{ "document": { "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this portal to enhance access to its information and vulnerabilities. The use of this information is subject to the following terms and conditions:\n\nThe vulnerabilities disclosed in this portal are gathered by NCSC-NL from a variety of open sources, which the user can retrieve from other platforms. NCSC-NL makes every reasonable effort to ensure that the content of this portal is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or real-time keeping up-to-date. NCSC-NL does not control nor guarantee the accuracy, relevance, timeliness or completeness of information obtained from these external sources. The vulnerabilities disclosed in this portal are intended solely for the convenience of professional parties to take appropriate measures to manage the risks posed to the cybersecurity. No rights can be derived from the information provided therein.\n\nNCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of the vulnerabilities disclosed in this portal. This includes damage resulting from the inaccuracy of incompleteness of the information contained in it.\nThe information on this page is subject to Dutch law. All disputes related to or arising from the use of this portal regarding the disclosure of vulnerabilities will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "National Cyber Security Centre", "namespace": "https://www.ncsc.nl/" }, "title": "CVE-2026-27896", "tracking": { "current_release_date": "2026-03-28T18:48:04.510670Z", "generator": { "date": "2026-02-17T15:00:00Z", "engine": { "name": "V.E.L.M.A", "version": "1.7" } }, "id": "CVE-2026-27896", "initial_release_date": "2026-02-26T01:25:10.378565Z", "revision_history": [ { "date": "2026-02-26T01:25:10.378565Z", "number": "1", "summary": "CVE created.| Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (2).| CWES updated (1)." }, { "date": "2026-02-26T01:25:21.187670Z", "number": "2", "summary": "NCSC Score created." }, { "date": "2026-02-26T01:39:07.325098Z", "number": "3", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products created (1).| References created (2).| CWES updated (1)." }, { "date": "2026-02-26T01:39:15.048455Z", "number": "4", "summary": "NCSC Score updated." }, { "date": "2026-02-26T07:35:13.715103Z", "number": "5", "summary": "NCSC Score updated." }, { "date": "2026-02-26T11:46:54.671167Z", "number": "6", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (4).| CWES updated (1)." }, { "date": "2026-02-26T11:46:59.951177Z", "number": "7", "summary": "NCSC Score updated." }, { "date": "2026-02-26T14:13:27.067577Z", "number": "8", "summary": "Source created.| CVE status created. (valid)| EPSS created." }, { "date": "2026-02-26T14:13:28.927533Z", "number": "9", "summary": "NCSC Score updated." }, { "date": "2026-02-26T17:43:02.720499Z", "number": "10", "summary": "Unknown change." }, { "date": "2026-02-26T22:39:39.472565Z", "number": "11", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (4).| CWES updated (1)." }, { "date": "2026-02-26T22:39:42.980581Z", "number": "12", "summary": "NCSC Score updated." }, { "date": "2026-02-27T06:12:38.648655Z", "number": "13", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products created (1).| References created (3).| CWES updated (1)." }, { "date": "2026-02-28T00:27:40.119143Z", "number": "14", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products connected (12).| Product Identifiers created (4).| Product Remediations created (14).| Products created (2).| References created (4).| CWES updated (1).| Vendor_assessment created." }, { "date": "2026-02-28T00:27:49.191500Z", "number": "15", "summary": "NCSC Score updated." }, { "date": "2026-03-02T11:50:28.103929Z", "number": "16", "summary": "Products created (18)." }, { "date": "2026-03-03T14:28:35.814707Z", "number": "17", "summary": "Products removed (18)." }, { "date": "2026-03-20T09:39:32.411852Z", "number": "18", "summary": "Source connected.| CVE status created. (valid)| EPSS created." }, { "date": "2026-03-20T09:39:34.869929Z", "number": "19", "summary": "NCSC Score updated." }, { "date": "2026-03-25T18:15:24.155891Z", "number": "20", "summary": "Source created.| CVE status created. (valid)| Description created for source.| References created (3)." }, { "date": "2026-03-25T18:15:26.319152Z", "number": "21", "summary": "NCSC Score updated." }, { "date": "2026-03-28T18:47:56.970410Z", "number": "22", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products created (2).| References created (5).| CWES updated (1)." }, { "date": "2026-03-28T18:47:59.047480Z", "number": "23", "summary": "NCSC Score updated." } ], "status": "interim", "version": "23" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:rpm/2", "product": { "name": "vers:rpm/2", "product_id": "CSAFPID-1919968", "product_identification_helper": { "cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2" } } } ], "category": "product_name", "name": "Migration Toolkit for Virtualization" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-2524222", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_lightspeed" } } } ], "category": "product_name", "name": "OpenShift Lightspeed" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/1", "product": { "name": "vers:rpm/1", "product_id": "CSAFPID-1441076", "product_identification_helper": { "cpe": "cpe:/a:redhat:serverless:1" } } } ], "category": "product_name", "name": "OpenShift Serverless" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-1439279", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_ai" } } } ], "category": "product_name", "name": "Red Hat OpenShift AI (RHOAI)" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5597158" } } ], "category": "product_name", "name": "kn-client-kn-rhel9" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5207394" } } ], "category": "product_name", "name": "kn-plugin-func-func-util-rhel9" } ], "category": "product_family", "name": "OpenShift Serverless" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-1496183" } } ], "category": "product_name", "name": "mtv-api-rhel9" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5736836" } } ], "category": "product_name", "name": "mtv-cli-download-rhel9" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-2485095" } } ], "category": "product_name", "name": "mtv-controller-rhel9" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5736837" } } ], "category": "product_name", "name": "mtv-operator-bundle" } ], "category": "product_family", "name": "Migration Toolkit for Virtualization" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-2933419" } } ], "category": "product_name", "name": "odh-dashboard-rhel9" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5222758" } } ], "category": "product_name", "name": "odh-mod-arch-gen-ai-rhel9" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5157328" } } ], "category": "product_name", "name": "odh-mod-arch-model-registry-rhel9" } ], "category": "product_family", "name": "Red Hat OpenShift AI (RHOAI)" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5157306" } } ], "category": "product_name", "name": "openshift-mcp-server-rhel9" } ], "category": "product_family", "name": "OpenShift Lightspeed" } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/<1.3.1", "product": { "name": "vers:unknown/<1.3.1", "product_id": "CSAFPID-5723449" } }, { "category": "product_version_range", "name": "vers:unknown/>=0|<1.3.1", "product": { "name": "vers:unknown/>=0|<1.3.1", "product_id": "CSAFPID-5734389" } } ], "category": "product_name", "name": "go-sdk" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/1.3.1", "product": { "name": "vers:unknown/1.3.1", "product_id": "CSAFPID-5958885" } }, { "category": "product_version_range", "name": "vers:unknown/<1.3.1", "product": { "name": "vers:unknown/<1.3.1", "product_id": "CSAFPID-5958886" } } ], "category": "product_name", "name": "go/github.com/modelcontextprotocol/go-sdk" } ], "category": "vendor", "name": "modelcontextprotocol" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-27896", "cwe": { "id": "CWE-178", "name": "Improper Handling of Case Sensitivity" }, "notes": [ { "category": "description", "text": "The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:\"method\" would also match \"Method\", \"METHOD\", etc. This violated the JSON-RPC 2.0 specification, which defines exact field names. A malicious MCP peer may have been able to send protocol messages with non-standard field casing that the SDK would silently accept. This had the potential for bypassing intermediary inspection and coss-implementation inconsistency. Go's standard JSON unmarshaling was replaced with a case-sensitive decoder in commit 7b8d81c. Users are advised to update to v1.3.1 to resolve this issue.", "title": "cveprojectv5 - https://www.cve.org/CVERecord?id=CVE-2026-27896" }, { "category": "description", "text": "The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:\"method\" would also match \"Method\", \"METHOD\", etc. This violated the JSON-RPC 2.0 specification, which defines exact field names. A malicious MCP peer may have been able to send protocol messages with non-standard field casing that the SDK would silently accept. This had the potential for bypassing intermediary inspection and coss-implementation inconsistency. Go's standard JSON unmarshaling was replaced with a case-sensitive decoder in commit 7b8d81c. Users are advised to update to v1.3.1 to resolve this issue.", "title": "nvd - https://nvd.nist.gov/vuln/detail/CVE-2026-27896" }, { "category": "description", "text": "The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:\"method\" would also match \"Method\", \"METHOD\", etc. This violated the JSON-RPC 2.0 specification, which defines exact field names. A malicious MCP peer may have been able to send protocol messages with non-standard field casing that the SDK would silently accept. This had the potential for bypassing intermediary inspection and coss-implementation inconsistency. Go's standard JSON unmarshaling was replaced with a case-sensitive decoder in commit 7b8d81c. Users are advised to update to v1.3.1 to resolve this issue.", "title": "osv - https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/GIT%2FCVE-2026-27896.json?alt=media" }, { "category": "description", "text": "The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:\"method\" would also match \"Method\", \"METHOD\", etc. Additionally, Go's standard library folds the Unicode characters ſ (U+017F) and K (U+212A) to their ASCII equivalents s and k, meaning fields like \"paramſ\" would match \"params\". This violated the JSON-RPC 2.0 specification, which defines exact field names.\n\n#### Impact:\n\nA malicious MCP peer may have been able to send protocol messages with non-standard field casing (e.g., \"Method\" instead of \"method\") that the SDK would silently accept. This had the potential for:\n - **Bypassing intermediary inspection:** Proxies or policy layers that matched on exact field names may have failed to detect or filter these messages.\n - **Cross-implementation inconsistency:** Other MCP SDKs (TypeScript, Python) use case-sensitive parsing and would reject the same messages, creating potential security-boundary confusion.\n\n#### Fix:\n\nGo's standard JSON unmarshaling was replaced with a case-sensitive decoder (github.com/segmentio/encoding) in commit 7b8d81c. Users are advised to update to v1.3.1 to resolve this issue.\n\n#### Credits:\nMCP Go SDK thanks Francesco Lacerenza (Doyensec) for reporting this issue.", "title": "github - https://github.com/advisories/GHSA-wvj2-96wp-fq3f" }, { "category": "description", "text": "The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:\"method\" would also match \"Method\", \"METHOD\", etc. Additionally, Go's standard library folds the Unicode characters ſ (U+017F) and K (U+212A) to their ASCII equivalents s and k, meaning fields like \"paramſ\" would match \"params\". This violated the JSON-RPC 2.0 specification, which defines exact field names.\n\n#### Impact:\n\nA malicious MCP peer may have been able to send protocol messages with non-standard field casing (e.g., \"Method\" instead of \"method\") that the SDK would silently accept. This had the potential for:\n - **Bypassing intermediary inspection:** Proxies or policy layers that matched on exact field names may have failed to detect or filter these messages.\n - **Cross-implementation inconsistency:** Other MCP SDKs (TypeScript, Python) use case-sensitive parsing and would reject the same messages, creating potential security-boundary confusion.\n\n#### Fix:\n\nGo's standard JSON unmarshaling was replaced with a case-sensitive decoder (github.com/segmentio/encoding) in commit 7b8d81c. Users are advised to update to v1.3.1 to resolve this issue.\n\n#### Credits:\nMCP Go SDK thanks Francesco Lacerenza (Doyensec) for reporting this issue.", "title": "osv - https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/Go%2FGHSA-wvj2-96wp-fq3f.json?alt=media" }, { "category": "description", "text": "The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:\"method\" would also match \"Method\", \"METHOD\", etc. This violated the JSON-RPC 2.0 specification, which defines exact field names. A malicious MCP peer may have been able to send protocol messages with non-standard field casing that the SDK would silently accept. This had the potential for bypassing intermediary inspection and coss-implementation inconsistency. Go's standard JSON unmarshaling was replaced with a case-sensitive decoder in commit 7b8d81c. Users are advised to update to v1.3.1 to resolve this issue.\nA flaw was found in the Go MCP SDK. This issue occurs due to an improper handling of case sensitivity during JSON-RPC message parsing, specifically in the matching of JSON keys to struct field tags. This behavior violates the JSON-RPC 2.0 specification, which explicitly requires case-sensitive field name matching. A malicious MCP peer able to send protocol messages with non-standard field casing can potentially bypass intermediary inspection, allowing attackers to smuggle payloads past upstream filters and cause cross-implementation inconsistency.\nThis issue is only exploitable in MCP Go SDK backends deployed behind an intermediary security control, like a WAF, inspection proxy or strict firewall that enforces the JSON-RPC 2.0 specification. This vulnerability allows an attacker to bypass the upstream filter and deliver a message to the backend. However, the attacker is still constrained by the normal business logic of the application and cannot cause memory access, arbitrary command execution or grant database administrative rights. Due to these reasons, this flaw has been rated with an important severity.", "title": "redhat - https://access.redhat.com/security/cve/CVE-2026-27896" }, { "category": "description", "text": "MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity in github.com/modelcontextprotocol/go-sdk", "title": "osv - https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/Go%2FGO-2026-4569.json?alt=media" }, { "category": "description", "text": "The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:\"method\" would also match \"Method\", \"METHOD\", etc. Additionally, Go's standard library folds the Unicode characters ſ (U+017F) and K (U+212A) to their ASCII equivalents s and k, meaning fields like \"paramſ\" would match \"params\". This violated the JSON-RPC 2.0 specification, which defines exact field names.", "title": "gitlab - https://gitlab.com/api/v4/projects/25847700/repository/files/go%2Fgithub.com%2Fmodelcontextprotocol%2Fgo-sdk%2FCVE-2026-27896.yml/raw" }, { "category": "other", "text": "0.00064", "title": "EPSS" }, { "category": "other", "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "title": "CVSSV4" }, { "category": "other", "text": "7.0", "title": "CVSSV4 base score" }, { "category": "other", "text": "4.2", "title": "NCSC Score" }, { "category": "other", "text": "Is related to an uncommon cwe id", "title": "NCSC Score top increasing factors" }, { "category": "other", "text": "There is cwe data available from source Nvd, The value of the most recent EPSS score", "title": "NCSC Score top decreasing factors" }, { "category": "details", "text": "Severity: 3\n", "title": "Vendor assessment" } ], "product_status": { "fixed": [ "CSAFPID-5958885" ], "known_affected": [ "CSAFPID-5723449", "CSAFPID-5734389", "CSAFPID-1439279", "CSAFPID-1441076", "CSAFPID-1496183", "CSAFPID-1919968", "CSAFPID-2485095", "CSAFPID-2524222", "CSAFPID-2933419", "CSAFPID-5157306", "CSAFPID-5157328", "CSAFPID-5207394", "CSAFPID-5222758", "CSAFPID-5597158", "CSAFPID-5736836", "CSAFPID-5736837", "CSAFPID-5958886" ] }, "references": [ { "category": "external", "summary": "Source - nvd", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27896" }, { "category": "external", "summary": "Source raw - nvd", "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-27896" }, { "category": "external", "summary": "Source - cveprojectv5", "url": "https://www.cve.org/CVERecord?id=CVE-2026-27896" }, { "category": "external", "summary": "Source raw - cveprojectv5", "url": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/27xxx/CVE-2026-27896.json" }, { "category": "external", "summary": "Source - osv", "url": "https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/GIT%2FCVE-2026-27896.json?alt=media" }, { "category": "external", "summary": "Source - first", "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27896" }, { "category": "external", "summary": "Source raw - first", "url": "https://api.first.org/data/v1/epss?limit=10000&offset=0" }, { "category": "external", "summary": "Source - github", "url": "https://github.com/advisories/GHSA-wvj2-96wp-fq3f" }, { "category": "external", "summary": "Source raw - github", "url": "https://api.github.com/advisories/GHSA-wvj2-96wp-fq3f" }, { "category": "external", "summary": "Source - osv", "url": "https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/Go%2FGHSA-wvj2-96wp-fq3f.json?alt=media" }, { "category": "external", "summary": "Source - redhat", "url": "https://access.redhat.com/security/cve/CVE-2026-27896" }, { "category": "external", "summary": "Source raw - redhat", "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27896.json" }, { "category": "external", "summary": "Source - first", "url": "https://api.first.org/data/v1/epss?limit=10000&offset=0" }, { "category": "external", "summary": "Source - osv", "url": "https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/Go%2FGO-2026-4569.json?alt=media" }, { "category": "external", "summary": "Source - gitlab", "url": "https://gitlab.com/api/v4/projects/25847700/repository/files/go%2Fgithub.com%2Fmodelcontextprotocol%2Fgo-sdk%2FCVE-2026-27896.yml/raw" }, { "category": "external", "summary": "Reference - cveprojectv5; github; gitlab; nvd; osv; redhat", "url": "https://github.com/modelcontextprotocol/go-sdk/commit/7b8d81c264074404abdf5aa16e2cf0c2d9c64cc0" }, { "category": "external", "summary": "Reference - cveprojectv5; github; gitlab; nvd; osv; redhat", "url": "https://github.com/modelcontextprotocol/go-sdk/security/advisories/GHSA-wvj2-96wp-fq3f" }, { "category": "external", "summary": "Reference - osv", "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/27xxx/CVE-2026-27896.json" }, { "category": "external", "summary": "Reference - github; gitlab; osv; redhat", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27896" }, { "category": "external", "summary": "Reference - github; gitlab", "url": "https://github.com/advisories/GHSA-wvj2-96wp-fq3f" }, { "category": "external", "summary": "Reference - redhat", "url": "https://www.cve.org/CVERecord?id=CVE-2026-27896" }, { "category": "external", "summary": "Reference - gitlab", "url": "https://github.com/modelcontextprotocol/go-sdk" } ], "remediations": [ { "category": "mitigation", "details": "To mitigate this flaw, strictly enforce JSON-RPC case sensitivity before payload processing or harden upstream WAF and proxy rules to explicitly block improperly cased requests at the network edge.", "product_ids": [ "CSAFPID-1439279", "CSAFPID-1441076", "CSAFPID-1496183", "CSAFPID-1919968", "CSAFPID-2485095", "CSAFPID-2524222", "CSAFPID-2933419", "CSAFPID-5157306", "CSAFPID-5157328", "CSAFPID-5207394", "CSAFPID-5222758", "CSAFPID-5597158", "CSAFPID-5736836", "CSAFPID-5736837" ] } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "baseScore": 9.1, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1439279", "CSAFPID-1441076", "CSAFPID-1496183", "CSAFPID-1919968", "CSAFPID-2485095", "CSAFPID-2524222", "CSAFPID-2933419", "CSAFPID-5157306", "CSAFPID-5157328", "CSAFPID-5207394", "CSAFPID-5222758", "CSAFPID-5597158", "CSAFPID-5723449", "CSAFPID-5734389", "CSAFPID-5736836", "CSAFPID-5736837", "CSAFPID-5958886" ] } ], "title": "CVE-2026-27896" } ] }