{ "document": { "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this portal to enhance access to its information and vulnerabilities. The use of this information is subject to the following terms and conditions:\n\nThe vulnerabilities disclosed in this portal are gathered by NCSC-NL from a variety of open sources, which the user can retrieve from other platforms. NCSC-NL makes every reasonable effort to ensure that the content of this portal is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or real-time keeping up-to-date. NCSC-NL does not control nor guarantee the accuracy, relevance, timeliness or completeness of information obtained from these external sources. The vulnerabilities disclosed in this portal are intended solely for the convenience of professional parties to take appropriate measures to manage the risks posed to the cybersecurity. No rights can be derived from the information provided therein.\n\nNCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of the vulnerabilities disclosed in this portal. This includes damage resulting from the inaccuracy of incompleteness of the information contained in it.\nThe information on this page is subject to Dutch law. All disputes related to or arising from the use of this portal regarding the disclosure of vulnerabilities will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "National Cyber Security Centre", "namespace": "https://www.ncsc.nl/" }, "title": "CVE-2026-28364", "tracking": { "current_release_date": "2026-03-26T01:41:36.182578Z", "generator": { "date": "2026-02-17T15:00:00Z", "engine": { "name": "V.E.L.M.A", "version": "1.7" } }, "id": "CVE-2026-28364", "initial_release_date": "2026-02-27T04:25:32.154181Z", "revision_history": [ { "date": "2026-02-27T04:25:32.154181Z", "number": "1", "summary": "CVE created.| Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (2).| CWES updated (1)." }, { "date": "2026-02-27T04:25:35.795069Z", "number": "2", "summary": "NCSC Score created." }, { "date": "2026-02-27T04:38:42.876206Z", "number": "3", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products created (2).| References created (2).| CWES updated (1)." }, { "date": "2026-02-27T04:38:44.704160Z", "number": "4", "summary": "NCSC Score updated." }, { "date": "2026-02-27T12:43:54.287570Z", "number": "5", "summary": "Source created.| CVE status created. (valid)| Products created (2)." }, { "date": "2026-02-27T14:36:56.250910Z", "number": "6", "summary": "Source created.| CVE status created. (valid)| EPSS created." }, { "date": "2026-02-27T16:38:59.047658Z", "number": "7", "summary": "Unknown change." }, { "date": "2026-02-28T00:11:29.754571Z", "number": "8", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products connected (39).| Product Identifiers created (76).| Products created (39).| References created (1)." }, { "date": "2026-02-28T00:11:42.956926Z", "number": "9", "summary": "NCSC Score updated." }, { "date": "2026-02-28T06:43:37.504336Z", "number": "10", "summary": "Description created for source." }, { "date": "2026-02-28T12:20:14.735100Z", "number": "11", "summary": "Source connected.| CVE status created. (valid)| Description created for source.| CVSS created.| CWES updated (1)." }, { "date": "2026-02-28T12:20:16.318238Z", "number": "12", "summary": "NCSC Score updated." }, { "date": "2026-03-03T00:27:50.629507Z", "number": "13", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products connected (5).| Product Identifiers created (5).| Products created (5).| References created (4).| CWES updated (1).| Vendor_assessment created." }, { "date": "2026-03-03T00:27:53.103663Z", "number": "14", "summary": "NCSC Score updated." }, { "date": "2026-03-05T18:19:49.733394Z", "number": "15", "summary": "Products created (1).| Product Identifiers created (1)." }, { "date": "2026-03-05T18:19:59.377263Z", "number": "16", "summary": "NCSC Score updated." }, { "date": "2026-03-06T00:45:36.444457Z", "number": "17", "summary": "Source created.| CVE status created. (valid)| Description created for source.| Products created (8).| References created (3)." }, { "date": "2026-03-06T00:45:43.889683Z", "number": "18", "summary": "NCSC Score updated." }, { "date": "2026-03-06T18:45:44.474293Z", "number": "19", "summary": "Source created.| CVE status created. (valid)| Description created for source.| Products created (4).| References created (3)." }, { "date": "2026-03-06T18:45:48.140220Z", "number": "20", "summary": "NCSC Score updated." }, { "date": "2026-03-06T19:25:00.331711Z", "number": "21", "summary": "Products created (2).| Product Identifiers created (2)." }, { "date": "2026-03-06T19:25:09.774786Z", "number": "22", "summary": "NCSC Score updated." }, { "date": "2026-03-07T17:27:16.523810Z", "number": "23", "summary": "NCSC Score updated." }, { "date": "2026-03-12T12:20:11.004875Z", "number": "24", "summary": "Product Remediations created (1)." }, { "date": "2026-03-12T12:20:15.077927Z", "number": "25", "summary": "NCSC Score updated." }, { "date": "2026-03-12T18:19:51.236182Z", "number": "26", "summary": "Product Remediations removed (1)." }, { "date": "2026-03-12T18:19:58.076739Z", "number": "27", "summary": "NCSC Score updated." }, { "date": "2026-03-14T12:19:55.779357Z", "number": "28", "summary": "Products removed (1)." }, { "date": "2026-03-20T09:37:41.966097Z", "number": "29", "summary": "Source connected.| CVE status created. (valid)| EPSS created." }, { "date": "2026-03-20T09:37:44.696028Z", "number": "30", "summary": "NCSC Score updated." }, { "date": "2026-03-25T21:29:53.282010Z", "number": "31", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (2)." }, { "date": "2026-03-25T21:30:00.255893Z", "number": "32", "summary": "NCSC Score updated." } ], "status": "interim", "version": "32" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:semver/5.0.0|<5.4.1", "product": { "name": "vers:semver/5.0.0|<5.4.1", "product_id": "CSAFPID-5734225" } }, { "category": "product_version_range", "name": "vers:semver/<4.14.3", "product": { "name": "vers:semver/<4.14.3", "product_id": "CSAFPID-5734224" } } ], "category": "product_name", "name": "OCaml" } ], "category": "vendor", "name": "OCaml" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/3.07", "product": { "name": "vers:unknown/3.07", "product_id": "CSAFPID-5621220", "product_identification_helper": { "purl": "pkg:opam/ocaml@3.07" } } }, { "category": "product_version_range", "name": "vers:unknown/3.07+1", "product": { "name": "vers:unknown/3.07+1", "product_id": "CSAFPID-5621221", "product_identification_helper": { "purl": "pkg:opam/ocaml@3.07%2B1" } } }, { "category": "product_version_range", "name": "vers:unknown/3.07+2", "product": { "name": "vers:unknown/3.07+2", "product_id": "CSAFPID-5621222", "product_identification_helper": { "purl": "pkg:opam/ocaml@3.07%2B2" } } }, { "category": "product_version_range", "name": "vers:unknown/3.08.0", "product": { "name": "vers:unknown/3.08.0", "product_id": "CSAFPID-5621223", "product_identification_helper": { "purl": "pkg:opam/ocaml@3.08.0" } } }, { "category": "product_version_range", "name": "vers:unknown/3.08.1", "product": { "name": "vers:unknown/3.08.1", "product_id": "CSAFPID-5621224", "product_identification_helper": { "purl": "pkg:opam/ocaml@3.08.1" } } }, { "category": "product_version_range", "name": "vers:unknown/3.08.2", "product": { "name": "vers:unknown/3.08.2", "product_id": "CSAFPID-5621225", "product_identification_helper": { "purl": "pkg:opam/ocaml@3.08.2" } } }, { "category": "product_version_range", "name": "vers:unknown/3.08.3", "product": { "name": "vers:unknown/3.08.3", "product_id": "CSAFPID-5621226", "product_identification_helper": { "purl": "pkg:opam/ocaml@3.08.3" } } }, { "category": "product_version_range", "name": "vers:unknown/3.08.4", "product": { "name": "vers:unknown/3.08.4", "product_id": "CSAFPID-5621227", "product_identification_helper": { "purl": "pkg:opam/ocaml@3.08.4" } } }, { "category": "product_version_range", "name": "vers:unknown/3.09.0", "product": { "name": "vers:unknown/3.09.0", "product_id": "CSAFPID-5621228", "product_identification_helper": { "purl": "pkg:opam/ocaml@3.09.0" } } }, { "category": "product_version_range", "name": "vers:unknown/3.09.1", "product": { "name": "vers:unknown/3.09.1", "product_id": "CSAFPID-5621229", "product_identification_helper": { "purl": "pkg:opam/ocaml@3.09.1" } } }, { "category": "product_version_range", "name": "vers:unknown/3.09.2", "product": { "name": "vers:unknown/3.09.2", "product_id": "CSAFPID-5621230", "product_identification_helper": { "purl": "pkg:opam/ocaml@3.09.2" } } }, { "category": "product_version_range", "name": "vers:unknown/3.09.3", "product": { "name": "vers:unknown/3.09.3", "product_id": "CSAFPID-5621231", "product_identification_helper": { "purl": "pkg:opam/ocaml@3.09.3" } } }, { "category": "product_version_range", "name": "vers:unknown/3.10.0", "product": { "name": "vers:unknown/3.10.0", "product_id": "CSAFPID-5621232", "product_identification_helper": { "purl": "pkg:opam/ocaml@3.10.0" } } }, { "category": "product_version_range", "name": "vers:unknown/3.10.1", "product": { "name": "vers:unknown/3.10.1", "product_id": "CSAFPID-5621233", "product_identification_helper": { "purl": "pkg:opam/ocaml@3.10.1" } } }, { "category": "product_version_range", "name": "vers:unknown/3.10.2", "product": { "name": "vers:unknown/3.10.2", "product_id": "CSAFPID-5621234", "product_identification_helper": { "purl": "pkg:opam/ocaml@3.10.2" } } }, { "category": "product_version_range", "name": "vers:unknown/3.11.0", "product": { "name": "vers:unknown/3.11.0", "product_id": "CSAFPID-5621235", "product_identification_helper": { "purl": "pkg:opam/ocaml@3.11.0" } } }, { "category": "product_version_range", "name": "vers:unknown/3.11.1", "product": { "name": "vers:unknown/3.11.1", "product_id": "CSAFPID-5621236", "product_identification_helper": { "purl": "pkg:opam/ocaml@3.11.1" } } }, { "category": "product_version_range", "name": "vers:unknown/3.11.2", "product": { "name": "vers:unknown/3.11.2", "product_id": "CSAFPID-5621237", "product_identification_helper": { "purl": "pkg:opam/ocaml@3.11.2" } } }, { "category": "product_version_range", "name": "vers:unknown/3.12.0", "product": { "name": "vers:unknown/3.12.0", "product_id": "CSAFPID-5621238", "product_identification_helper": { "purl": "pkg:opam/ocaml@3.12.0" } } }, { "category": "product_version_range", "name": "vers:unknown/3.12.1", "product": { "name": "vers:unknown/3.12.1", "product_id": "CSAFPID-5621239", "product_identification_helper": { "purl": "pkg:opam/ocaml@3.12.1" } } }, { "category": "product_version_range", "name": "vers:unknown/4.00.0", "product": { "name": "vers:unknown/4.00.0", "product_id": "CSAFPID-5621240", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.00.0" } } }, { "category": "product_version_range", "name": "vers:unknown/4.00.1", "product": { "name": "vers:unknown/4.00.1", "product_id": "CSAFPID-5621241", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.00.1" } } }, { "category": "product_version_range", "name": "vers:unknown/4.01.0", "product": { "name": "vers:unknown/4.01.0", "product_id": "CSAFPID-5621242", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.01.0" } } }, { "category": "product_version_range", "name": "vers:unknown/4.02.0", "product": { "name": "vers:unknown/4.02.0", "product_id": "CSAFPID-5621243", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.02.0" } } }, { "category": "product_version_range", "name": "vers:unknown/4.02.1", "product": { "name": "vers:unknown/4.02.1", "product_id": "CSAFPID-5621244", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.02.1" } } }, { "category": "product_version_range", "name": "vers:unknown/4.02.2", "product": { "name": "vers:unknown/4.02.2", "product_id": "CSAFPID-5621245", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.02.2" } } }, { "category": "product_version_range", "name": "vers:unknown/4.02.3", "product": { "name": "vers:unknown/4.02.3", "product_id": "CSAFPID-266709", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.02.3" } } }, { "category": "product_version_range", "name": "vers:unknown/4.02.4", "product": { "name": "vers:unknown/4.02.4", "product_id": "CSAFPID-5621246", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.02.4" } } }, { "category": "product_version_range", "name": "vers:unknown/4.03.0", "product": { "name": "vers:unknown/4.03.0", "product_id": "CSAFPID-3258219", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.03.0" } } }, { "category": "product_version_range", "name": "vers:unknown/4.03.1", "product": { "name": "vers:unknown/4.03.1", "product_id": "CSAFPID-5622278", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.03.1" } } }, { "category": "product_version_range", "name": "vers:unknown/4.04.0", "product": { "name": "vers:unknown/4.04.0", "product_id": "CSAFPID-377820", "product_identification_helper": { "cpe": "cpe:2.3:a:ocaml:ocaml:4.04.0:*:*:*:*:*:*:*", "purl": "pkg:opam/ocaml@4.04.0" } } }, { "category": "product_version_range", "name": "vers:unknown/4.04.1", "product": { "name": "vers:unknown/4.04.1", "product_id": "CSAFPID-377821", "product_identification_helper": { "cpe": "cpe:2.3:a:ocaml:ocaml:4.04.1:*:*:*:*:*:*:*", "purl": "pkg:opam/ocaml@4.04.1" } } }, { "category": "product_version_range", "name": "vers:unknown/4.04.2", "product": { "name": "vers:unknown/4.04.2", "product_id": "CSAFPID-5622279", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.04.2" } } }, { "category": "product_version_range", "name": "vers:unknown/4.04.3", "product": { "name": "vers:unknown/4.04.3", "product_id": "CSAFPID-5622280", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.04.3" } } }, { "category": "product_version_range", "name": "vers:unknown/4.05.0", "product": { "name": "vers:unknown/4.05.0", "product_id": "CSAFPID-5622281", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.05.0" } } }, { "category": "product_version_range", "name": "vers:unknown/4.05.1", "product": { "name": "vers:unknown/4.05.1", "product_id": "CSAFPID-5622282", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.05.1" } } }, { "category": "product_version_range", "name": "vers:unknown/4.06.0", "product": { "name": "vers:unknown/4.06.0", "product_id": "CSAFPID-445313", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.06.0" } } }, { "category": "product_version_range", "name": "vers:unknown/4.06.1", "product": { "name": "vers:unknown/4.06.1", "product_id": "CSAFPID-5622283", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.06.1" } } }, { "category": "product_version_range", "name": "vers:unknown/4.06.2", "product": { "name": "vers:unknown/4.06.2", "product_id": "CSAFPID-5622284", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.06.2" } } }, { "category": "product_version_range", "name": "vers:unknown/4.07.0", "product": { "name": "vers:unknown/4.07.0", "product_id": "CSAFPID-5736772", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.07.0" } } }, { "category": "product_version_range", "name": "vers:unknown/4.07.1", "product": { "name": "vers:unknown/4.07.1", "product_id": "CSAFPID-5736773", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.07.1" } } }, { "category": "product_version_range", "name": "vers:unknown/4.07.2", "product": { "name": "vers:unknown/4.07.2", "product_id": "CSAFPID-5736774", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.07.2" } } }, { "category": "product_version_range", "name": "vers:unknown/4.08.0", "product": { "name": "vers:unknown/4.08.0", "product_id": "CSAFPID-5736775", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.08.0" } } }, { "category": "product_version_range", "name": "vers:unknown/4.08.1", "product": { "name": "vers:unknown/4.08.1", "product_id": "CSAFPID-5736776", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.08.1" } } }, { "category": "product_version_range", "name": "vers:unknown/4.08.2", "product": { "name": "vers:unknown/4.08.2", "product_id": "CSAFPID-5736777", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.08.2" } } }, { "category": "product_version_range", "name": "vers:unknown/4.09.0", "product": { "name": "vers:unknown/4.09.0", "product_id": "CSAFPID-5736778", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.09.0" } } }, { "category": "product_version_range", "name": "vers:unknown/4.09.1", "product": { "name": "vers:unknown/4.09.1", "product_id": "CSAFPID-5736779", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.09.1" } } }, { "category": "product_version_range", "name": "vers:unknown/4.09.2", "product": { "name": "vers:unknown/4.09.2", "product_id": "CSAFPID-5736780", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.09.2" } } }, { "category": "product_version_range", "name": "vers:unknown/4.10.0", "product": { "name": "vers:unknown/4.10.0", "product_id": "CSAFPID-5736781", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.10.0" } } }, { "category": "product_version_range", "name": "vers:unknown/4.10.1", "product": { "name": "vers:unknown/4.10.1", "product_id": "CSAFPID-5736782", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.10.1" } } }, { "category": "product_version_range", "name": "vers:unknown/4.10.2", "product": { "name": "vers:unknown/4.10.2", "product_id": "CSAFPID-5736783", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.10.2" } } }, { "category": "product_version_range", "name": "vers:unknown/4.10.3", "product": { "name": "vers:unknown/4.10.3", "product_id": "CSAFPID-5736784", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.10.3" } } }, { "category": "product_version_range", "name": "vers:unknown/4.11.0", "product": { "name": "vers:unknown/4.11.0", "product_id": "CSAFPID-5736785", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.11.0" } } }, { "category": "product_version_range", "name": "vers:unknown/4.11.1", "product": { "name": "vers:unknown/4.11.1", "product_id": "CSAFPID-5736786", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.11.1" } } }, { "category": "product_version_range", "name": "vers:unknown/4.11.2", "product": { "name": "vers:unknown/4.11.2", "product_id": "CSAFPID-5736787", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.11.2" } } }, { "category": "product_version_range", "name": "vers:unknown/4.11.3", "product": { "name": "vers:unknown/4.11.3", "product_id": "CSAFPID-5736788", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.11.3" } } }, { "category": "product_version_range", "name": "vers:unknown/4.12.0", "product": { "name": "vers:unknown/4.12.0", "product_id": "CSAFPID-5736789", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.12.0" } } }, { "category": "product_version_range", "name": "vers:unknown/4.12.1", "product": { "name": "vers:unknown/4.12.1", "product_id": "CSAFPID-5736790", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.12.1" } } }, { "category": "product_version_range", "name": "vers:unknown/4.12.2", "product": { "name": "vers:unknown/4.12.2", "product_id": "CSAFPID-5736791", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.12.2" } } }, { "category": "product_version_range", "name": "vers:unknown/4.13.0", "product": { "name": "vers:unknown/4.13.0", "product_id": "CSAFPID-5736792", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.13.0" } } }, { "category": "product_version_range", "name": "vers:unknown/4.13.1", "product": { "name": "vers:unknown/4.13.1", "product_id": "CSAFPID-5736793", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.13.1" } } }, { "category": "product_version_range", "name": "vers:unknown/4.13.2", "product": { "name": "vers:unknown/4.13.2", "product_id": "CSAFPID-5736794", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.13.2" } } }, { "category": "product_version_range", "name": "vers:unknown/4.14.0", "product": { "name": "vers:unknown/4.14.0", "product_id": "CSAFPID-5736795", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.14.0" } } }, { "category": "product_version_range", "name": "vers:unknown/4.14.1", "product": { "name": "vers:unknown/4.14.1", "product_id": "CSAFPID-5736796", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.14.1" } } }, { "category": "product_version_range", "name": "vers:unknown/4.14.2", "product": { "name": "vers:unknown/4.14.2", "product_id": "CSAFPID-5736797", "product_identification_helper": { "purl": "pkg:opam/ocaml@4.14.2" } } }, { "category": "product_version_range", "name": "vers:unknown/5.0.0", "product": { "name": "vers:unknown/5.0.0", "product_id": "CSAFPID-5736798", "product_identification_helper": { "purl": "pkg:opam/ocaml@5.0.0" } } }, { "category": "product_version_range", "name": "vers:unknown/5.0.1", "product": { "name": "vers:unknown/5.0.1", "product_id": "CSAFPID-5736799", "product_identification_helper": { "purl": "pkg:opam/ocaml@5.0.1" } } }, { "category": "product_version_range", "name": "vers:unknown/5.1.0", "product": { "name": "vers:unknown/5.1.0", "product_id": "CSAFPID-5736800", "product_identification_helper": { "purl": "pkg:opam/ocaml@5.1.0" } } }, { "category": "product_version_range", "name": "vers:unknown/5.1.1", "product": { "name": "vers:unknown/5.1.1", "product_id": "CSAFPID-5736801", "product_identification_helper": { "purl": "pkg:opam/ocaml@5.1.1" } } }, { "category": "product_version_range", "name": "vers:unknown/5.1.2", "product": { "name": "vers:unknown/5.1.2", "product_id": "CSAFPID-5736802", "product_identification_helper": { "purl": "pkg:opam/ocaml@5.1.2" } } }, { "category": "product_version_range", "name": "vers:unknown/5.2.0", "product": { "name": "vers:unknown/5.2.0", "product_id": "CSAFPID-5736803", "product_identification_helper": { "purl": "pkg:opam/ocaml@5.2.0" } } }, { "category": "product_version_range", "name": "vers:unknown/5.2.1", "product": { "name": "vers:unknown/5.2.1", "product_id": "CSAFPID-5736804", "product_identification_helper": { "purl": "pkg:opam/ocaml@5.2.1" } } }, { "category": "product_version_range", "name": "vers:unknown/5.2.2", "product": { "name": "vers:unknown/5.2.2", "product_id": "CSAFPID-5736805", "product_identification_helper": { "purl": "pkg:opam/ocaml@5.2.2" } } }, { "category": "product_version_range", "name": "vers:unknown/5.3.0", "product": { "name": "vers:unknown/5.3.0", "product_id": "CSAFPID-5736806", "product_identification_helper": { "purl": "pkg:opam/ocaml@5.3.0" } } }, { "category": "product_version_range", "name": "vers:unknown/5.3.1", "product": { "name": "vers:unknown/5.3.1", "product_id": "CSAFPID-5736807", "product_identification_helper": { "purl": "pkg:opam/ocaml@5.3.1" } } }, { "category": "product_version_range", "name": "vers:unknown/5.4.0", "product": { "name": "vers:unknown/5.4.0", "product_id": "CSAFPID-5736808", "product_identification_helper": { "purl": "pkg:opam/ocaml@5.4.0" } } }, { "category": "product_version_range", "name": "vers:unknown/<4.14.3", "product": { "name": "vers:unknown/<4.14.3", "product_id": "CSAFPID-5767289", "product_identification_helper": { "cpe": "cpe:2.3:a:ocaml:ocaml:*:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "vers:unknown/>=0|<4.14.3", "product": { "name": "vers:unknown/>=0|<4.14.3", "product_id": "CSAFPID-5736809" } }, { "category": "product_version_range", "name": "vers:unknown/>=5.0.0|<5.4.1", "product": { "name": "vers:unknown/>=5.0.0|<5.4.1", "product_id": "CSAFPID-5767290", "product_identification_helper": { "cpe": "cpe:2.3:a:ocaml:ocaml:*:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "vers:unknown/>=5|<5.4.1", "product": { "name": "vers:unknown/>=5|<5.4.1", "product_id": "CSAFPID-5736810" } } ], "category": "product_name", "name": "Ocaml" } ], "category": "vendor", "name": "Ocaml" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:rpm/10", "product": { "name": "vers:rpm/10", "product_id": "CSAFPID-2858634", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:10" } } } ], "category": "product_name", "name": "Red Hat Enterprise Linux 10" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/6", "product": { "name": "vers:rpm/6", "product_id": "CSAFPID-1439321", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6" } } } ], "category": "product_name", "name": "Red Hat Enterprise Linux 6" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/7", "product": { "name": "vers:rpm/7", "product_id": "CSAFPID-1439315", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7" } } } ], "category": "product_name", "name": "Red Hat Enterprise Linux 7" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/8", "product": { "name": "vers:rpm/8", "product_id": "CSAFPID-1439317", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8" } } } ], "category": "product_name", "name": "Red Hat Enterprise Linux 8" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/9", "product": { "name": "vers:rpm/9", "product_id": "CSAFPID-1439319", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:9" } } } ], "category": "product_name", "name": "Red Hat Enterprise Linux 9" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5755027" } } ], "category": "product_name", "name": "ocaml" } ], "category": "product_family", "name": "Red Hat Enterprise Linux 10" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5755028" } } ], "category": "product_name", "name": "ocaml" } ], "category": "product_family", "name": "Red Hat Enterprise Linux 6" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5755029" } } ], "category": "product_name", "name": "ocaml" } ], "category": "product_family", "name": "Red Hat Enterprise Linux 7" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5755030" } } ], "category": "product_name", "name": "ocaml" } ], "category": "product_family", "name": "Red Hat Enterprise Linux 8" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5755031" } } ], "category": "product_name", "name": "ocaml" } ], "category": "product_family", "name": "Red Hat Enterprise Linux 9" } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:deb/unknown", "product": { "name": "vers:deb/unknown", "product_id": "CSAFPID-5735287" } } ], "category": "product_name", "name": "ocaml" } ], "category": "product_family", "name": "bookworm" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:deb/unknown", "product": { "name": "vers:deb/unknown", "product_id": "CSAFPID-5735288" } } ], "category": "product_name", "name": "ocaml" } ], "category": "product_family", "name": "bullseye" } ], "category": "vendor", "name": "Debian" }, { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/>=0|<4.05.0-150200.15.3.1", "product": { "name": "vers:unknown/>=0|<4.05.0-150200.15.3.1", "product_id": "CSAFPID-5765341" } } ], "category": "product_name", "name": "ocaml" } ], "category": "product_family", "name": "SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/>=0|<4.05.0-150200.15.3.1", "product": { "name": "vers:unknown/>=0|<4.05.0-150200.15.3.1", "product_id": "CSAFPID-5765342" } } ], "category": "product_name", "name": "ocaml" } ], "category": "product_family", "name": "SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/>=0|<4.05.0-150200.15.3.1", "product": { "name": "vers:unknown/>=0|<4.05.0-150200.15.3.1", "product_id": "CSAFPID-5765343" } } ], "category": "product_name", "name": "ocaml" } ], "category": "product_family", "name": "SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOS" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/>=0|<4.05.0-150200.15.3.1", "product": { "name": "vers:unknown/>=0|<4.05.0-150200.15.3.1", "product_id": "CSAFPID-5765344" } } ], "category": "product_name", "name": "ocaml" } ], "category": "product_family", "name": "SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSS" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/>=0|<4.14.2-150600.3.3.1", "product": { "name": "vers:unknown/>=0|<4.14.2-150600.3.3.1", "product_id": "CSAFPID-5767245" } } ], "category": "product_name", "name": "ocaml" } ], "category": "product_family", "name": "SUSE:Linux Enterprise Module for Development Tools 15 SP7" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/>=0|<4.05.0-150200.15.3.1", "product": { "name": "vers:unknown/>=0|<4.05.0-150200.15.3.1", "product_id": "CSAFPID-5765345" } } ], "category": "product_name", "name": "ocaml" } ], "category": "product_family", "name": "SUSE:Linux Enterprise Server 15 SP4-LTSS" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/>=0|<4.05.0-150200.15.3.1", "product": { "name": "vers:unknown/>=0|<4.05.0-150200.15.3.1", "product_id": "CSAFPID-5765346" } } ], "category": "product_name", "name": "ocaml" } ], "category": "product_family", "name": "SUSE:Linux Enterprise Server 15 SP5-LTSS" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/>=0|<4.14.2-150600.3.3.1", "product": { "name": "vers:unknown/>=0|<4.14.2-150600.3.3.1", "product_id": "CSAFPID-5767246" } } ], "category": "product_name", "name": "ocaml" } ], "category": "product_family", "name": "SUSE:Linux Enterprise Server 15 SP6-LTSS" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/>=0|<4.05.0-150200.15.3.1", "product": { "name": "vers:unknown/>=0|<4.05.0-150200.15.3.1", "product_id": "CSAFPID-5765347" } } ], "category": "product_name", "name": "ocaml" } ], "category": "product_family", "name": "SUSE:Linux Enterprise Server for SAP Applications 15 SP4" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/>=0|<4.05.0-150200.15.3.1", "product": { "name": "vers:unknown/>=0|<4.05.0-150200.15.3.1", "product_id": "CSAFPID-5765348" } } ], "category": "product_name", "name": "ocaml" } ], "category": "product_family", "name": "SUSE:Linux Enterprise Server for SAP Applications 15 SP5" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/>=0|<4.14.2-150600.3.3.1", "product": { "name": "vers:unknown/>=0|<4.14.2-150600.3.3.1", "product_id": "CSAFPID-5767247" } } ], "category": "product_name", "name": "ocaml" } ], "category": "product_family", "name": "SUSE:Linux Enterprise Server for SAP Applications 15 SP6" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/>=0|<4.14.2-150600.3.3.1", "product": { "name": "vers:unknown/>=0|<4.14.2-150600.3.3.1", "product_id": "CSAFPID-5767248" } } ], "category": "product_name", "name": "ocaml" } ], "category": "product_family", "name": "openSUSE:Leap 15.6" } ], "category": "vendor", "name": "SUSE" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-28364", "cwe": { "id": "CWE-126", "name": "Buffer Over-read" }, "notes": [ { "category": "description", "text": "In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from crafted Marshal data.", "title": "nvd - https://nvd.nist.gov/vuln/detail/CVE-2026-28364" }, { "category": "description", "text": "In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from crafted Marshal data.", "title": "cveprojectv5 - https://www.cve.org/CVERecord?id=CVE-2026-28364" }, { "category": "description", "text": "## Summary\n\nA critical buffer over-read vulnerability in OCaml's Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from malicious Marshal data.\n\nPlease note that Marshal is not type safe, and you have to be careful if you use the deserialization on untrusted input (due to type confusion, and remote code execution by design - you can use Marshal for code).\n\nAffected functions: `Marshal.from_channel`, `Marshal.from_bytes`, `Marshal.from_string`, `Stdlib.input_value`, `Pervasives.input_value` when reading data from an untrusted source.\n\n## Vulnerability Attack Vector\n\nCorrupted or malicious marshaled data that causes undefined behaviour in the runtime system when unmarshaled.\n`input_value` should either fail cleanly or produce a well-formed OCaml object, without corrupting the runtime system.\n\nConsequently, this excludes:\n\n* well-formed marshaled data that produces an OCaml object that is not of the type expected by the OCaml code and causes the Ocaml code to crash or misbehave\n\n* misuses of the OCaml runtime system by the program performing input_value, such as setting `Debugger.function_placeholder` to the wrong function.\n\nThe former issue may be addressed at some point by validating the unmarshaled OCaml value against the expected type, using the functions from module `Obj` and some kind of run-time type description.\n\nThe latter issue is a bug in the program that unmarshals the data.\n\n## Fix\n\n### OCaml runtime\n\nThe OCaml runtime has been hardened with additional bounds checks. An exception is raised on bad input.\n\n### Third party libraries\n\nThird party libraries that want to harden their custom Marshal deserialization code can follow the example fix for bigarrays from the standard library.\nThere are new macros in `custom.h` called `Wsize_custom_data` and `Bsize_custom_data` that return the size in words or bytes of the allocated custom destination block. The deserializer needs to ensure it only writes data within those bounds.\n\nThis only needs to be done if the library defines a custom type in a C binding, and `struct custom_operations`'s `deserialize` field is not set to `NULL` or `custom_deserialize_default`, and `struct custom_operations`'s `fixed_length` field is set to `NULL` or `custom_fixed_length_default`\n\nSince `Marshal.from*` and `input_value` remain unsafe to use, the fix for the OCaml runtime is released, and we wouldn't attempt to coordinate updating all deserialization functions in the ecosystem.\n\n## Timeline\n\n- Nov 4th 2025: Discovery Date: Discovered first in OxCaml\n- Nov 5th 2025: First Disclosure Date (Jane Street Team): Emailed top maintainers, no response.\n- Nov 9th 2025: Second Disclosure Date (OCaml Team): Submitted to OCaml/ocaml GitHub Repo as a Security Advisory.\n- Nov 11th 2025: Emailed OCaml Security Mail List: Submitted to OCaml over email, responded asking for details.\n- Nov 11th 2025: Third Disclosure (OCaml Security Response Team): Submitted to ocaml/security-advisories GitHub Repo as a Security Advisory.\n- Dec 16th 2025: Initial patch is developed\n- Dec 17th 2025: Fuzz testing found further issues\n- Dec 24th 2025: Final patch for OCaml is developed\n- Dec 25th 2025: Fuzz testing couldn't find any further issues\n- Jan 2nd 2026: Patch got reviewed by OCaml maintainers\n- Jan 4th 2026: Benchmarking of the patch with good results\n- Jan 6th 2026: Reporter got contacted to confirm\n- Jan 25th 2026: Further related issues discovered by fuzzing\n- Feb 17th 2026: fixed OCaml releases are published, security advisory is published", "title": "osv - https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/GIT%2FOSEC-2026-01.json?alt=media" }, { "category": "description", "text": "In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from crafted Marshal data.", "title": "debian - https://security-tracker.debian.org/tracker/CVE-2026-28364" }, { "category": "description", "text": "In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from crafted Marshal data.", "title": "microsoft - https://api.msrc.microsoft.com/cvrf/v3.0/cvrf/2026-Feb" }, { "category": "description", "text": "In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from crafted Marshal data.\nA flaw was found in OCaml. A remote attacker could exploit a buffer over-read vulnerability during Marshal deserialization by providing specially crafted data. This issue stems from missing bounds validation in the readblock() function, which performs unbounded memory copy operations. Successful exploitation could lead to remote code execution.", "title": "redhat - https://access.redhat.com/security/cve/CVE-2026-28364" }, { "category": "description", "text": "This update for ocaml fixes the following issues:\n\n- CVE-2026-28364: missing bounds validation in readblock() can lead to arbitrary code execution (bsc#1258992).\n", "title": "osv - https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/SUSE%2FSUSE-SU-2026:0800-1.json?alt=media" }, { "category": "description", "text": "This update for ocaml fixes the following issues:\n\n- CVE-2026-28364: missing bounds validation in readblock() can lead to arbitrary code execution (bsc#1258992).\n", "title": "osv - https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/SUSE%2FSUSE-SU-2026:0830-1.json?alt=media" }, { "category": "description", "text": "In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from crafted Marshal data.", "title": "osv - https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/GIT%2FCVE-2026-28364.json?alt=media" }, { "category": "other", "text": "0.00038", "title": "EPSS" }, { "category": "other", "text": "4.3", "title": "NCSC Score" }, { "category": "other", "text": "There is cwe data available from source Nvd, The CVSS vector string contains A:H (Availability Impact: High), Is related to CWE-125 (Out-of-bounds Read)", "title": "NCSC Score top decreasing factors" }, { "category": "details", "text": "Severity: 3\n", "title": "Vendor assessment" } ], "product_status": { "known_affected": [ "CSAFPID-5734224", "CSAFPID-5734225", "CSAFPID-5735287", "CSAFPID-5735288", "CSAFPID-266709", "CSAFPID-377820", "CSAFPID-377821", "CSAFPID-445313", "CSAFPID-3258219", "CSAFPID-5621220", "CSAFPID-5621221", "CSAFPID-5621222", "CSAFPID-5621223", "CSAFPID-5621224", "CSAFPID-5621225", "CSAFPID-5621226", "CSAFPID-5621227", "CSAFPID-5621228", "CSAFPID-5621229", "CSAFPID-5621230", "CSAFPID-5621231", "CSAFPID-5621232", "CSAFPID-5621233", "CSAFPID-5621234", "CSAFPID-5621235", "CSAFPID-5621236", "CSAFPID-5621237", "CSAFPID-5621238", "CSAFPID-5621239", "CSAFPID-5621240", "CSAFPID-5621241", "CSAFPID-5621242", "CSAFPID-5621243", "CSAFPID-5621244", "CSAFPID-5621245", "CSAFPID-5621246", "CSAFPID-5622278", "CSAFPID-5622279", "CSAFPID-5622280", "CSAFPID-5622281", "CSAFPID-5622282", "CSAFPID-5622283", "CSAFPID-5622284", "CSAFPID-5736772", "CSAFPID-5736773", "CSAFPID-5736774", "CSAFPID-5736775", "CSAFPID-5736776", "CSAFPID-5736777", "CSAFPID-5736778", "CSAFPID-5736779", "CSAFPID-5736780", "CSAFPID-5736781", "CSAFPID-5736782", "CSAFPID-5736783", "CSAFPID-5736784", "CSAFPID-5736785", "CSAFPID-5736786", "CSAFPID-5736787", "CSAFPID-5736788", "CSAFPID-5736789", "CSAFPID-5736790", "CSAFPID-5736791", "CSAFPID-5736792", "CSAFPID-5736793", "CSAFPID-5736794", "CSAFPID-5736795", "CSAFPID-5736796", "CSAFPID-5736797", "CSAFPID-5736798", "CSAFPID-5736799", "CSAFPID-5736800", "CSAFPID-5736801", "CSAFPID-5736802", "CSAFPID-5736803", "CSAFPID-5736804", "CSAFPID-5736805", "CSAFPID-5736806", "CSAFPID-5736807", "CSAFPID-5736808", "CSAFPID-5736809", "CSAFPID-5736810", "CSAFPID-1439315", "CSAFPID-1439317", "CSAFPID-1439319", "CSAFPID-1439321", "CSAFPID-2858634", "CSAFPID-5755027", "CSAFPID-5755028", "CSAFPID-5755029", "CSAFPID-5755030", "CSAFPID-5755031", "CSAFPID-5765341", "CSAFPID-5765342", "CSAFPID-5765343", "CSAFPID-5765344", "CSAFPID-5765345", "CSAFPID-5765346", "CSAFPID-5765347", "CSAFPID-5765348", "CSAFPID-5767245", "CSAFPID-5767246", "CSAFPID-5767247", "CSAFPID-5767248", "CSAFPID-5767289", "CSAFPID-5767290" ] }, "references": [ { "category": "external", "summary": "Source - nvd", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28364" }, { "category": "external", "summary": "Source raw - nvd", "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-28364" }, { "category": "external", "summary": "Source - cveprojectv5", "url": "https://www.cve.org/CVERecord?id=CVE-2026-28364" }, { "category": "external", "summary": "Source raw - cveprojectv5", "url": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/28xxx/CVE-2026-28364.json" }, { "category": "external", "summary": "Source - debian", "url": "https://security-tracker.debian.org/tracker/CVE-2026-28364" }, { "category": "external", "summary": "Source - first", "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-28364" }, { "category": "external", "summary": "Source raw - first", "url": "https://api.first.org/data/v1/epss?limit=10000&offset=0" }, { "category": "external", "summary": "Source - osv", "url": "https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/GIT%2FOSEC-2026-01.json?alt=media" }, { "category": "external", "summary": "Source - microsoft", "url": "https://api.msrc.microsoft.com/cvrf/v3.0/cvrf/2026-Feb" }, { "category": "external", "summary": "Source - redhat", "url": "https://access.redhat.com/security/cve/CVE-2026-28364" }, { "category": "external", "summary": "Source raw - redhat", "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28364.json" }, { "category": "external", "summary": "Source - osv", "url": "https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/SUSE%2FSUSE-SU-2026:0800-1.json?alt=media" }, { "category": "external", "summary": "Source - osv", "url": "https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/SUSE%2FSUSE-SU-2026:0830-1.json?alt=media" }, { "category": "external", "summary": "Source - first", "url": "https://api.first.org/data/v1/epss?limit=10000&offset=0" }, { "category": "external", "summary": "Source - osv", "url": "https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/GIT%2FCVE-2026-28364.json?alt=media" }, { "category": "external", "summary": "Reference - cveprojectv5; nvd; osv; redhat", "url": "https://github.com/ocaml/security-advisories/blob/generated-osv/2026/OSEC-2026-01.json" }, { "category": "external", "summary": "Reference - cveprojectv5; nvd; osv; redhat", "url": "https://osv.dev/vulnerability/OSEC-2026-01" }, { "category": "external", "summary": "Reference - osv", "url": "https://github.com/ocaml/security-advisories/security/advisories/GHSA-j26j-m5xr-g23c" }, { "category": "external", "summary": "Reference - redhat", "url": "https://www.cve.org/CVERecord?id=CVE-2026-28364" }, { "category": "external", "summary": "Reference - redhat", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28364" }, { "category": "external", "summary": "Reference - osv", "url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260800-1/" }, { "category": "external", "summary": "Reference - osv", "url": "https://bugzilla.suse.com/1258992" }, { "category": "external", "summary": "Reference - osv", "url": "https://www.suse.com/security/cve/CVE-2026-28364" }, { "category": "external", "summary": "Reference - osv", "url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260830-1/" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N", "baseScore": 7.9, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1439315", "CSAFPID-1439317", "CSAFPID-1439319", "CSAFPID-1439321", "CSAFPID-266709", "CSAFPID-2858634", "CSAFPID-3258219", "CSAFPID-377820", "CSAFPID-377821", "CSAFPID-445313", "CSAFPID-5621220", "CSAFPID-5621221", "CSAFPID-5621222", "CSAFPID-5621223", "CSAFPID-5621224", "CSAFPID-5621225", "CSAFPID-5621226", "CSAFPID-5621227", "CSAFPID-5621228", "CSAFPID-5621229", "CSAFPID-5621230", "CSAFPID-5621231", "CSAFPID-5621232", "CSAFPID-5621233", "CSAFPID-5621234", "CSAFPID-5621235", "CSAFPID-5621236", "CSAFPID-5621237", "CSAFPID-5621238", "CSAFPID-5621239", "CSAFPID-5621240", "CSAFPID-5621241", "CSAFPID-5621242", "CSAFPID-5621243", "CSAFPID-5621244", "CSAFPID-5621245", "CSAFPID-5621246", "CSAFPID-5622278", "CSAFPID-5622279", "CSAFPID-5622280", "CSAFPID-5622281", "CSAFPID-5622282", "CSAFPID-5622283", "CSAFPID-5622284", "CSAFPID-5734224", "CSAFPID-5734225", "CSAFPID-5735287", "CSAFPID-5735288", "CSAFPID-5736772", "CSAFPID-5736773", "CSAFPID-5736774", "CSAFPID-5736775", "CSAFPID-5736776", "CSAFPID-5736777", "CSAFPID-5736778", "CSAFPID-5736779", "CSAFPID-5736780", "CSAFPID-5736781", "CSAFPID-5736782", "CSAFPID-5736783", "CSAFPID-5736784", "CSAFPID-5736785", "CSAFPID-5736786", "CSAFPID-5736787", "CSAFPID-5736788", "CSAFPID-5736789", "CSAFPID-5736790", "CSAFPID-5736791", "CSAFPID-5736792", "CSAFPID-5736793", "CSAFPID-5736794", "CSAFPID-5736795", "CSAFPID-5736796", "CSAFPID-5736797", "CSAFPID-5736798", "CSAFPID-5736799", "CSAFPID-5736800", "CSAFPID-5736801", "CSAFPID-5736802", "CSAFPID-5736803", "CSAFPID-5736804", "CSAFPID-5736805", "CSAFPID-5736806", "CSAFPID-5736807", "CSAFPID-5736808", "CSAFPID-5736809", "CSAFPID-5736810", "CSAFPID-5755027", "CSAFPID-5755028", "CSAFPID-5755029", "CSAFPID-5755030", "CSAFPID-5755031", "CSAFPID-5765341", "CSAFPID-5765342", "CSAFPID-5765343", "CSAFPID-5765344", "CSAFPID-5765345", "CSAFPID-5765346", "CSAFPID-5765347", "CSAFPID-5765348", "CSAFPID-5767245", "CSAFPID-5767246", "CSAFPID-5767247", "CSAFPID-5767248", "CSAFPID-5767289", "CSAFPID-5767290" ] } ], "title": "CVE-2026-28364" } ] }