PT-2026-42717 · Opensuse+10 · Alloy+56
Maciej Kawka
·
Published
2026-05-22
·
Updated
2026-07-09
·
CVE-2026-46597
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
The product name cannot be determined (affected versions not specified)
Description
An incorrectly placed cast from bytes to int in the AES-GCM packet decoder allows for a server-side panic when processing well-crafted inputs. A server-side panic is a critical error that causes the application to crash unexpectedly.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Incorrect Type Conversion or Cast
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alloy
Amazon-Ssm-Agent
Apko
Apptainer
Argo Cd
Argo Workflows
Buildah
Cadvisor
Calico
Calicoctl
Cert-Manager
Cilium-Cli
Kubernetes Containerd
Cortex
Cosign
Crypto++
Distribution
Docker-Cli-Buildx
Elastic-Beats
Elemental-Toolkit
Etcd
External-Secrets
Git-Bug
Golang-Go.Crypto
Golang.Org/X/Crypto
Golang.Org/X/Crypto/Ssh
Google-Guest-Agent
Google-Osconfig-Agent
Gostatsd
Grype
Hauler
Helm
Helm-Operator
Istio
Kube-State-Metrics
Kube-Vip
Kubernetes-Csi-External-Provisioner-Fips
Kubernetes-Csi-External-Snapshotter-Fips
Lxd
Mcphost
Memcached-Exporter
Mongodb
Nats-Streaming
Osv-Scanner
Percona-Server-Mongodb-Operator
Podman
Prometheus-Mysqld-Exporter
Rclone
Rootio-Golang.Org/X/Crypto
Sealed-Secrets
Skopeo
Snapd
Spice-Server
Spire-Server-Fips
Trivy
Vault
Velociraptor