CVE-2026-21726

ADVISORY - github

Summary

The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/{namespace}

Thanks to Prasanth Sundararajan for reporting this vulnerability.

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-noinfo⁠

ADVISORY - github

CWE-601⁠

URL Redirection to Untrusted Site ('Open Redirect')

Impacted images

Advisories

NIST

CREATED

1 day ago

UPDATED

1 day ago

ADVISORY IDCVE-2026-21726⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-noinfo⁠

CVSS SCORE

5.3medium

GitHub

CREATED

1 day ago

UPDATED

5 hours ago

ADVISORY IDGHSA-497x-rrr9-68jp⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-601⁠

CVSS SCORE

5.3medium