{"@context":"https://openvex.dev/ns/v0.2.0","@id":"pkg:docker/agent@7.80.0","author":"security@datadoghq.com","author_role":"Vulnerability Management","last_updated":"2026-06-29T12:56:16.865003089Z","statements":[{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.685007Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.685007Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"under_investigation","timestamp":"2026-06-29T12:12:57.685007Z","vulnerability":{"name":"CVE-2026-0864"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.680348Z","impact_statement":"The product is not affected by CVE-2019-16294 as the vulnerable component SciLexer.dll is not present","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-06-29T12:12:57.680348Z","products":[{"@id":"pkg:generic/scintilla@4.4.6"}],"status":"not_affected","timestamp":"2026-06-29T12:12:57.680348Z","vulnerability":{"name":"CVE-2019-16294"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.680437Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.680436Z","products":[{"@id":"pkg:generic/7-zip@25.01"}],"status":"affected","timestamp":"2026-06-29T12:12:57.680436Z","vulnerability":{"name":"CVE-2026-48095"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.680487Z","impact_statement":"The Datadog Agent has no MimeKit dependency and sends no SMTP mail","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:12:57.680487Z","products":[{"@id":"pkg:nuget/MimeKit@4.3.0.0"}],"status":"not_affected","timestamp":"2026-06-29T12:12:57.680487Z","vulnerability":{"name":"CVE-2026-30227"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.680519Z","impact_statement":"The detected artifact (`libpq.dll`) is the PostgreSQL client connection library bundled with the psycopg3 binary wheel and does not contain the vulnerable dump/restore code","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:12:57.680519Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T12:12:57.680518Z","vulnerability":{"name":"CVE-2025-8714"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.680672Z","impact_statement":"The Datadog Agent uses libpq exclusively as a client library for database connections; it does not host a PostgreSQL server or load server extensions","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:12:57.680672Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T12:12:57.680672Z","vulnerability":{"name":"CVE-2026-2005"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.680738Z","impact_statement":"The Datadog Agent uses libpq exclusively as a client library for database connections; it does not host a PostgreSQL server or load server extensions","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:12:57.680737Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T12:12:57.680737Z","vulnerability":{"name":"CVE-2026-2006"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.683208Z","impact_statement":"The vulnerability is a command injection via newlines in the `poplib` module (Python's POP3 email client library). No agent code uses `poplib`, the agent is an infrastructure monitoring tool with no email/POP3 functionality","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:12:57.683208Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"not_affected","timestamp":"2026-06-29T12:12:57.683208Z","vulnerability":{"name":"CVE-2025-15367"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.680772Z","impact_statement":"Low risk under normal Agent operation: the vulnerable Python decompression APIs are not used anywhere in the Datadog Agent. The affected code path is not reachable through shipped functionality. Exposure remains theoretically possible through bundled third-party packages or customer-authored checks. We are monitoring the upstream Python 3.13 backport and will track remediation through the planned upgrade to Python 3.13.14, which includes the CVE-2026-6100 fix.","justification":"","last_updated":"2026-06-29T12:12:57.680772Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"affected","timestamp":"2026-06-29T12:12:57.680772Z","vulnerability":{"name":"CVE-2026-6100"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.680943Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.680943Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"under_investigation","timestamp":"2026-06-29T12:12:57.680943Z","vulnerability":{"name":"CVE-2026-11940"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.681255Z","impact_statement":"The Datadog Agent uses libpq exclusively as a client library for database connections; it does not host a PostgreSQL server or load server extensions","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:12:57.681255Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T12:12:57.681255Z","vulnerability":{"name":"CVE-2026-2004"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.681285Z","impact_statement":"This vulnerability was fixed in v7.80.1. The agent embeds Python \u003e3.13.14 which is the patched version","justification":"","last_updated":"2026-06-29T12:12:57.681285Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"fixed","timestamp":"2026-06-29T12:12:57.681285Z","vulnerability":{"name":"CVE-2026-3087"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.681546Z","impact_statement":"CVE-2026-6479 is an uncontrolled recursion vulnerability in the PostgreSQL server-side SSL/GSS connection negotiation path. The Datadog Agent bundle the PostgreSQL client wire-protocol library","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:12:57.681545Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T12:12:57.681545Z","vulnerability":{"name":"CVE-2026-6479"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.681577Z","impact_statement":"CVE-2026-6473 is a PostgreSQL **server-side** integer wraparound vulnerability. The Datadog Agent does not ship or run a PostgreSQL server.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:12:57.681577Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T12:12:57.681576Z","vulnerability":{"name":"CVE-2026-6473"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.681783Z","impact_statement":"The detected artifact (`libpq.dll`) is the PostgreSQL client connection library bundled with the psycopg3 binary wheel and does not contain the vulnerable dump/restore code","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:12:57.681783Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T12:12:57.681783Z","vulnerability":{"name":"CVE-2025-8715"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.681808Z","impact_statement":"CVE-2026-6637 is a stack buffer overflow and SQL injection vulnerability in the PostgreSQL server-side `refint` contrib module, requiring an active PostgreSQL server with `refint` triggers installed to exploit which the Datadog agent does not embed.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:12:57.681808Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T12:12:57.681808Z","vulnerability":{"name":"CVE-2026-6637"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.681835Z","impact_statement":"This vulnerability was fixed in v7.80.1. The agent embeds Python \u003e3.13.14 which is the patched version","justification":"","last_updated":"2026-06-29T12:12:57.681835Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"fixed","timestamp":"2026-06-29T12:12:57.681835Z","vulnerability":{"name":"CVE-2026-3298"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.682227Z","impact_statement":"The Datadog Agent does not ship or run a PostgreSQL server","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:12:57.682227Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T12:12:57.682226Z","vulnerability":{"name":"CVE-2026-6475"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.682266Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.682266Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"under_investigation","timestamp":"2026-06-29T12:12:57.682266Z","vulnerability":{"name":"CVE-2026-1502"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.68242Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.682419Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"under_investigation","timestamp":"2026-06-29T12:12:57.682419Z","vulnerability":{"name":"CVE-2026-11972"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.682542Z","impact_statement":"A server superuser would need to force the agent to call the non-existent lo_read() code path. However no code path in the agent ever calls PQfn() or any lo_* function.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-06-29T12:12:57.682542Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T12:12:57.682542Z","vulnerability":{"name":"CVE-2026-6477"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.682586Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.682585Z","products":[{"@id":"pkg:generic/7-zip@25.01"}],"status":"affected","timestamp":"2026-06-29T12:12:57.682585Z","vulnerability":{"name":"CVE-2026-48092"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.682819Z","impact_statement":"This vulnerability detection is a false positive caused by overly broad CPE matching in vulnerability databases. The CVE does not apply to the Windows Datadog Agent.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:12:57.682819Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T12:12:57.682818Z","vulnerability":{"name":"CVE-2017-8806"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.683029Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.683029Z","products":[{"@id":"pkg:pypi/pyjwt@2.12.1"}],"status":"under_investigation","timestamp":"2026-06-29T12:12:57.683029Z","vulnerability":{"name":"CVE-2026-48526"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.683063Z","impact_statement":"No agent code uses `imaplib`, the agent is an infrastructure monitoring tool with no email/IMAP functionality","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:12:57.683063Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"not_affected","timestamp":"2026-06-29T12:12:57.683062Z","vulnerability":{"name":"CVE-2025-15366"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.683326Z","impact_statement":"This vulnerability cannot be exploited in the Datadog Agent container. MinGit is an unused component from the PowerShell base image with proper ACL protections. The container security model eliminates the attack surface required for exploitation.","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-06-29T12:12:57.683326Z","products":[{"@id":"pkg:generic/msys2@3.6.7-fb42d71358dd896ab324c52970f7d03f9ab0dfe5"}],"status":"not_affected","timestamp":"2026-06-29T12:12:57.683326Z","vulnerability":{"name":"CVE-2022-37172"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.683361Z","impact_statement":"The agent uses libpq solely as an outbound client with no inbound libpq exposure.","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-06-29T12:12:57.683361Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T12:12:57.683361Z","vulnerability":{"name":"CVE-2025-12818"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.683403Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.683403Z","products":[{"@id":"pkg:generic/7-zip@25.01"}],"status":"affected","timestamp":"2026-06-29T12:12:57.683403Z","vulnerability":{"name":"CVE-2026-48101"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.68345Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.68345Z","products":[{"@id":"pkg:generic/7-zip@25.01"}],"status":"affected","timestamp":"2026-06-29T12:12:57.68345Z","vulnerability":{"name":"CVE-2026-48112"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.683483Z","impact_statement":"This vulnerability was fixed in v7.80.1. The agent embeds Python \u003e3.13.14 which is the patched version","justification":"","last_updated":"2026-06-29T12:12:57.683482Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"fixed","timestamp":"2026-06-29T12:12:57.683482Z","vulnerability":{"name":"CVE-2026-4786"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.683628Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.683627Z","products":[{"@id":"pkg:generic/7-zip@25.01"}],"status":"affected","timestamp":"2026-06-29T12:12:57.683627Z","vulnerability":{"name":"CVE-2026-48103"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.683675Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.683675Z","products":[{"@id":"pkg:generic/7-zip@25.01"}],"status":"affected","timestamp":"2026-06-29T12:12:57.683675Z","vulnerability":{"name":"CVE-2026-48111"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.683736Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.683736Z","products":[{"@id":"pkg:pypi/pyjwt@2.12.1"}],"status":"under_investigation","timestamp":"2026-06-29T12:12:57.683736Z","vulnerability":{"name":"CVE-2026-48525"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.683785Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.683785Z","products":[{"@id":"pkg:generic/sqlite3@3.53.0.0"},{"@id":"pkg:generic/sqlite@3.51.1"},{"@id":"pkg:deb/ubuntu/libsqlite3-0@3.45.1-1ubuntu2.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsqlite3-0@3.45.1-1ubuntu2.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=sqlite3"},{"@id":"pkg:deb/ubuntu/libsqlite3-0@3.45.1-1ubuntu2.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsqlite3-0@3.45.1-1ubuntu2.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=sqlite3"},{"@id":"pkg:generic/sqlite@3.43.2"}],"status":"under_investigation","timestamp":"2026-06-29T12:12:57.683785Z","vulnerability":{"name":"CVE-2026-11822"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.683896Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.683896Z","products":[{"@id":"pkg:generic/sqlite3@3.53.0.0"},{"@id":"pkg:generic/sqlite@3.51.1"},{"@id":"pkg:deb/ubuntu/libsqlite3-0@3.45.1-1ubuntu2.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsqlite3-0@3.45.1-1ubuntu2.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=sqlite3"},{"@id":"pkg:deb/ubuntu/libsqlite3-0@3.45.1-1ubuntu2.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsqlite3-0@3.45.1-1ubuntu2.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=sqlite3"},{"@id":"pkg:generic/sqlite@3.43.2"}],"status":"under_investigation","timestamp":"2026-06-29T12:12:57.683896Z","vulnerability":{"name":"CVE-2026-11824"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.683989Z","impact_statement":"CVE-2026-6478 is a covert timing-channel vulnerability in the PostgreSQL server's MD5 password-comparison routine during client authentication. The Datadog agent image does not ship or run a PostgreSQL server","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:12:57.683988Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T12:12:57.683988Z","vulnerability":{"name":"CVE-2026-6478"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.684018Z","impact_statement":"The Datadog Agent uses libpq as a client only and does not host PostgreSQL server code.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:12:57.684017Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T12:12:57.684017Z","vulnerability":{"name":"CVE-2026-2003"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.684056Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.684056Z","products":[{"@id":"pkg:golang/go.mongodb.org/mongo-driver@v1.17.6"}],"status":"under_investigation","timestamp":"2026-06-29T12:12:57.684056Z","vulnerability":{"name":"CVE-2026-2303"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.684088Z","impact_statement":"The vulnerability affects the `mimetypes` module's use of Unix-style paths on Windows. No agent code uses `mimetypes` and no local users exist in the container","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-06-29T12:12:57.684088Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"not_affected","timestamp":"2026-06-29T12:12:57.684088Z","vulnerability":{"name":"CVE-2024-3220"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.684225Z","impact_statement":"The Datadog Agent does not ship or run a PostgreSQL server","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:12:57.684225Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T12:12:57.684225Z","vulnerability":{"name":"CVE-2026-6638"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.68439Z","impact_statement":"The Datadog Agent contains no PostgreSQL server binaries. The agent bundles only the psycopg Python client library and its libpq dependency on Linux builds; the Windows build contains neither","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:12:57.68439Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T12:12:57.684389Z","vulnerability":{"name":"CVE-2026-6474"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.684415Z","impact_statement":"The Datadog Agent's Go binary uses Go's standard library `compress/zlib` (pure Go, no linkage to system libz), and Python's `zlib` module, while linking against system libz, does not expose `crc32_combine64` to Python userspace.","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-06-29T12:12:57.684415Z","products":[{"@id":"pkg:generic/zlib@1.3.1"},{"@id":"pkg:deb/ubuntu/zlib1g@1%3A1.3.dfsg-3.1ubuntu2.1?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=zlib"},{"@id":"pkg:deb/ubuntu/zlib1g@1.3.dfsg-3.1ubuntu2.1?arch=arm64\u0026distro=ubuntu-24.04\u0026epoch=1"},{"@id":"pkg:deb/ubuntu/zlib1g@1%3A1.3.dfsg-3.1ubuntu2.1?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=zlib"},{"@id":"pkg:deb/ubuntu/zlib1g@1.3.dfsg-3.1ubuntu2.1?arch=amd64\u0026distro=ubuntu-24.04\u0026epoch=1"}],"status":"not_affected","timestamp":"2026-06-29T12:12:57.684415Z","vulnerability":{"name":"CVE-2026-27171"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.684463Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.684462Z","products":[{"@id":"pkg:pypi/pyjwt@2.12.1"}],"status":"under_investigation","timestamp":"2026-06-29T12:12:57.684462Z","vulnerability":{"name":"CVE-2026-48522"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.684494Z","impact_statement":"This vulnerability lives entirely in PostgreSQL's DDL privilege-checking code and has no client-library component. The Datadog Agent bundles only `libpq` a client wire-protocol library that contains no DDL authorization logic.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:12:57.684494Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T12:12:57.684494Z","vulnerability":{"name":"CVE-2026-6472"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.684557Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.684557Z","products":[{"@id":"pkg:generic/7-zip@25.01"}],"status":"affected","timestamp":"2026-06-29T12:12:57.684556Z","vulnerability":{"name":"CVE-2026-48104"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.684608Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.684608Z","products":[{"@id":"pkg:generic/7-zip@25.01"}],"status":"affected","timestamp":"2026-06-29T12:12:57.684608Z","vulnerability":{"name":"CVE-2026-48102"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.684658Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.684657Z","products":[{"@id":"pkg:pypi/pyjwt@2.12.1"}],"status":"under_investigation","timestamp":"2026-06-29T12:12:57.684657Z","vulnerability":{"name":"CVE-2026-48524"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.684706Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.684706Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"under_investigation","timestamp":"2026-06-29T12:12:57.684706Z","vulnerability":{"name":"CVE-2026-12003"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.684868Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.684868Z","products":[{"@id":"pkg:pypi/pyjwt@2.12.1"}],"status":"under_investigation","timestamp":"2026-06-29T12:12:57.684868Z","vulnerability":{"name":"CVE-2026-48523"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.684902Z","impact_statement":"No PostgreSQL server binary exists in the image.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:12:57.684902Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T12:12:57.684902Z","vulnerability":{"name":"CVE-2025-8713"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.684931Z","impact_statement":"CVE-2025-12817 is a server-side PostgreSQL CREATE STATISTICS missing authorization flaw. The Datadog Agent does not ship a PostgreSQL server","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:12:57.684931Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T12:12:57.684931Z","vulnerability":{"name":"CVE-2025-12817"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.685158Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.685158Z","products":[{"@id":"pkg:pypi/paramiko@4.0.0"}],"status":"affected","timestamp":"2026-06-29T12:12:57.685158Z","vulnerability":{"name":"CVE-2026-44405"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.685197Z","impact_statement":"The agent does not perform S/MIME message processing or X.509 certificate imports via email libraries","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:12:57.685197Z","products":[{"@id":"pkg:nuget/MimeKit@4.3.0.0"}],"status":"not_affected","timestamp":"2026-06-29T12:12:57.685197Z","vulnerability":{"name":"GHSA-gmc6-fwg3-75m5"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.685237Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.685237Z","products":[{"@id":"pkg:pypi/cryptography@46.0.7"}],"status":"under_investigation","timestamp":"2026-06-29T12:12:57.685237Z","vulnerability":{"name":"GHSA-537c-gmf6-5ccf"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.685273Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.685273Z","products":[{"@id":"pkg:golang/github.com/containerd/containerd@v1.7.32"}],"status":"under_investigation","timestamp":"2026-06-29T12:12:57.685273Z","vulnerability":{"name":"CVE-2026-53488"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.685329Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.685329Z","products":[{"@id":"pkg:golang/github.com/containerd/containerd@v1.7.32"}],"status":"under_investigation","timestamp":"2026-06-29T12:12:57.685329Z","vulnerability":{"name":"CVE-2026-47262"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.685397Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.685396Z","products":[{"@id":"pkg:pypi/tuf@4.0.0"}],"status":"affected","timestamp":"2026-06-29T12:12:57.685396Z","vulnerability":{"name":"GHSA-qp9x-wp8f-qgjj"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:12:57.685449Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.685448Z","products":[{"@id":"pkg:pypi/setuptools@75.1.0?catalog_name=setuptools3\u0026download_url=https%3A%2F%2Fgithub.com%2Fpypa%2Fsetuptools%2Farchive%2Fv75.1.0.tar.gz\u0026checksum=sha256:514dc60688d3118c9883a3dd54a38b28128ea912c01ea325d6e204a93da3b524"}],"status":"affected","timestamp":"2026-06-29T12:12:57.685448Z","vulnerability":{"name":"CVE-2025-47273"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.847957Z","products":[{"@id":"pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x64@9.0.16"}],"status":"fixed","timestamp":"2026-06-29T12:12:57.847957Z","vulnerability":{"name":"CVE-2026-45591"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.847981Z","products":[{"@id":"pkg:pypi/urllib3@2.6.3"}],"status":"fixed","timestamp":"2026-06-29T12:12:57.847981Z","vulnerability":{"name":"CVE-2026-44431"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.847988Z","products":[{"@id":"pkg:pypi/urllib3@2.6.3"}],"status":"fixed","timestamp":"2026-06-29T12:12:57.847987Z","vulnerability":{"name":"CVE-2026-44432"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.847992Z","products":[{"@id":"pkg:nuget/Microsoft.NETCore.App.Runtime.win-x64@9.0.16"}],"status":"fixed","timestamp":"2026-06-29T12:12:57.847992Z","vulnerability":{"name":"CVE-2026-45491"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.847998Z","products":[{"@id":"pkg:pypi/pip@26.0.1"}],"status":"fixed","timestamp":"2026-06-29T12:12:57.847998Z","vulnerability":{"name":"CVE-2026-6357"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.848004Z","products":[{"@id":"pkg:pypi/pip@26.0.1"}],"status":"fixed","timestamp":"2026-06-29T12:12:57.848004Z","vulnerability":{"name":"CVE-2026-3219"}},{"action_statement":"This vulnerability was fixed in: 7.80.3","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:39:18.154308Z","products":[{"@id":"pkg:golang/stdlib@1.25.10"}],"status":"affected","timestamp":"2026-06-29T12:12:57.681099Z","vulnerability":{"name":"CVE-2026-42504"}},{"action_statement":"This vulnerability was fixed in: 7.80.3","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:39:18.154331Z","products":[{"@id":"pkg:golang/stdlib@1.25.10"}],"status":"affected","timestamp":"2026-06-29T12:12:57.68162Z","vulnerability":{"name":"CVE-2026-27145"}},{"action_statement":"This vulnerability was fixed in: 7.80.3","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:39:18.154338Z","products":[{"@id":"pkg:golang/stdlib@1.25.10"}],"status":"affected","timestamp":"2026-06-29T12:12:57.682865Z","vulnerability":{"name":"CVE-2026-42507"}},{"action_statement":"This vulnerability was fixed in: 7.80.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"This is a false positive. The image ships embedded Python 3.13.14. Python 3.13.14 is the upstream release that contains the fix for this CVE, released 2026-06-09. The scanner is flagging the 3.13 branch without resolving the full patch version","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:22:21.179534Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"affected","timestamp":"2026-06-29T12:12:57.680554Z","vulnerability":{"name":"CVE-2026-7210"}},{"action_statement":"This vulnerability was fixed in: 7.80.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:22:21.179565Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"affected","timestamp":"2026-06-29T12:12:57.681412Z","vulnerability":{"name":"CVE-2026-7774"}},{"action_statement":"This vulnerability was fixed in: 7.80.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:22:21.179573Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"affected","timestamp":"2026-06-29T12:12:57.681976Z","vulnerability":{"name":"CVE-2026-9669"}},{"action_statement":"This vulnerability was fixed in: 7.80.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:22:21.179576Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"affected","timestamp":"2026-06-29T12:12:57.682105Z","vulnerability":{"name":"CVE-2026-3276"}},{"action_statement":"This vulnerability was fixed in: 7.80.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:22:21.179581Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"affected","timestamp":"2026-06-29T12:12:57.68263Z","vulnerability":{"name":"CVE-2026-8328"}},{"action_statement":"This vulnerability was fixed in: 7.80.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:22:21.179589Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"affected","timestamp":"2026-06-29T12:12:57.68427Z","vulnerability":{"name":"CVE-2026-6019"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.15214Z","impact_statement":"CVE-2018-10126 represents ZERO security risk to the Datadog Agent running on Ubuntu 24.04. Both Ubuntu and Debian security teams have assessed this as having no security impact, and the vulnerability cannot be reproduced in modern versions of the software.","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-06-29T12:11:37.15214Z","products":[{"@id":"pkg:deb/ubuntu/libjpeg-turbo8@2.1.5-2ubuntu2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libjpeg-turbo8@2.1.5-2ubuntu2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=libjpeg-turbo"},{"@id":"pkg:deb/ubuntu/libjpeg-turbo8@2.1.5-2ubuntu2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libjpeg-turbo8@2.1.5-2ubuntu2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=libjpeg-turbo"}],"status":"not_affected","timestamp":"2026-06-29T12:11:37.15214Z","vulnerability":{"name":"CVE-2018-10126"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.152763Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:11:37.152763Z","products":[{"@id":"pkg:deb/ubuntu/libgcrypt20@1.10.3-2ubuntu0.1?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgcrypt20@1.10.3-2ubuntu0.1?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T12:11:37.152763Z","vulnerability":{"name":"CVE-2024-2236"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.152813Z","impact_statement":"The Datadog Agent uses its significantly newer embedded OpenSSL, not the Ubuntu system OpenSSL package.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:11:37.152813Z","products":[{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.11?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.11?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.11?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"not_affected","timestamp":"2026-06-29T12:11:37.152813Z","vulnerability":{"name":"CVE-2024-41996"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.153424Z","impact_statement":"The image ships only perl-base (the minimal Perl interpreter) and does not include perl-modules or any other package that provides Archive::Tar.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:11:37.153424Z","products":[{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=perl"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=perl"}],"status":"not_affected","timestamp":"2026-06-29T12:11:37.153424Z","vulnerability":{"name":"CVE-2026-42496"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.153571Z","impact_statement":"The agent codebase is primarily Go which does not invoke glibc's stdio scanner, and all embedded C binaries and shared libraries do not contain occurrences of the %mc pattern. There is no reachable code path through which an attacker could supply input to the vulnerable glibc branch","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-06-29T12:11:37.153571Z","products":[{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"}],"status":"not_affected","timestamp":"2026-06-29T12:11:37.15357Z","vulnerability":{"name":"CVE-2026-5450"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.153793Z","impact_statement":"CVE-2026-9538 is a memory-exhaustion denial-of-service in Perl's Archive::Tar module. The Datadog Agent image ships only perl-base, the stripped-down Perl interpreter with no optional modules, and does not install the full perl or perl-modules packages that contain Archive::Tar.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:11:37.153793Z","products":[{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=perl"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=perl"}],"status":"not_affected","timestamp":"2026-06-29T12:11:37.153793Z","vulnerability":{"name":"CVE-2026-9538"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.153866Z","impact_statement":"Given the low risk of this vulnerability, since it requires repeated use of the system tar binary and the agent neither invokes /usr/bin/tar nor relies on it for archive handling, instead using Go’s safe archive/tar implementation with path protections, we propose to wait for an official fix from the vendor.","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-06-29T12:11:37.153866Z","products":[{"@id":"pkg:deb/ubuntu/tar@1.35%2Bdfsg-3build1?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/tar@1.35%2Bdfsg-3build1?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"not_affected","timestamp":"2026-06-29T12:11:37.153866Z","vulnerability":{"name":"CVE-2025-45582"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.153924Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:11:37.153924Z","products":[{"@id":"pkg:deb/ubuntu/tar@1.35%2Bdfsg-3build1?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/tar@1.35%2Bdfsg-3build1?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T12:11:37.153924Z","vulnerability":{"name":"CVE-2026-5704"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.154027Z","impact_statement":"The Datadog Agent image does not have Archive::Tar installed, only perl-base (the minimal Perl runtime) is present in the image","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:11:37.154027Z","products":[{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=perl"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=perl"}],"status":"not_affected","timestamp":"2026-06-29T12:11:37.154027Z","vulnerability":{"name":"CVE-2026-42497"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.154105Z","impact_statement":"CVE-2026-8376 only affects 32-bit Perl builds, but the image ships only perl-base on a 64-bit architecture, making the integer overflow mechanically impossible","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:11:37.154105Z","products":[{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=perl"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=perl"}],"status":"not_affected","timestamp":"2026-06-29T12:11:37.154105Z","vulnerability":{"name":"CVE-2026-8376"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.154191Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:11:37.154191Z","products":[{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=perl"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=perl"}],"status":"affected","timestamp":"2026-06-29T12:11:37.154191Z","vulnerability":{"name":"CVE-2026-12087"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.154525Z","impact_statement":"CVE-2026-48959 is a CPU exhaustion vulnerability in the Perl module IO::Uncompress::Unzip. The Agent ships only perl-base, the minimal Ubuntu Perl runtime, and does not install the libio-compress-perl package.","justification":"component_not_present","last_updated":"2026-06-29T12:11:37.154525Z","products":[{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=perl"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=perl"}],"status":"not_affected","timestamp":"2026-06-29T12:11:37.154525Z","vulnerability":{"name":"CVE-2026-48959"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.1546Z","impact_statement":"The ffmpeg-related packages identified in the scan are transitive dependencies introduced through the browser components used by the Synthetics worker. They are not directly invoked by Datadog application code, but are installed as part of the underlying operating system and Chrome dependencies required for browser-based test execution.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-06-29T12:11:37.1546Z","products":[{"@id":"pkg:deb/ubuntu/libelf1t64@0.190-1.1ubuntu0.1?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libelf1t64@0.190-1.1ubuntu0.1?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=elfutils"},{"@id":"pkg:deb/ubuntu/libelf1t64@0.190-1.1ubuntu0.1?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libelf1t64@0.190-1.1ubuntu0.1?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=elfutils"}],"status":"not_affected","timestamp":"2026-06-29T12:11:37.1546Z","vulnerability":{"name":"CVE-2025-1352"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.154683Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:11:37.154683Z","products":[{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"}],"status":"affected","timestamp":"2026-06-29T12:11:37.154683Z","vulnerability":{"name":"CVE-2026-4046"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.154952Z","impact_statement":"The agent's primary runtime (Go) does not use glibc wide character I/O functions, all Python processes run exclusively with UTF-8 encoding (which the NVD advisory explicitly excludes from the data-disclosure path)","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:11:37.154952Z","products":[{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"}],"status":"not_affected","timestamp":"2026-06-29T12:11:37.154952Z","vulnerability":{"name":"CVE-2026-5928"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.155155Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:11:37.155155Z","products":[{"@id":"pkg:deb/ubuntu/libpam0g@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libpam0g@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-modules@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libpam-modules@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-modules-bin@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libpam-modules-bin@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-runtime@1.5.3-5ubuntu5.5?arch=all\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libpam-runtime@1.5.3-5ubuntu5.5?arch=all\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam0g@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libpam0g@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-modules@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libpam-modules@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-modules-bin@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libpam-modules-bin@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=pam"}],"status":"affected","timestamp":"2026-06-29T12:11:37.155154Z","vulnerability":{"name":"CVE-2026-54411"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.155709Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:11:37.155709Z","products":[{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"}],"status":"affected","timestamp":"2026-06-29T12:11:37.155709Z","vulnerability":{"name":"CVE-2026-6238"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.155912Z","impact_statement":"The image ships only perl-base, a stripped-down package that provides only the bare Perl runtime needed by system init scripts, without any CPAN modules","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:11:37.155912Z","products":[{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=perl"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=perl"}],"status":"not_affected","timestamp":"2026-06-29T12:11:37.155911Z","vulnerability":{"name":"CVE-2026-48962"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.156136Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:11:37.156136Z","products":[{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"}],"status":"affected","timestamp":"2026-06-29T12:11:37.156136Z","vulnerability":{"name":"CVE-2026-4437"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.15634Z","impact_statement":"While the vulnerable libpam0g package is present in the Datadog Agent's Ubuntu base image, the Agent does not use PAM for authentication operations, making this vulnerability not exploitable in the Agent's context.","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-06-29T12:11:37.156339Z","products":[{"@id":"pkg:deb/ubuntu/libpam0g@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libpam0g@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-modules@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libpam-modules@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-modules-bin@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libpam-modules-bin@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-runtime@1.5.3-5ubuntu5.5?arch=all\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libpam-runtime@1.5.3-5ubuntu5.5?arch=all\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam0g@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libpam0g@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-modules@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libpam-modules@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-modules-bin@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libpam-modules-bin@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=pam"}],"status":"not_affected","timestamp":"2026-06-29T12:11:37.156339Z","vulnerability":{"name":"CVE-2024-10041"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.156607Z","impact_statement":"libio-compress-perl is not installed in the agent","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:11:37.156607Z","products":[{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=perl"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=perl"}],"status":"not_affected","timestamp":"2026-06-29T12:11:37.156607Z","vulnerability":{"name":"CVE-2026-48961"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.156698Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:11:37.156698Z","products":[{"@id":"pkg:deb/ubuntu/coreutils@9.4-3ubuntu6.2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/coreutils@9.4-3ubuntu6.2?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T12:11:37.156698Z","vulnerability":{"name":"CVE-2016-2781"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.156756Z","impact_statement":"infocmp is never invoked by the Datadog Agent at runtime. The attack requires local access, attacker-controlled terminfo entries, and user interaction.","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-06-29T12:11:37.156756Z","products":[{"@id":"pkg:deb/ubuntu/libncursesw6@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libncursesw6@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/libtinfo6@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libtinfo6@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/ncurses-base@6.4%2B20240113-1ubuntu2?arch=all\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/ncurses-base@6.4%2B20240113-1ubuntu2?arch=all\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/ncurses-bin@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/ncurses-bin@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/libncursesw6@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libncursesw6@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/libtinfo6@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libtinfo6@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/ncurses-bin@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/ncurses-bin@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"}],"status":"not_affected","timestamp":"2026-06-29T12:11:37.156756Z","vulnerability":{"name":"CVE-2025-69720"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.157Z","impact_statement":"While the vulnerable shadow-utils version is present, the critical exploitation tool (newuidmap) is NOT installed, making the vulnerability unexploitable. Additionally, container architecture eliminates all prerequisite conditions for exploitation.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:11:37.157Z","products":[{"@id":"pkg:deb/ubuntu/login@1%3A4.13%2Bdfsg1-4ubuntu3.2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=shadow"},{"@id":"pkg:deb/ubuntu/login@4.13%2Bdfsg1-4ubuntu3.2?arch=arm64\u0026distro=ubuntu-24.04\u0026epoch=1"},{"@id":"pkg:deb/ubuntu/passwd@1%3A4.13%2Bdfsg1-4ubuntu3.2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=shadow"},{"@id":"pkg:deb/ubuntu/passwd@4.13%2Bdfsg1-4ubuntu3.2?arch=arm64\u0026distro=ubuntu-24.04\u0026epoch=1"},{"@id":"pkg:deb/ubuntu/login@1%3A4.13%2Bdfsg1-4ubuntu3.2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=shadow"},{"@id":"pkg:deb/ubuntu/login@4.13%2Bdfsg1-4ubuntu3.2?arch=amd64\u0026distro=ubuntu-24.04\u0026epoch=1"},{"@id":"pkg:deb/ubuntu/passwd@1%3A4.13%2Bdfsg1-4ubuntu3.2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=shadow"},{"@id":"pkg:deb/ubuntu/passwd@4.13%2Bdfsg1-4ubuntu3.2?arch=amd64\u0026distro=ubuntu-24.04\u0026epoch=1"}],"status":"not_affected","timestamp":"2026-06-29T12:11:37.157Z","vulnerability":{"name":"CVE-2024-56433"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.157228Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:11:37.157228Z","products":[{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"}],"status":"affected","timestamp":"2026-06-29T12:11:37.157228Z","vulnerability":{"name":"CVE-2016-20013"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.157401Z","impact_statement":"CVE-2025-27587 is a Minerva-style timing side-channel in OpenSSL's EVP_DigestSign implementation on the P-384 elliptic curve, affecting versions 3.0.0–3.3.2 exclusively on PowerPC architecture and is not exploitable on amd64 or arm64. In addition, the Datadog Agent image embeddeds OpenSSL in a version well above the stated affected range.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:11:37.157401Z","products":[{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.11?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.11?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.11?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"not_affected","timestamp":"2026-06-29T12:11:37.157401Z","vulnerability":{"name":"CVE-2025-27587"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.157549Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:11:37.157549Z","products":[{"@id":"pkg:deb/ubuntu/libnss3@2%3A3.98-1ubuntu0.1?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=nss"},{"@id":"pkg:deb/ubuntu/libnss3@3.98-1ubuntu0.1?arch=arm64\u0026distro=ubuntu-24.04\u0026epoch=2"},{"@id":"pkg:deb/ubuntu/libnss3@2%3A3.98-1ubuntu0.1?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=nss"},{"@id":"pkg:deb/ubuntu/libnss3@3.98-1ubuntu0.1?arch=amd64\u0026distro=ubuntu-24.04\u0026epoch=2"}],"status":"affected","timestamp":"2026-06-29T12:11:37.157549Z","vulnerability":{"name":"CVE-2026-12318"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.157682Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:11:37.157682Z","products":[{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"}],"status":"affected","timestamp":"2026-06-29T12:11:37.157681Z","vulnerability":{"name":"CVE-2026-5435"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.157863Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:11:37.157863Z","products":[{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"}],"status":"affected","timestamp":"2026-06-29T12:11:37.157862Z","vulnerability":{"name":"CVE-2026-4438"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.158179Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:11:37.158179Z","products":[{"@id":"pkg:deb/ubuntu/gpgv@2.4.4-2ubuntu17.4?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/gpgv@2.4.4-2ubuntu17.4?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnupg2"},{"@id":"pkg:deb/ubuntu/gpgv@2.4.4-2ubuntu17.4?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/gpgv@2.4.4-2ubuntu17.4?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnupg2"}],"status":"affected","timestamp":"2026-06-29T12:11:37.158179Z","vulnerability":{"name":"CVE-2022-3219"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.158305Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:11:37.158305Z","products":[{"@id":"pkg:deb/ubuntu/libelf1t64@0.190-1.1ubuntu0.1?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libelf1t64@0.190-1.1ubuntu0.1?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=elfutils"},{"@id":"pkg:deb/ubuntu/libelf1t64@0.190-1.1ubuntu0.1?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libelf1t64@0.190-1.1ubuntu0.1?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=elfutils"}],"status":"affected","timestamp":"2026-06-29T12:11:37.158305Z","vulnerability":{"name":"CVE-2025-1376"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.158511Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:11:37.158511Z","products":[{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.11?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.11?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.11?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"under_investigation","timestamp":"2026-06-29T12:11:37.158511Z","vulnerability":{"name":"CVE-2026-11999"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.158734Z","impact_statement":"No Datadog Agent runtime code path invokes `sort` with any of the CVE conditions: all Go `sort` references are the in-memory standard library package, and the only system `sort` calls exist in build-time-only install scripts using simple `-r`/`-rn` flags on static, hardcoded inputs. Debian classifies this as \"unimportant\" (\"Crash in CLI tool, no security impact\") and Ubuntu as Low priority.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:11:37.158734Z","products":[{"@id":"pkg:deb/ubuntu/coreutils@9.4-3ubuntu6.2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/coreutils@9.4-3ubuntu6.2?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"not_affected","timestamp":"2026-06-29T12:11:37.158733Z","vulnerability":{"name":"CVE-2025-5278"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.158805Z","impact_statement":"The Datadog Agent image embeds only perl-base and does not install libio-compress-perl or perl-modules.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:11:37.158805Z","products":[{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=perl"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=perl"}],"status":"not_affected","timestamp":"2026-06-29T12:11:37.158805Z","vulnerability":{"name":"CVE-2025-15649"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.158952Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:11:37.158952Z","products":[{"@id":"pkg:deb/ubuntu/bsdutils@1%3A2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux%402.39.3-9ubuntu6.5"},{"@id":"pkg:deb/ubuntu/bsdutils@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026epoch=1"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/util-linux@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/bsdutils@1%3A2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux%402.39.3-9ubuntu6.5"},{"@id":"pkg:deb/ubuntu/bsdutils@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026epoch=1"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/util-linux@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T12:11:37.158952Z","vulnerability":{"name":"CVE-2026-27456"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.159974Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:11:37.159974Z","products":[{"@id":"pkg:deb/ubuntu/gpgv@2.4.4-2ubuntu17.4?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/gpgv@2.4.4-2ubuntu17.4?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnupg2"},{"@id":"pkg:deb/ubuntu/gpgv@2.4.4-2ubuntu17.4?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/gpgv@2.4.4-2ubuntu17.4?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnupg2"}],"status":"affected","timestamp":"2026-06-29T12:11:37.159974Z","vulnerability":{"name":"CVE-2026-57062"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.160036Z","impact_statement":"The Datadog Agent ships only libsystemd0, a shared utility library for client-side systemd APIs such as sd_notify. The journald daemon binary is entirely absent from the image.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:11:37.160036Z","products":[{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.16?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.16?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.16?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.16?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.16?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.16?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.16?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.16?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=systemd"}],"status":"not_affected","timestamp":"2026-06-29T12:11:37.160036Z","vulnerability":{"name":"CVE-2026-40228"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.160145Z","impact_statement":"tic is a terminfo compiler, a build/development tool that the Datadog Agent never invokes. It has no reverse dependencies in the image and the agent's runtime dependency graph never calls it. The vulnerable code path in postprocess_termcap is only reachable by running tic with a crafted input file, which the agent process never does.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-06-29T12:11:37.160145Z","products":[{"@id":"pkg:deb/ubuntu/libncursesw6@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libncursesw6@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/libtinfo6@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libtinfo6@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/ncurses-base@6.4%2B20240113-1ubuntu2?arch=all\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/ncurses-base@6.4%2B20240113-1ubuntu2?arch=all\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/ncurses-bin@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/ncurses-bin@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/libncursesw6@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libncursesw6@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/libtinfo6@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libtinfo6@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/ncurses-bin@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/ncurses-bin@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"}],"status":"not_affected","timestamp":"2026-06-29T12:11:37.160145Z","vulnerability":{"name":"CVE-2025-6141"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.160349Z","impact_statement":"The Datadog Agent performs bzip2 decompression exclusively through Go's built-in compress/bzip2 standard library package, a pure Go implementation that makes no calls to libbz2 or any system bzip2 binary.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:11:37.160349Z","products":[{"@id":"pkg:deb/ubuntu/libbz2-1.0@1.0.8-5.1build0.1?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libbz2-1.0@1.0.8-5.1build0.1?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=bzip2"},{"@id":"pkg:deb/ubuntu/libbz2-1.0@1.0.8-5.1build0.1?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libbz2-1.0@1.0.8-5.1build0.1?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=bzip2"}],"status":"not_affected","timestamp":"2026-06-29T12:11:37.160349Z","vulnerability":{"name":"CVE-2026-42250"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.16047Z","impact_statement":"While libbpf1 version 1.3.0-2build2 is installed and IS vulnerable, the Datadog Agent does not use libbpf. Additionally, the vulnerability is disputed by maintainers as it requires root privileges to trigger.","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-06-29T12:11:37.16047Z","products":[{"@id":"pkg:deb/ubuntu/libbpf1@1.3.0-2build2?arch=arm64\u0026distro=ubuntu-24.04\u0026epoch=1"},{"@id":"pkg:deb/ubuntu/libbpf1@1%3A1.3.0-2build2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=libbpf%401.3.0-2build2"},{"@id":"pkg:deb/ubuntu/libbpf1@1.3.0-2build2?arch=amd64\u0026distro=ubuntu-24.04\u0026epoch=1"},{"@id":"pkg:deb/ubuntu/libbpf1@1%3A1.3.0-2build2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=libbpf%401.3.0-2build2"}],"status":"not_affected","timestamp":"2026-06-29T12:11:37.16047Z","vulnerability":{"name":"CVE-2025-29481"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.160668Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:11:37.160668Z","products":[{"@id":"pkg:deb/ubuntu/bsdutils@1%3A2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux%402.39.3-9ubuntu6.5"},{"@id":"pkg:deb/ubuntu/bsdutils@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026epoch=1"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/util-linux@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/bsdutils@1%3A2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux%402.39.3-9ubuntu6.5"},{"@id":"pkg:deb/ubuntu/bsdutils@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026epoch=1"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/util-linux@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T12:11:37.160667Z","vulnerability":{"name":"CVE-2026-53612"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.160757Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:11:37.160757Z","products":[{"@id":"pkg:deb/ubuntu/bsdutils@1%3A2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux%402.39.3-9ubuntu6.5"},{"@id":"pkg:deb/ubuntu/bsdutils@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026epoch=1"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/util-linux@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/bsdutils@1%3A2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux%402.39.3-9ubuntu6.5"},{"@id":"pkg:deb/ubuntu/bsdutils@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026epoch=1"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/util-linux@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T12:11:37.160757Z","vulnerability":{"name":"CVE-2026-53613"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.16083Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:11:37.16083Z","products":[{"@id":"pkg:deb/ubuntu/bsdutils@1%3A2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux%402.39.3-9ubuntu6.5"},{"@id":"pkg:deb/ubuntu/bsdutils@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026epoch=1"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/util-linux@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/bsdutils@1%3A2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux%402.39.3-9ubuntu6.5"},{"@id":"pkg:deb/ubuntu/bsdutils@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026epoch=1"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/util-linux@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T12:11:37.16083Z","vulnerability":{"name":"CVE-2026-53614"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:11:37.160909Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:11:37.160909Z","products":[{"@id":"pkg:deb/ubuntu/bsdutils@1%3A2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux%402.39.3-9ubuntu6.5"},{"@id":"pkg:deb/ubuntu/bsdutils@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026epoch=1"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/util-linux@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/bsdutils@1%3A2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux%402.39.3-9ubuntu6.5"},{"@id":"pkg:deb/ubuntu/bsdutils@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026epoch=1"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/util-linux@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T12:11:37.160908Z","vulnerability":{"name":"CVE-2026-53615"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:11:37.308824Z","products":[{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.15?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.15?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.15?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.15?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.15?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.15?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.15?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.15?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=systemd"}],"status":"fixed","timestamp":"2026-06-29T12:11:37.308824Z","vulnerability":{"name":"CVE-2026-40226"}},{"action_statement":"This vulnerability was fixed in: 7.80.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:25:53.448252Z","products":[{"@id":"pkg:generic/openssl@3.5.6"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T12:11:37.152051Z","vulnerability":{"name":"CVE-2026-45447"}},{"action_statement":"This vulnerability was fixed in: 7.80.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:25:53.448281Z","products":[{"@id":"pkg:generic/openssl@3.5.6"}],"status":"affected","timestamp":"2026-06-29T12:11:37.152241Z","vulnerability":{"name":"CVE-2026-42764"}},{"action_statement":"This vulnerability was fixed in: 7.80.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:25:53.448288Z","products":[{"@id":"pkg:generic/openssl@3.5.6"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T12:11:37.15259Z","vulnerability":{"name":"CVE-2026-34180"}},{"action_statement":"This vulnerability was fixed in: 7.80.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:25:53.448291Z","products":[{"@id":"pkg:generic/openssl@3.5.6"}],"status":"affected","timestamp":"2026-06-29T12:11:37.152637Z","vulnerability":{"name":"CVE-2026-34183"}},{"action_statement":"This vulnerability was fixed in: 7.80.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:25:53.448295Z","products":[{"@id":"pkg:generic/openssl@3.5.6"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T12:11:37.15291Z","vulnerability":{"name":"CVE-2026-42766"}},{"action_statement":"This vulnerability was fixed in: 7.80.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:25:53.448303Z","products":[{"@id":"pkg:generic/openssl@3.5.6"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T12:11:37.153222Z","vulnerability":{"name":"CVE-2026-7383"}},{"action_statement":"This vulnerability was fixed in: 7.80.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:25:53.448315Z","products":[{"@id":"pkg:generic/openssl@3.5.6"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T12:11:37.153521Z","vulnerability":{"name":"CVE-2026-45445"}},{"action_statement":"This vulnerability was fixed in: 7.80.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:25:53.448319Z","products":[{"@id":"pkg:generic/openssl@3.5.6"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T12:11:37.153693Z","vulnerability":{"name":"CVE-2026-9076"}},{"action_statement":"This vulnerability was fixed in: 7.80.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:25:53.448323Z","products":[{"@id":"pkg:generic/openssl@3.5.6"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T12:11:37.153977Z","vulnerability":{"name":"CVE-2026-34182"}},{"action_statement":"This vulnerability was fixed in: 7.80.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:25:53.448327Z","products":[{"@id":"pkg:generic/openssl@3.5.6"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T12:11:37.154466Z","vulnerability":{"name":"CVE-2026-42767"}},{"action_statement":"This vulnerability was fixed in: 7.80.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:25:53.448332Z","products":[{"@id":"pkg:generic/openssl@3.5.6"}],"status":"affected","timestamp":"2026-06-29T12:11:37.156073Z","vulnerability":{"name":"CVE-2026-34181"}},{"action_statement":"This vulnerability was fixed in: 7.80.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:25:53.448335Z","products":[{"@id":"pkg:generic/openssl@3.5.6"}],"status":"affected","timestamp":"2026-06-29T12:11:37.156295Z","vulnerability":{"name":"CVE-2026-42769"}},{"action_statement":"This vulnerability was fixed in: 7.80.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:25:53.448344Z","products":[{"@id":"pkg:generic/openssl@3.5.6"}],"status":"affected","timestamp":"2026-06-29T12:11:37.157159Z","vulnerability":{"name":"CVE-2026-42768"}},{"action_statement":"This vulnerability was fixed in: 7.80.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:25:53.44835Z","products":[{"@id":"pkg:generic/openssl@3.5.6"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T12:11:37.157621Z","vulnerability":{"name":"CVE-2026-45446"}},{"action_statement":"This vulnerability was fixed in: 7.80.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:25:53.448357Z","products":[{"@id":"pkg:generic/openssl@3.5.6"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T12:11:37.158256Z","vulnerability":{"name":"CVE-2026-42770"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:03:08.737012Z","impact_statement":"The agent uses Java for JMXFetch which runs only trusted, administrator-installed code to gather metrics from JMX-enabled applications making the exploitation scenario described in this CVE inapplicable to the agent's use case.","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-06-29T12:03:08.737011Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"not_affected","timestamp":"2026-06-29T12:03:08.737011Z","vulnerability":{"name":"CVE-2025-30749"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:03:08.737397Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:03:08.737397Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-06-29T12:03:08.737397Z","vulnerability":{"name":"CVE-2025-21587"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:03:08.737442Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:03:08.737442Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-06-29T12:03:08.737442Z","vulnerability":{"name":"CVE-2025-50106"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:03:08.737497Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:03:08.737497Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-06-29T12:03:08.737497Z","vulnerability":{"name":"CVE-2025-21502"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:03:08.73754Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:03:08.737538Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-06-29T12:03:08.737538Z","vulnerability":{"name":"CVE-2025-53066"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:03:08.738102Z","impact_statement":"Oracle's advisory explicitly exempts server-side Java deployments running trusted code and the Datadog Agent JMX fetcher is a server-side process running only the trusted jmxfetch.jar","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-06-29T12:03:08.738102Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"not_affected","timestamp":"2026-06-29T12:03:08.738102Z","vulnerability":{"name":"CVE-2026-21945"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:03:08.738178Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:03:08.738178Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-06-29T12:03:08.738178Z","vulnerability":{"name":"CVE-2025-50059"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:03:08.73891Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:03:08.73891Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-06-29T12:03:08.738909Z","vulnerability":{"name":"CVE-2025-30761"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:03:08.739216Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:03:08.739216Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-06-29T12:03:08.739215Z","vulnerability":{"name":"CVE-2025-30698"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:03:08.739275Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:03:08.739275Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-06-29T12:03:08.739275Z","vulnerability":{"name":"CVE-2026-22016"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:03:08.739315Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:03:08.739315Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-06-29T12:03:08.739315Z","vulnerability":{"name":"CVE-2025-53057"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:03:08.73955Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:03:08.739549Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-06-29T12:03:08.739549Z","vulnerability":{"name":"CVE-2026-34282"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:03:08.740195Z","impact_statement":"Oracle advisory explicitly excludes server deployments; AWT/JavaFX not used; UI:R unsatisfiable","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-06-29T12:03:08.740195Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"not_affected","timestamp":"2026-06-29T12:03:08.740195Z","vulnerability":{"name":"CVE-2026-21932"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:03:08.740221Z","impact_statement":"The Datadog Agent does not load or run untrusted Java code and is not a sandboxed Java runtime for customer applications. Accordingly, under normal and supported usage, Datadog has identified no viable exploit path for these vulnerabilities","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-06-29T12:03:08.740221Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"not_affected","timestamp":"2026-06-29T12:03:08.740221Z","vulnerability":{"name":"CVE-2025-30754"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:03:08.740669Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:03:08.740668Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-06-29T12:03:08.740668Z","vulnerability":{"name":"CVE-2026-22021"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:03:08.741092Z","impact_statement":"The UI:R (user interaction required) prerequisite is structurally unsatisfiable in a containerized agent service, and the attack path described targets sandboxed client deployments","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-06-29T12:03:08.741092Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"not_affected","timestamp":"2026-06-29T12:03:08.741092Z","vulnerability":{"name":"CVE-2026-21933"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:03:08.741129Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:03:08.741128Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-06-29T12:03:08.741128Z","vulnerability":{"name":"CVE-2026-22013"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:03:08.741819Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:03:08.741819Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-06-29T12:03:08.741819Z","vulnerability":{"name":"CVE-2026-21925"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:03:08.741924Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:03:08.741924Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-06-29T12:03:08.741924Z","vulnerability":{"name":"CVE-2026-22018"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:03:08.742182Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:03:08.742182Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-06-29T12:03:08.742182Z","vulnerability":{"name":"CVE-2026-23865"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:03:08.742647Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:03:08.742647Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-06-29T12:03:08.742646Z","vulnerability":{"name":"CVE-2026-22007"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:03:08.74275Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:03:08.74275Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-06-29T12:03:08.742749Z","vulnerability":{"name":"CVE-2026-34268"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:16:16.181177Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"fixed","timestamp":"2026-06-29T12:16:16.181177Z","vulnerability":{"name":"CVE-2020-11656"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:16:16.181181Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"fixed","timestamp":"2026-06-29T12:16:16.181181Z","vulnerability":{"name":"CVE-2018-20506"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:16:16.181185Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"fixed","timestamp":"2026-06-29T12:16:16.181184Z","vulnerability":{"name":"CVE-2019-19646"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:16:16.181187Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"fixed","timestamp":"2026-06-29T12:16:16.181187Z","vulnerability":{"name":"CVE-2018-20505"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:16:16.18119Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"fixed","timestamp":"2026-06-29T12:16:16.18119Z","vulnerability":{"name":"CVE-2020-11655"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:16:16.181193Z","products":[{"@id":"pkg:nuget/System.Drawing.Common@5.0.0"}],"status":"fixed","timestamp":"2026-06-29T12:16:16.181193Z","vulnerability":{"name":"CVE-2021-24112"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:16:16.181196Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"fixed","timestamp":"2026-06-29T12:16:16.181196Z","vulnerability":{"name":"CVE-2019-16168"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:16:16.181198Z","products":[{"@id":"pkg:nuget/System.Formats.Asn1@5.0.0"}],"status":"fixed","timestamp":"2026-06-29T12:16:16.181198Z","vulnerability":{"name":"CVE-2024-38095"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:16:16.181201Z","products":[{"@id":"pkg:nuget/System.Security.Cryptography.Xml@5.0.0"}],"status":"fixed","timestamp":"2026-06-29T12:16:16.181201Z","vulnerability":{"name":"CVE-2022-34716"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:16:16.181204Z","products":[{"@id":"pkg:nuget/System.Data.SqlClient@4.8.2"}],"status":"fixed","timestamp":"2026-06-29T12:16:16.181204Z","vulnerability":{"name":"CVE-2024-0056"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:16:16.181208Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"fixed","timestamp":"2026-06-29T12:16:16.181208Z","vulnerability":{"name":"CVE-2023-7104"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:16:16.181213Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"fixed","timestamp":"2026-06-29T12:16:16.181213Z","vulnerability":{"name":"CVE-2020-13630"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:16:16.181217Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"fixed","timestamp":"2026-06-29T12:16:16.181217Z","vulnerability":{"name":"CVE-2020-15358"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:16:16.181221Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"fixed","timestamp":"2026-06-29T12:16:16.181221Z","vulnerability":{"name":"CVE-2020-13434"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:16:16.181226Z","products":[{"@id":"pkg:nuget/System.Data.SqlClient@4.8.2"}],"status":"fixed","timestamp":"2026-06-29T12:16:16.181226Z","vulnerability":{"name":"CVE-2022-41064"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:16:16.181248Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"fixed","timestamp":"2026-06-29T12:16:16.181248Z","vulnerability":{"name":"CVE-2020-13435"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:16:16.181251Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"fixed","timestamp":"2026-06-29T12:16:16.181251Z","vulnerability":{"name":"CVE-2020-13631"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:16:16.181255Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"fixed","timestamp":"2026-06-29T12:16:16.181255Z","vulnerability":{"name":"CVE-2020-13632"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:16:16.181258Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"fixed","timestamp":"2026-06-29T12:16:16.181258Z","vulnerability":{"name":"CVE-2019-19645"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:16:16.181261Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"},{"@id":"pkg:generic/sqlite@3.43.2"}],"status":"fixed","timestamp":"2026-06-29T12:16:16.18126Z","vulnerability":{"name":"CVE-2025-70873"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:16:16.181153Z","products":[{"@id":"pkg:nuget/System.DirectoryServices.Protocols@5.0.0"}],"status":"fixed","timestamp":"2026-06-29T12:16:16.181153Z","vulnerability":{"name":"CVE-2021-41355"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:16:16.181156Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"fixed","timestamp":"2026-06-29T12:16:16.181156Z","vulnerability":{"name":"CVE-2022-35737"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:16:16.181162Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"fixed","timestamp":"2026-06-29T12:16:16.181161Z","vulnerability":{"name":"CVE-2018-20346"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:16:16.181104Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"},{"@id":"pkg:generic/sqlite@3.43.2"}],"status":"fixed","timestamp":"2026-06-29T12:16:16.181104Z","vulnerability":{"name":"CVE-2025-6965"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:16:16.181141Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"fixed","timestamp":"2026-06-29T12:16:16.181141Z","vulnerability":{"name":"CVE-2019-8457"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:16:16.181146Z","products":[{"@id":"pkg:nuget/System.Text.Encodings.Web@5.0.0"}],"status":"fixed","timestamp":"2026-06-29T12:16:16.181146Z","vulnerability":{"name":"CVE-2021-26701"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:16:16.181149Z","products":[{"@id":"pkg:nuget/Newtonsoft.Json@12.0.3"}],"status":"fixed","timestamp":"2026-06-29T12:16:16.181149Z","vulnerability":{"name":"CVE-2024-21907"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:39:01.22837Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:39:01.22837Z","products":[{"@id":"pkg:deb/ubuntu/libgssapi-krb5-2@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgssapi-krb5-2@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libk5crypto3@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libk5crypto3@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5-3@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libkrb5-3@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5support0@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libkrb5support0@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libgssapi-krb5-2@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgssapi-krb5-2@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libk5crypto3@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libk5crypto3@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5-3@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libkrb5-3@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5support0@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libkrb5support0@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"}],"status":"affected","timestamp":"2026-06-29T12:39:01.228369Z","vulnerability":{"name":"CVE-2026-40355"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:39:01.228518Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:39:01.228518Z","products":[{"@id":"pkg:deb/ubuntu/libgssapi-krb5-2@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgssapi-krb5-2@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libk5crypto3@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libk5crypto3@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5-3@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libkrb5-3@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5support0@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libkrb5support0@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libgssapi-krb5-2@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgssapi-krb5-2@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libk5crypto3@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libk5crypto3@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5-3@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libkrb5-3@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5support0@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libkrb5support0@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"}],"status":"affected","timestamp":"2026-06-29T12:39:01.228518Z","vulnerability":{"name":"CVE-2026-40356"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:39:01.229787Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:39:01.229787Z","products":[{"@id":"pkg:deb/ubuntu/libgssapi-krb5-2@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgssapi-krb5-2@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libk5crypto3@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libk5crypto3@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5-3@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libkrb5-3@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5support0@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libkrb5support0@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libgssapi-krb5-2@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgssapi-krb5-2@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libk5crypto3@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libk5crypto3@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5-3@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libkrb5-3@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5support0@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libkrb5support0@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"}],"status":"affected","timestamp":"2026-06-29T12:39:01.229787Z","vulnerability":{"name":"CVE-2026-11850"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:39:01.231462Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:39:01.231462Z","products":[{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"affected","timestamp":"2026-06-29T12:39:01.231462Z","vulnerability":{"name":"CVE-2026-11856"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:39:01.23149Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:39:01.23149Z","products":[{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"affected","timestamp":"2026-06-29T12:39:01.23149Z","vulnerability":{"name":"CVE-2026-8927"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:39:01.232298Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:39:01.232298Z","products":[{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"affected","timestamp":"2026-06-29T12:39:01.232298Z","vulnerability":{"name":"CVE-2026-10536"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:39:01.232326Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:39:01.232326Z","products":[{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"affected","timestamp":"2026-06-29T12:39:01.232326Z","vulnerability":{"name":"CVE-2026-12064"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:39:01.232355Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:39:01.232355Z","products":[{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"affected","timestamp":"2026-06-29T12:39:01.232355Z","vulnerability":{"name":"CVE-2026-8286"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:39:01.232385Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:39:01.232385Z","products":[{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"affected","timestamp":"2026-06-29T12:39:01.232385Z","vulnerability":{"name":"CVE-2026-8458"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:39:01.232414Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:39:01.232414Z","products":[{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"affected","timestamp":"2026-06-29T12:39:01.232413Z","vulnerability":{"name":"CVE-2026-8924"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:39:01.232439Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:39:01.232439Z","products":[{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"affected","timestamp":"2026-06-29T12:39:01.232439Z","vulnerability":{"name":"CVE-2026-8932"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T12:39:01.232495Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:39:01.232495Z","products":[{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"affected","timestamp":"2026-06-29T12:39:01.232495Z","vulnerability":{"name":"CVE-2026-9547"}}],"timestamp":"2026-06-11T12:53:01.959228909Z","tooling":"","version":13}