CVE-2026-33894

Risk Scores

Affected Products

Exploit Intelligence

• CIRCL seen: CVE-2026-33894 (circl-sighting)
• CIRCL seen: CVE-2026-33894 (circl-sighting)
• CIRCL seen: CVE-2026-33894 (circl-sighting)
• https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp (circl)
• https://datatracker.ietf.org/doc/html/rfc2313#section-8 (circl)
• https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE (circl)
• https://www.rfc-editor.org/rfc/rfc8017.html (circl)
• .trivyignore.yml (github-poc)
• trivity-report.html (github-poc)
• .trivyignore.yml (github-poc)

…and 11 more exploits

Timeline

• Mar 26, 2026 CVE Published
• Mar 27, 2026 CVE Updated
• Mar 27, 2026 Security Advisory
• Mar 27, 2026 PoC Published
• Mar 27, 2026 PoC Published
• Mar 28, 2026 EPSS Score
• Apr 18, 2026 PoC Published
• May 18, 2026 EPSS Score
• May 19, 2026 EPSS Score
• May 20, 2026 EPSS Score
• May 21, 2026 EPSS Score
• May 22, 2026 EPSS Score

References

• https://www.rfc-editor.org/rfc/rfc8017.html url
• https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp url
• https://datatracker.ietf.org/doc/html/rfc2313#section-8 url
• https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE url
• https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765 url
• https://nvd.nist.gov/vuln/detail/CVE-2026-33894 advisory
• https://github.com/digitalbazaar/forge package
• https://jira.mongodb.org/browse/SERVER-122032 advisory
• https://www.mongodb.com/docs/ops-manager/current/release-notes/application/#onprem-server-8.0.23 advisory
• https://jira.mongodb.org/browse/SERVER-120668 advisory
• https://jira.mongodb.org/browse/SERVER-122449 advisory
• https://jira.mongodb.org/browse/SERVER-126021 advisory