VulncastBriefing archive

Daily Brief - 2026-06-30

· 4 vulnerabilities · 6 min listen

▶ Listen to this briefing

CVE-2026-12912

high · CVSS 7.3 · libtiff libtiff

A flaw was found in libtiff. A remote attacker could exploit this vulnerability by providing a specially crafted PixarLog-compressed TIFF image. This issue occurs when decoding Pixarlog codec images with the PIXARLOGDATAFMT_8BITABGR output format and a specific stride value, leading to a heap-based buffer overflow. This could potentially result in arbitrary code execution or a denial of service (DoS).

  • Heap-Based Buffer Overflow
  • Remote Code Execution
  • image processing
  • c library

CVE-2026-13763

critical · CVSS 9.8 · Amazon Web Services Application Load Balancer

Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via crafted HTTP/2 requests that fragment the request body across frames so that only a partial body is inspected. This issue only impacts HTTP/2 ALB target groups. To remediate this issue, customers should enable the "Inspect after sufficient data" target group configuration associated to an ALB load balancer. Refer to: ( https://docs.aws.amazon.com/elasticloadbalancing/latest/application/edit-target-group-attributes.html#waf-http2-inspection )

  • Web Application Firewall Bypass
  • http/2
  • web application firewall
  • load balancing

CVE-2026-25707

high · CVSS 8.8 · SUSE libzypp

A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation.

  • Path Traversal
  • Privilege Escalation
  • Denial of Service
  • linux package manager
  • repository management

CVE-2026-55957

Apache Tomcat

Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.4, from 10.1.0-M1 through 10.1.36, from 9.0.0.M1 through 9.0.100, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Users are recommended to upgrade to version 11.0.5, 10.1.37 or 9.0.101, which fixes the issue.

  • Authentication Bypass
  • web application server
  • java