CVE-2026-21726

ADVISORY - github

Summary

The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/{namespace}

Thanks to Prasanth Sundararajan for reporting this vulnerability.

EPSS Score⁠: 0.00015 (0.033)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-22⁠

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADVISORY - github

CWE-601⁠

URL Redirection to Untrusted Site ('Open Redirect')

Impacted images

Advisories

NIST

CREATED

7 days ago

UPDATED

2 days ago

ADVISORY IDCVE-2026-21726⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-22⁠

CVSS SCORE

5.3medium

GitHub

CREATED

7 days ago

UPDATED

6 days ago

ADVISORY IDGHSA-497x-rrr9-68jp⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-601⁠

CVSS SCORE

5.3medium

Alpine

CREATED

2 days ago

UPDATED

2 days ago

ADVISORY IDCVE-2026-21726⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

6 hours ago

UPDATED

6 hours ago

ADVISORY ID

CGA-w6q8-cj25-57rp

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

5 days ago

UPDATED

5 days ago

ADVISORY ID

MINI-2hgx-gh8q-r66m

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

5 days ago

UPDATED

5 days ago

ADVISORY ID

MINI-5hwp-xm7h-33rf

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

5 days ago

UPDATED

5 days ago

ADVISORY ID

MINI-9cjh-8h5h-6r8p

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

5 days ago

UPDATED

5 days ago

ADVISORY ID

MINI-9xj5-w7rv-r3qg

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

5 days ago

UPDATED

5 days ago

ADVISORY ID

MINI-cqcr-qgp9-5wpc

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

5 days ago

UPDATED

5 days ago

ADVISORY ID

MINI-gxrj-9mrw-r8cm

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

5 days ago

UPDATED

5 days ago

ADVISORY ID

MINI-m2cj-h79x-rhgc

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

5 days ago

UPDATED

5 days ago

ADVISORY ID

MINI-qfm4-fp5v-2m77

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

5 days ago

UPDATED

5 days ago

ADVISORY ID

MINI-v89m-7wq7-f559

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY