp":"2026-05-14T11:17:51.250487Z","vulnerability":{"name":"CVE-2026-3446"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.250492Z","products":[{"@id":"pkg:golang/stdlib@1.25.8"}],"status":"fixed","timestamp":"2026-05-14T11:17:51.250492Z","vulnerability":{"name":"CVE-2026-32281"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.250495Z","products":[{"@id":"pkg:golang/stdlib@1.25.8"}],"status":"fixed","timestamp":"2026-05-14T11:17:51.250495Z","vulnerability":{"name":"CVE-2026-32280"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.250502Z","products":[{"@id":"pkg:golang/stdlib@1.25.8"}],"status":"fixed","timestamp":"2026-05-14T11:17:51.250502Z","vulnerability":{"name":"CVE-2026-32283"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.250506Z","products":[{"@id":"pkg:golang/stdlib@1.25.8"}],"status":"fixed","timestamp":"2026-05-14T11:17:51.250505Z","vulnerability":{"name":"CVE-2026-27140"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.250514Z","products":[{"@id":"pkg:generic/python@3.13.12"}],"status":"fixed","timestamp":"2026-05-14T11:17:51.250513Z","vulnerability":{"name":"CVE-2026-2297"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.250525Z","products":[{"@id":"pkg:pypi/pip@25.3"}],"status":"fixed","timestamp":"2026-05-14T11:17:51.250525Z","vulnerability":{"name":"CVE-2026-1703"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.250531Z","products":[{"@id":"pkg:golang/stdlib@1.25.8"}],"status":"fixed","timestamp":"2026-05-14T11:17:51.250531Z","vulnerability":{"name":"CVE-2026-32289"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.250535Z","products":[{"@id":"pkg:golang/stdlib@1.25.8"}],"status":"fixed","timestamp":"2026-05-14T11:17:51.250535Z","vulnerability":{"name":"CVE-2026-32282"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.250538Z","products":[{"@id":"pkg:golang/stdlib@1.25.8"}],"status":"fixed","timestamp":"2026-05-14T11:17:51.250538Z","vulnerability":{"name":"CVE-2026-27144"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.250542Z","products":[{"@id":"pkg:generic/python@3.13.12"}],"status":"fixed","timestamp":"2026-05-14T11:17:51.250542Z","vulnerability":{"name":"CVE-2026-4519"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.250547Z","products":[{"@id":"pkg:generic/python@3.13.12"}],"status":"fixed","timestamp":"2026-05-14T11:17:51.250547Z","vulnerability":{"name":"CVE-2025-13462"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.250558Z","products":[{"@id":"pkg:golang/stdlib@1.25.8"}],"status":"fixed","timestamp":"2026-05-14T11:17:51.250558Z","vulnerability":{"name":"CVE-2026-32288"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:51.250562Z","products":[{"@id":"pkg:generic/python@3.13.12"}],"status":"fixed","timestamp":"2026-05-14T11:17:51.250561Z","vulnerability":{"name":"CVE-2026-3479"}},{"action_statement":"This vulnerability was fixed in: 7.78.3","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The Datadog Agent is compiled for Linux, so host_id_bsd.go is excluded at compile time and the kenv invocation is not present in the binary.","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T11:34:55.919341Z","products":[{"@id":"pkg:golang/go.opentelemetry.io/otel/sdk@v1.40.0"}],"status":"affected","timestamp":"2026-05-14T11:17:51.167481Z","vulnerability":{"name":"CVE-2026-39883"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:19:50.835688Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T11:19:50.835688Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"not_affected","timestamp":"2026-05-14T11:19:50.835688Z","vulnerability":{"name":"CVE-2022-35737"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:19:50.836554Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T11:19:50.836554Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"not_affected","timestamp":"2026-05-14T11:19:50.836554Z","vulnerability":{"name":"CVE-2019-8457"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:19:50.837658Z","impact_statement":"The Agent doesn't use winsqlite3.dll as it bundles go-sqlite3 with SQLite.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T11:19:50.837657Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"not_affected","timestamp":"2026-05-14T11:19:50.837657Z","vulnerability":{"name":"CVE-2018-20346"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:19:50.838049Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T11:19:50.838049Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"not_affected","timestamp":"2026-05-14T11:19:50.838048Z","vulnerability":{"name":"CVE-2019-19646"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:19:50.839118Z","impact_statement":"The product is not affected by CVE-2018-20506 as the vulnerable FTS3 component is not present.","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T11:19:50.839118Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"not_affected","timestamp":"2026-05-14T11:19:50.839117Z","vulnerability":{"name":"CVE-2018-20506"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:19:50.839625Z","impact_statement":"The Agent doesn't use winsqlite3.dll as it bundles go-sqlite3 with SQLite.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T11:19:50.839624Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"not_affected","timestamp":"2026-05-14T11:19:50.839624Z","vulnerability":{"name":"CVE-2018-20505"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:19:50.84015Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T11:19:50.84015Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"not_affected","timestamp":"2026-05-14T11:19:50.84015Z","vulnerability":{"name":"CVE-2020-11656"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:19:50.840566Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T11:19:50.840566Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"not_affected","timestamp":"2026-05-14T11:19:50.840566Z","vulnerability":{"name":"CVE-2020-11655"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:19:50.840837Z","impact_statement":"PowerShell's Newtonsoft.Json is unused. No exploitation path exists for CVE-2024-21907 in the agent's actual operation.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T11:19:50.840837Z","products":[{"@id":"pkg:nuget/Newtonsoft.Json@12.0.3"}],"status":"not_affected","timestamp":"2026-05-14T11:19:50.840837Z","vulnerability":{"name":"CVE-2024-21907"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:19:50.840863Z","impact_statement":"CVE-2021-41355 ONLY affects Linux and macOS systems, NOT Windows. The vulnerability was detected in PowerShell's dependencies on a Windows container image where it poses ZERO risk","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T11:19:50.840863Z","products":[{"@id":"pkg:nuget/System.DirectoryServices.Protocols@5.0.0"}],"status":"not_affected","timestamp":"2026-05-14T11:19:50.840863Z","vulnerability":{"name":"CVE-2021-41355"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:19:50.840886Z","impact_statement":"The agent does not perform S/MIME message processing or X.509 certificate imports via email libraries","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T11:19:50.840886Z","products":[{"@id":"pkg:nuget/System.Formats.Asn1@5.0.20.51904"}],"status":"not_affected","timestamp":"2026-05-14T11:19:50.840886Z","vulnerability":{"name":"CVE-2024-38095"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:19:50.841034Z","impact_statement":"This vulnerability poses ZERO risk to the Windows Datadog Agent because the CVE explicitly excludes Windows systems.","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T11:19:50.841034Z","products":[{"@id":"pkg:nuget/System.Drawing.Common@5.0.0"}],"status":"not_affected","timestamp":"2026-05-14T11:19:50.841034Z","vulnerability":{"name":"CVE-2021-24112"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:19:50.841057Z","impact_statement":"The agent's SQL Server monitoring capability uses completely different libraries (Python ADODB/ODBC) and is not affected by .NET SQL Client vulnerabilities. The vulnerable component is present but never invoked","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T11:19:50.841057Z","products":[{"@id":"pkg:nuget/System.Data.SqlClient@4.8.2"}],"status":"not_affected","timestamp":"2026-05-14T11:19:50.841057Z","vulnerability":{"name":"CVE-2024-0056"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:19:50.841156Z","impact_statement":"While System.Security.Cryptography.Xml is present as a PowerShell dependency, the Datadog Agent has no code that could trigger this vulnerability","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T11:19:50.841156Z","products":[{"@id":"pkg:nuget/System.Security.Cryptography.Xml@5.0.0"}],"status":"not_affected","timestamp":"2026-05-14T11:19:50.841156Z","vulnerability":{"name":"CVE-2022-34716"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:19:50.841183Z","impact_statement":"The Agent doesn't use winsqlite3.dll as it bundles go-sqlite3 with SQLite.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T11:19:50.841183Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"not_affected","timestamp":"2026-05-14T11:19:50.841183Z","vulnerability":{"name":"CVE-2019-16168"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:19:50.84135Z","impact_statement":"The product is not affected by CVE-2019-19645 as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T11:19:50.84135Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"not_affected","timestamp":"2026-05-14T11:19:50.84135Z","vulnerability":{"name":"CVE-2019-19645"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:19:50.841729Z","impact_statement":"The agent's SQL Server monitoring capability uses completely different libraries (Python ADODB/ODBC) and is not affected by .NET SQL Client vulnerabilities. The vulnerable component is present but never invoked","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T11:19:50.841729Z","products":[{"@id":"pkg:nuget/System.Data.SqlClient@4.8.2"}],"status":"not_affected","timestamp":"2026-05-14T11:19:50.841729Z","vulnerability":{"name":"CVE-2022-41064"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:19:50.841754Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T11:19:50.841753Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"not_affected","timestamp":"2026-05-14T11:19:50.841753Z","vulnerability":{"name":"CVE-2023-7104"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:19:50.842069Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T11:19:50.842069Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"not_affected","timestamp":"2026-05-14T11:19:50.842068Z","vulnerability":{"name":"CVE-2020-13630"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:19:50.846663Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T11:19:50.846663Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"not_affected","timestamp":"2026-05-14T11:19:50.846662Z","vulnerability":{"name":"CVE-2020-13434"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:19:50.847109Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T11:19:50.847109Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"not_affected","timestamp":"2026-05-14T11:19:50.847109Z","vulnerability":{"name":"CVE-2020-13631"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:19:50.84961Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T11:19:50.84961Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"not_affected","timestamp":"2026-05-14T11:19:50.84961Z","vulnerability":{"name":"CVE-2020-15358"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:19:50.85056Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T11:19:50.85056Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"not_affected","timestamp":"2026-05-14T11:19:50.85056Z","vulnerability":{"name":"CVE-2020-13632"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:19:50.851576Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T11:19:50.851576Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"not_affected","timestamp":"2026-05-14T11:19:50.851575Z","vulnerability":{"name":"CVE-2020-13435"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:16:03.167266Z","products":[{"@id":"pkg:nuget/Microsoft.NETCore.App.Runtime.win-x64@9.0.14"}],"status":"fixed","timestamp":"2026-05-14T11:16:03.167266Z","vulnerability":{"name":"CVE-2026-32178"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:16:03.121025Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:16:03.121025Z","products":[{"@id":"pkg:nuget/System.Security.Cryptography.Xml@9.0.14"}],"status":"under_investigation","timestamp":"2026-05-14T11:16:03.121024Z","vulnerability":{"name":"CVE-2026-33116"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:16:03.12129Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:16:03.12129Z","products":[{"@id":"pkg:nuget/System.Security.Cryptography.Xml@9.0.14"}],"status":"under_investigation","timestamp":"2026-05-14T11:16:03.12129Z","vulnerability":{"name":"CVE-2026-26171"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:16:03.122439Z","impact_statement":"This vulnerability cannot be exploited in the Datadog Agent container. MinGit is an unused component from the PowerShell base image with proper ACL protections. The container security model eliminates the attack surface required for exploitation.","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-05-14T11:16:03.122439Z","products":[{"@id":"pkg:generic/msys2@3.6.6-1cdd4371f24a23dbc385d950806502a872ef79f0"}],"status":"not_affected","timestamp":"2026-05-14T11:16:03.122439Z","vulnerability":{"name":"CVE-2022-37172"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:16:03.167387Z","products":[{"@id":"pkg:nuget/NuGet.Packaging@6.14.0.116"},{"@id":"pkg:nuget/NuGet.Protocol@6.14.0.116"}],"status":"fixed","timestamp":"2026-05-14T11:16:03.167387Z","vulnerability":{"name":"GHSA-g4vj-cjjj-v7hg"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.296401Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.296401Z","products":[{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.15?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.15?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.15?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.15?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=systemd"}],"status":"under_investigation","timestamp":"2026-05-14T11:13:19.296401Z","vulnerability":{"name":"CVE-2026-40228"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.296675Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.296675Z","products":[{"@id":"pkg:deb/ubuntu/libgcrypt20@1.10.3-2build1?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgcrypt20@1.10.3-2build1?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"under_investigation","timestamp":"2026-05-14T11:13:19.296675Z","vulnerability":{"name":"CVE-2026-41989"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.365803Z","products":[{"@id":"pkg:generic/openssl@3.5.5"}],"status":"fixed","timestamp":"2026-05-14T11:13:19.365802Z","vulnerability":{"name":"CVE-2026-31789"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.365808Z","products":[{"@id":"pkg:deb/ubuntu/libcap2@1%3A2.66-5ubuntu2.2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcap2-bin@1%3A2.66-5ubuntu2.2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=libcap2"},{"@id":"pkg:deb/ubuntu/libcap2@1%3A2.66-5ubuntu2.2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcap2-bin@1%3A2.66-5ubuntu2.2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=libcap2"}],"status":"fixed","timestamp":"2026-05-14T11:13:19.365808Z","vulnerability":{"name":"CVE-2026-4878"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.29067Z","impact_statement":"While the vulnerable shadow-utils version is present, the critical exploitation tool (newuidmap) is NOT installed, making the vulnerability unexploitable. Additionally, container architecture eliminates all prerequisite conditions for exploitation.","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T11:13:19.290669Z","products":[{"@id":"pkg:deb/ubuntu/login@1%3A4.13%2Bdfsg1-4ubuntu3.2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=shadow"},{"@id":"pkg:deb/ubuntu/passwd@1%3A4.13%2Bdfsg1-4ubuntu3.2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=shadow"},{"@id":"pkg:deb/ubuntu/login@1%3A4.13%2Bdfsg1-4ubuntu3.2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=shadow"},{"@id":"pkg:deb/ubuntu/passwd@1%3A4.13%2Bdfsg1-4ubuntu3.2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=shadow"}],"status":"not_affected","timestamp":"2026-05-14T11:13:19.290669Z","vulnerability":{"name":"CVE-2024-56433"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.290759Z","impact_statement":"While libgcrypt 1.10.3-2build1 is present and IS vulnerable, the Datadog Agent does not perform RSA decryption operations. The vulnerability requires decrypting attacker-controlled RSA ciphertexts, which the agent never does. OpenSCAP (which uses libgcrypt) is for compliance scanning, not cryptographic decryption.","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T11:13:19.290759Z","products":[{"@id":"pkg:deb/ubuntu/libgcrypt20@1.10.3-2build1?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgcrypt20@1.10.3-2build1?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"not_affected","timestamp":"2026-05-14T11:13:19.290759Z","vulnerability":{"name":"CVE-2024-2236"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.290783Z","impact_statement":"The Datadog Agent uses its significantly newer embedded OpenSSL, not the Ubuntu system OpenSSL package.","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T11:13:19.290783Z","products":[{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"}],"status":"not_affected","timestamp":"2026-05-14T11:13:19.290783Z","vulnerability":{"name":"CVE-2024-41996"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.290915Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.290915Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"under_investigation","timestamp":"2026-05-14T11:13:19.290915Z","vulnerability":{"name":"CVE-2026-42010"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.290966Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.290966Z","products":[{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"}],"status":"under_investigation","timestamp":"2026-05-14T11:13:19.290966Z","vulnerability":{"name":"CVE-2025-27587"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.291Z","impact_statement":"Given the low risk of this vulnerability, since it requires repeated use of the system tar binary and the agent neither invokes /usr/bin/tar nor relies on it for archive handling, instead using Go’s safe archive/tar implementation with path protections, we propose to wait for an official fix from the vendor.","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-05-14T11:13:19.291Z","products":[{"@id":"pkg:deb/ubuntu/tar@1.35%2Bdfsg-3build1?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/tar@1.35%2Bdfsg-3build1?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"not_affected","timestamp":"2026-05-14T11:13:19.291Z","vulnerability":{"name":"CVE-2025-45582"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.291136Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.291136Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"under_investigation","timestamp":"2026-05-14T11:13:19.291135Z","vulnerability":{"name":"CVE-2026-3833"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.291607Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.291607Z","products":[{"@id":"pkg:deb/ubuntu/coreutils@9.4-3ubuntu6.2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/coreutils@9.4-3ubuntu6.2?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"under_investigation","timestamp":"2026-05-14T11:13:19.291607Z","vulnerability":{"name":"CVE-2025-5278"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.291736Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.291736Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"under_investigation","timestamp":"2026-05-14T11:13:19.291736Z","vulnerability":{"name":"CVE-2026-33846"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.291775Z","impact_statement":"The ffmpeg-related packages identified in the scan are transitive dependencies introduced through the browser components used by the Synthetics worker. They are not directly invoked by Datadog application code, but are installed as part of the underlying operating system and Chrome dependencies required for browser-based test execution.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T11:13:19.291775Z","products":[{"@id":"pkg:deb/ubuntu/libelf1t64@0.190-1.1ubuntu0.1?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=elfutils"},{"@id":"pkg:deb/ubuntu/libelf1t64@0.190-1.1ubuntu0.1?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=elfutils"}],"status":"not_affected","timestamp":"2026-05-14T11:13:19.291775Z","vulnerability":{"name":"CVE-2025-1352"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.291835Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.291834Z","products":[{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"}],"status":"affected","timestamp":"2026-05-14T11:13:19.291834Z","vulnerability":{"name":"CVE-2026-4437"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.292051Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.292051Z","products":[{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"}],"status":"affected","timestamp":"2026-05-14T11:13:19.292051Z","vulnerability":{"name":"CVE-2026-4046"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.292247Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.292247Z","products":[{"@id":"pkg:deb/ubuntu/coreutils@9.4-3ubuntu6.2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/coreutils@9.4-3ubuntu6.2?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-05-14T11:13:19.292247Z","vulnerability":{"name":"CVE-2016-2781"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.292298Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.292298Z","products":[{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"}],"status":"under_investigation","timestamp":"2026-05-14T11:13:19.292298Z","vulnerability":{"name":"CVE-2026-5450"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.292366Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.292366Z","products":[{"@id":"pkg:generic/curl@8.19.0"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.8?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.8?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.8?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.8?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"under_investigation","timestamp":"2026-05-14T11:13:19.292366Z","vulnerability":{"name":"CVE-2026-5545"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.292444Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.292444Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"under_investigation","timestamp":"2026-05-14T11:13:19.292444Z","vulnerability":{"name":"CVE-2026-33845"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.292496Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.292496Z","products":[{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"}],"status":"under_investigation","timestamp":"2026-05-14T11:13:19.292496Z","vulnerability":{"name":"CVE-2026-5928"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.292768Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.292767Z","products":[{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"}],"status":"under_investigation","timestamp":"2026-05-14T11:13:19.292767Z","vulnerability":{"name":"CVE-2026-5435"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.292824Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.292824Z","products":[{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"}],"status":"under_investigation","timestamp":"2026-05-14T11:13:19.292823Z","vulnerability":{"name":"CVE-2026-6238"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.29292Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.29292Z","products":[{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"}],"status":"affected","timestamp":"2026-05-14T11:13:19.292919Z","vulnerability":{"name":"CVE-2026-4438"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.293017Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.293017Z","products":[{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.15?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.15?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.15?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.15?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=systemd"}],"status":"under_investigation","timestamp":"2026-05-14T11:13:19.293017Z","vulnerability":{"name":"CVE-2026-40225"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.293095Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.293095Z","products":[{"@id":"pkg:deb/ubuntu/libncursesw6@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/libtinfo6@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/ncurses-base@6.4%2B20240113-1ubuntu2?arch=all\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/ncurses-bin@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/libncursesw6@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/libtinfo6@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/ncurses-bin@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"}],"status":"under_investigation","timestamp":"2026-05-14T11:13:19.293094Z","vulnerability":{"name":"CVE-2025-6141"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.293243Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.293242Z","products":[{"@id":"pkg:deb/ubuntu/libpam0g@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-modules@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-modules-bin@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-runtime@1.5.3-5ubuntu5.5?arch=all\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam0g@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-modules@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-modules-bin@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=pam"}],"status":"under_investigation","timestamp":"2026-05-14T11:13:19.293242Z","vulnerability":{"name":"CVE-2026-43916"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.293392Z","impact_statement":"While the vulnerable libpam0g package is present in the Datadog Agent's Ubuntu base image, the Agent does not use PAM for authentication operations, making this vulnerability not exploitable in the Agent's context.","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-05-14T11:13:19.293392Z","products":[{"@id":"pkg:deb/ubuntu/libpam0g@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-modules@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-modules-bin@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-runtime@1.5.3-5ubuntu5.5?arch=all\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam0g@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-modules@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-modules-bin@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=pam"}],"status":"not_affected","timestamp":"2026-05-14T11:13:19.293392Z","vulnerability":{"name":"CVE-2024-10041"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.293684Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.293684Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"under_investigation","timestamp":"2026-05-14T11:13:19.293684Z","vulnerability":{"name":"CVE-2026-3832"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.293762Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.293762Z","products":[{"@id":"pkg:deb/ubuntu/liblzma5@5.6.1%2Breally5.4.5-1ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=xz-utils"},{"@id":"pkg:deb/ubuntu/liblzma5@5.6.1%2Breally5.4.5-1ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=xz-utils"}],"status":"under_investigation","timestamp":"2026-05-14T11:13:19.293762Z","vulnerability":{"name":"CVE-2026-34743"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.294043Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.294042Z","products":[{"@id":"pkg:deb/ubuntu/tar@1.35%2Bdfsg-3build1?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/tar@1.35%2Bdfsg-3build1?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-05-14T11:13:19.294042Z","vulnerability":{"name":"CVE-2026-5704"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.294202Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.294201Z","products":[{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"}],"status":"affected","timestamp":"2026-05-14T11:13:19.294201Z","vulnerability":{"name":"CVE-2016-20013"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.294731Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.294731Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"under_investigation","timestamp":"2026-05-14T11:13:19.294731Z","vulnerability":{"name":"CVE-2026-42011"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.294827Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.294827Z","products":[{"@id":"pkg:generic/curl@8.19.0"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.8?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.8?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.8?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.8?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"under_investigation","timestamp":"2026-05-14T11:13:19.294827Z","vulnerability":{"name":"CVE-2026-5773"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.295038Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.295038Z","products":[{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.15?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.15?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.15?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.15?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=systemd"}],"status":"under_investigation","timestamp":"2026-05-14T11:13:19.295037Z","vulnerability":{"name":"CVE-2026-40227"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.295096Z","impact_statement":"The Datadog Agent reads dpkg status metadata files (`/var/lib/dpkg/status`) in Go for SBOM and compliance purposes but never invokes `dpkg-deb` or processes .deb archives at runtime. No fix is available for Ubuntu 24.04 yet.","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-05-14T11:13:19.295096Z","products":[{"@id":"pkg:deb/ubuntu/dpkg@1.22.6ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/dpkg@1.22.6ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"not_affected","timestamp":"2026-05-14T11:13:19.295096Z","vulnerability":{"name":"CVE-2026-2219"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.295534Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.295534Z","products":[{"@id":"pkg:deb/ubuntu/bsdutils@1%3A2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux%402.39.3-9ubuntu6.5"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/util-linux@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/bsdutils@1%3A2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux%402.39.3-9ubuntu6.5"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/util-linux@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-05-14T11:13:19.295534Z","vulnerability":{"name":"CVE-2026-27456"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.295911Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.295911Z","products":[{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.15?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.15?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.15?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.15?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=systemd"}],"status":"under_investigation","timestamp":"2026-05-14T11:13:19.295911Z","vulnerability":{"name":"CVE-2026-40223"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.296954Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.296953Z","products":[{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.15?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.15?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.15?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.15?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=systemd"}],"status":"under_investigation","timestamp":"2026-05-14T11:13:19.296953Z","vulnerability":{"name":"CVE-2026-40224"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.29715Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.29715Z","products":[{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.15?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.15?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.15?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.15?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=systemd"}],"status":"under_investigation","timestamp":"2026-05-14T11:13:19.29715Z","vulnerability":{"name":"CVE-2026-40226"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.297229Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.297229Z","products":[{"@id":"pkg:deb/ubuntu/gpgv@2.4.4-2ubuntu17.4?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnupg2"},{"@id":"pkg:deb/ubuntu/gpgv@2.4.4-2ubuntu17.4?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnupg2"}],"status":"affected","timestamp":"2026-05-14T11:13:19.297229Z","vulnerability":{"name":"CVE-2022-3219"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.297268Z","impact_statement":"While libbpf1 version 1.3.0-2build2 is installed and IS vulnerable, the Datadog Agent does not use libbpf. Additionally, the vulnerability is disputed by maintainers as it requires root privileges to trigger.","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-05-14T11:13:19.297268Z","products":[{"@id":"pkg:deb/ubuntu/libbpf1@1%3A1.3.0-2build2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=libbpf%401.3.0-2build2"},{"@id":"pkg:deb/ubuntu/libbpf1@1%3A1.3.0-2build2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=libbpf%401.3.0-2build2"}],"status":"not_affected","timestamp":"2026-05-14T11:13:19.297268Z","vulnerability":{"name":"CVE-2025-29481"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.297591Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.297591Z","products":[{"@id":"pkg:deb/ubuntu/libncursesw6@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/libtinfo6@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/ncurses-base@6.4%2B20240113-1ubuntu2?arch=all\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/ncurses-bin@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/libncursesw6@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/libtinfo6@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/ncurses-bin@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"}],"status":"under_investigation","timestamp":"2026-05-14T11:13:19.297591Z","vulnerability":{"name":"CVE-2025-69720"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.297885Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.297885Z","products":[{"@id":"pkg:deb/ubuntu/libelf1t64@0.190-1.1ubuntu0.1?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=elfutils"},{"@id":"pkg:deb/ubuntu/libelf1t64@0.190-1.1ubuntu0.1?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=elfutils"}],"status":"affected","timestamp":"2026-05-14T11:13:19.297885Z","vulnerability":{"name":"CVE-2025-1376"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.298343Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.298343Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"under_investigation","timestamp":"2026-05-14T11:13:19.298343Z","vulnerability":{"name":"CVE-2026-42009"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.298404Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.298404Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"under_investigation","timestamp":"2026-05-14T11:13:19.298404Z","vulnerability":{"name":"CVE-2026-42012"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.29846Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.29846Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"under_investigation","timestamp":"2026-05-14T11:13:19.29846Z","vulnerability":{"name":"CVE-2026-42013"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.298514Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.298514Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"under_investigation","timestamp":"2026-05-14T11:13:19.298514Z","vulnerability":{"name":"CVE-2026-42014"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.298567Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.298567Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"under_investigation","timestamp":"2026-05-14T11:13:19.298567Z","vulnerability":{"name":"CVE-2026-42015"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.298621Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.298621Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"under_investigation","timestamp":"2026-05-14T11:13:19.29862Z","vulnerability":{"name":"CVE-2026-5260"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:13:19.298669Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.298669Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"under_investigation","timestamp":"2026-05-14T11:13:19.298669Z","vulnerability":{"name":"CVE-2026-5419"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.365173Z","products":[{"@id":"pkg:generic/openssl@3.5.5"}],"status":"fixed","timestamp":"2026-05-14T11:13:19.365172Z","vulnerability":{"name":"CVE-2026-28389"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.365206Z","products":[{"@id":"pkg:generic/openssl@3.5.5"}],"status":"fixed","timestamp":"2026-05-14T11:13:19.365205Z","vulnerability":{"name":"CVE-2026-28390"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.365214Z","products":[{"@id":"pkg:generic/openssl@3.5.5"}],"status":"fixed","timestamp":"2026-05-14T11:13:19.365214Z","vulnerability":{"name":"CVE-2026-28387"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.365218Z","products":[{"@id":"pkg:generic/openssl@3.5.5"}],"status":"fixed","timestamp":"2026-05-14T11:13:19.365218Z","vulnerability":{"name":"CVE-2026-31790"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.365222Z","products":[{"@id":"pkg:generic/openssl@3.5.5"}],"status":"fixed","timestamp":"2026-05-14T11:13:19.365222Z","vulnerability":{"name":"CVE-2026-28388"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:13:19.365767Z","products":[{"@id":"pkg:generic/openssl@3.5.5"}],"status":"fixed","timestamp":"2026-05-14T11:13:19.365767Z","vulnerability":{"name":"CVE-2026-2673"}},{"action_statement":"This vulnerability was fixed in: 7.78.3","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:28:35.482474Z","products":[{"@id":"pkg:deb/ubuntu/sed@4.9-2build1?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/sed@4.9-2build1?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-05-14T11:13:19.297957Z","vulnerability":{"name":"CVE-2026-5958"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:07:57.107098Z","impact_statement":"CVE-2018-10126 represents ZERO security risk to the Datadog Agent running on Ubuntu 24.04. Both Ubuntu and Debian security teams have assessed this as having no security impact, and the vulnerability cannot be reproduced in modern versions of the software.","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-05-14T11:07:57.107098Z","products":[{"@id":"pkg:deb/ubuntu/libjpeg-turbo8@2.1.5-2ubuntu2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=libjpeg-turbo"},{"@id":"pkg:deb/ubuntu/libjpeg-turbo8@2.1.5-2ubuntu2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=libjpeg-turbo"}],"status":"not_affected","timestamp":"2026-05-14T11:07:57.107098Z","vulnerability":{"name":"CVE-2018-10126"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:07:57.110187Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:07:57.110187Z","products":[{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"}],"status":"under_investigation","timestamp":"2026-05-14T11:07:57.110187Z","vulnerability":{"name":"CVE-2026-22008"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:07:57.112732Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:07:57.112696Z","products":[{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"}],"status":"under_investigation","timestamp":"2026-05-14T11:07:57.112696Z","vulnerability":{"name":"CVE-2026-22003"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:07:57.114879Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:07:57.114879Z","products":[{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"}],"status":"under_investigation","timestamp":"2026-05-14T11:07:57.114879Z","vulnerability":{"name":"CVE-2026-22020"}},{"action_statement":"This vulnerability was fixed in: 7.78.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:52.738392Z","products":[{"@id":"pkg:deb/ubuntu/liblcms2-2@2.14-2build1?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=lcms2"},{"@id":"pkg:deb/ubuntu/liblcms2-2@2.14-2build1?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=lcms2"}],"status":"affected","timestamp":"2026-05-14T11:07:57.110749Z","vulnerability":{"name":"CVE-2026-41254"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:07:27.281445Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:07:27.281445Z","products":[{"@id":"pkg:golang/github.com/apache/thrift@v0.22.0"}],"status":"under_investigation","timestamp":"2026-05-14T11:07:27.281445Z","vulnerability":{"name":"CVE-2026-41602"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:19:49.743332Z","impact_statement":"The Datadog Agent has no MimeKit dependency and sends no SMTP mail","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T11:19:49.743332Z","products":[{"@id":"pkg:nuget/MimeKit@4.3.0.0"}],"status":"not_affected","timestamp":"2026-05-14T11:19:49.743332Z","vulnerability":{"name":"CVE-2026-30227"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:19:49.753868Z","impact_statement":"The agent does not perform S/MIME message processing or X.509 certificate imports via email libraries","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T11:19:49.753868Z","products":[{"@id":"pkg:nuget/MimeKit@4.3.0.0"}],"status":"not_affected","timestamp":"2026-05-14T11:19:49.753868Z","vulnerability":{"name":"GHSA-gmc6-fwg3-75m5"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:20:59.888215Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:20:59.888215Z","products":[{"@id":"pkg:golang/github.com/modelcontextprotocol/go-sdk@v1.3.1"}],"status":"under_investigation","timestamp":"2026-05-14T11:20:59.888215Z","vulnerability":{"name":"CVE-2026-34742"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:20:59.888247Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:20:59.888247Z","products":[{"@id":"pkg:deb/ubuntu/libgssapi-krb5-2@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libk5crypto3@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5-3@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5support0@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libgssapi-krb5-2@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libk5crypto3@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5-3@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5support0@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"}],"status":"under_investigation","timestamp":"2026-05-14T11:20:59.888247Z","vulnerability":{"name":"CVE-2026-40355"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:20:59.888328Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:20:59.888328Z","products":[{"@id":"pkg:deb/ubuntu/libgssapi-krb5-2@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libk5crypto3@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5-3@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5support0@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libgssapi-krb5-2@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libk5crypto3@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5-3@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5support0@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"}],"status":"under_investigation","timestamp":"2026-05-14T11:20:59.888328Z","vulnerability":{"name":"CVE-2026-40356"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:20:59.89345Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:20:59.89345Z","products":[{"@id":"pkg:golang/github.com/modelcontextprotocol/go-sdk@v1.3.1"}],"status":"under_investigation","timestamp":"2026-05-14T11:20:59.89345Z","vulnerability":{"name":"CVE-2026-33252"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T11:20:59.894545Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:20:59.894544Z","products":[{"@id":"pkg:golang/github.com/modelcontextprotocol/go-sdk@v1.3.1"}],"status":"under_investigation","timestamp":"2026-05-14T11:20:59.894544Z","vulnerability":{"name":"GHSA-q382-vc8q-7jhj"}},{"action_statement":"This vulnerability was fixed in: 7.78.3","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:38:02.298463Z","products":[{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.8?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.8?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.8?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.8?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"affected","timestamp":"2026-05-14T11:20:59.890236Z","vulnerability":{"name":"CVE-2026-7168"}},{"action_statement":"This vulnerability was fixed in: 7.78.3","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:38:02.298471Z","products":[{"@id":"pkg:deb/ubuntu/libnghttp2-14@1.59.0-1ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=nghttp2"},{"@id":"pkg:deb/ubuntu/libnghttp2-14@1.59.0-1ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=nghttp2"}],"status":"affected","timestamp":"2026-05-14T11:20:59.891639Z","vulnerability":{"name":"CVE-2026-27135"}},{"action_statement":"This vulnerability was fixed in: 7.78.3","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:38:02.298478Z","products":[{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.8?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.8?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.8?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.8?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"affected","timestamp":"2026-05-14T11:20:59.892359Z","vulnerability":{"name":"CVE-2026-6429"}},{"action_statement":"This vulnerability was fixed in: 7.78.3","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:38:02.2985Z","products":[{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.8?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.8?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.8?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.8?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"affected","timestamp":"2026-05-14T11:20:59.893614Z","vulnerability":{"name":"CVE-2026-4873"}},{"action_statement":"This vulnerability was fixed in: 7.78.3","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:38:02.298482Z","products":[{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.8?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.8?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.8?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.8?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"affected","timestamp":"2026-05-14T11:20:59.892732Z","vulnerability":{"name":"CVE-2026-6253"}},{"action_statement":"This vulnerability was fixed in: 7.78.3","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:38:02.29851Z","products":[{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.8?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.8?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.8?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.8?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"affected","timestamp":"2026-05-14T11:20:59.89447Z","vulnerability":{"name":"CVE-2026-6276"}}],"timestamp":"2026-05-01T19:01:52.76738352Z","tooling":"","version":5}