Msrc Cbl2 Qt5-Qtbase 5.12.11-19 On Cbl Mariner 2.0 vulnerabilities

CVE-2026-4746 [CRITICAL] CWE-787 Heap Buffer Over-Write Vulenrabilty in timeplus-io/proton Heap Buffer Over-Write Vulenrabilty in timeplus-io/proton Mariner: Mariner GovTech CSG: GovTech CSG Customer Action Required: Yes

CVE-2026-23865 [MEDIUM] CWE-125 An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tab An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14

CVE-2026-22693 [MEDIUM] CWE-476 Null Pointer Dereference in SubtableUnicodesCache::create leading to DoS Null Pointer Dereference in SubtableUnicodesCache::create leading to DoS Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade