VDB

GCVE-110-MAGEIA-2026-95

GCVE-110-MAGEIA-2026-95
Advisory Published
Vulnetix · Advisory published April 12, 2026
Request smuggling via invalid chunk extension. (CVE-2026-24880) Occasionally open redirect. (CVE-2026-25854) TLS cipher order is not preserved. (CVE-2026-29129) OCSP checks sometimes soft-fail even when soft-fail is disabled. (CVE-2026-29145) EncryptInterceptor vulnerable to padding oracle attack by default. (CVE-2026-29146) Fix for CVE-2025-66614 is incomplete. (CVE-2026-32990) Incomplete escaping of JSON access logs. (CVE-2026-34483) Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor. (CVE-2026-34486) Cloud membership for clustering component exposed the Kubernetes bearer token. (CVE-2026-34487) OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled. (CVE-2026-34500)

Affected Products

VendorProductVersionsPlatforms
Mageiatomcat0 (affected), 9.0.117-1.mga9 (unaffected)

Browse GCVE Records

72,664 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›