cbcvebase.
CVE-2026-42507
published 2026-06-02

CVE-2026-42507: When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading…

PriorityP428medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.37%
28.9th percentile
When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged.

Affected

114 ranges· showing 25
VendorProductVersion rangeFixed in
3scale-amp23scale-rhel7-operator
3scale-amp23scale-rhel9-operator
advanced-cluster-securityrhacs-main-rhel8
ansible-automation-platform-26receptor-rhel9
ansible-automation-platform-27receptor-rhel9
ansible-automation-platformplatform-operator-bundle
apicurioapicurio-registry-rhel8-operator
apicurioapicurio-registry-rhel9-operator
build-of-trusteetrustee-rhel9-operator
buildah_projectbuildah
cert-managerjetstack-cert-manager-rhel9
complianceopenshift-compliance-operator-bundle
complianceopenshift-selinuxd-rhel8
confidential-containerstrustee
container-native-virtualizationkubevirt-apiserver-proxy-rhel9
container-tools_rhel8buildah
container-tools_rhel8conmon
container-tools_rhel8containernetworking-plugins
container-tools_rhel8podman
container-tools_rhel8skopeo
container-tools_rhel8toolbox
cryostatcryostat-storage-rhel9
devspacesudi-rhel9
devworkspacedevworkspace-rhel9-operator
dvodeployment-validation-rhel8-operator

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.