[From nobody Wed Apr 22 23:13:09 2026
Received: (at submit) by bugs.debian.org; 22 Apr 2026 09:45:30 +0000
X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02
 (2024-03-25) on buxtehude.debian.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.9 required=4.0 tests=BAYES_00, FOURLA,
 SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no
 version=4.0.1-bugs.debian.org_2005_01_02
X-Spam-Bayes: score:0.0000 Tokens: new, 115; hammy, 149; neutral, 86; spammy,
 1. spammytokens:0.978-+--products
 hammytokens:0.000-+--UD:security-tracker.debian.org,
 0.000-+--security-tracker.debian.org,
 0.000-+--securitytrackerdebianorg, 0.000-+--H*r:jmm,
 0.000-+--sk:team@se
Return-path: <jmm@inutil.org>
Received: from inutil.org ([51.38.114.215]:58952 helo=vps-b7ad3695.vps.ovh.net)
 by buxtehude.debian.org with esmtp (Exim 4.96)
 (envelope-from <jmm@inutil.org>) id 1wFU9C-009flZ-0B
 for submit@bugs.debian.org; Wed, 22 Apr 2026 09:45:30 +0000
Received: from soju.westfalen.local (p548dc5fc.dip0.t-ipconnect.de
 [84.141.197.252])
 by vps-b7ad3695.vps.ovh.net (Postfix) with ESMTPSA id 0D3D9164
 for <submit@bugs.debian.org>; Wed, 22 Apr 2026 09:45:26 +0000 (UTC)
Received: from jmm by soju.westfalen.local with local (Exim 4.99.1)
 (envelope-from <jmm@soju.westfalen.local>) id 1wFU97-00000002Xmm-2HXV
 for submit@bugs.debian.org; Wed, 22 Apr 2026 11:45:25 +0200
Date: Wed, 22 Apr 2026 11:45:25 +0200
To: submit@bugs.debian.org
Subject: mysql-8.0: CVE-2026-34267 CVE-2026-35236 CVE-2026-35237
 CVE-2026-35238 CVE-2026-35239 CVE-2026-35240 CVE-2026-34270 CVE-2026-34271
 CVE-2026-34276 CVE-2026-34278 CVE-2026-34293 CVE-2026-34303 CVE-2026-34304
 CVE-2026-34308 CVE-2026-34317 CVE-2026-34318 CVE-2026-34319 CVE-2026-22004
 CVE-2026-22005 CVE-2026-22009 CVE-2026-22015 CVE-2026-22017 CVE-2026-21998
 CVE-2026-22001 CVE-2026-22002
Message-ID: <aeiYtXw0PorqnVRw@pisco.westfalen.local>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
From: =?UTF-8?Q?Moritz_M=C3=BChlenhoff?= <jmm@inutil.org>
Delivered-To: submit@bugs.debian.org

Source: mysql-8.0
X-Debbugs-CC: team@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerabilities were published for mysql-8.0.

CVE-2026-34267[0]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Optimizer).  Supported versions that are
| affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows
| high privileged attacker with network access via multiple protocols
| to compromise MySQL Server.  Successful attacks of this
| vulnerability can result in unauthorized ability to cause a hang or
| frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1
| Base Score 4.9 (Availability impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).


CVE-2026-35236[1]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: InnoDB).  Supported versions that are affected are
| 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server.  Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS
| Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).


CVE-2026-35237[2]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: InnoDB).  Supported versions that are affected are
| 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server.  Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS
| Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).


CVE-2026-35238[3]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: InnoDB).  Supported versions that are affected are
| 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server.  Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS
| Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).


CVE-2026-35239[4]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: DML).  Supported versions that are affected are
| 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server.  Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS
| Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).


CVE-2026-35240[5]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Optimizer).  Supported versions that are
| affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily
| exploitable vulnerability allows high privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
| impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).


CVE-2026-34270[6]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Group Replication Plugin).  Supported versions
| that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0.
| Easily exploitable vulnerability allows low privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability
| impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).


CVE-2026-34271[7]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Group Replication Plugin).  Supported versions
| that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0.
| Easily exploitable vulnerability allows low privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability
| impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).


CVE-2026-34276[8]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Group Replication Plugin).  Supported versions
| that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0.
| Easily exploitable vulnerability allows low privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability
| impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).


CVE-2026-34278[9]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Optimizer).  Supported versions that are
| affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows
| high privileged attacker with network access via multiple protocols
| to compromise MySQL Server.  Successful attacks of this
| vulnerability can result in unauthorized ability to cause a hang or
| frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1
| Base Score 4.9 (Availability impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).


CVE-2026-34293[10]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: DML).  Supported versions that are affected are
| 8.0.0-8.0.45. Easily exploitable vulnerability allows high
| privileged attacker with network access via multiple protocols to
| compromise MySQL Server.  Successful attacks of this vulnerability
| can result in unauthorized ability to cause a hang or frequently
| repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score
| 4.9 (Availability impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).


CVE-2026-34303[11]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Optimizer).  Supported versions that are
| affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily
| exploitable vulnerability allows low privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability
| impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).


CVE-2026-34304[12]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: InnoDB).  Supported versions that are affected are
| 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server.  Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS
| Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).


CVE-2026-34308[13]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: JSON).  Supported versions that are affected are
| 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily exploitable
| vulnerability allows low privileged attacker with network access via
| multiple protocols to compromise MySQL Server.  Successful attacks
| of this vulnerability can result in unauthorized ability to cause a
| hang or frequently repeatable crash (complete DOS) of MySQL Server.
| CVSS 3.1 Base Score 6.5 (Availability impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).


CVE-2026-34317[14]:
| Vulnerability in the MySQL Shell product of Oracle MySQL (component:
| Shell: Core Client).  Supported versions that are affected are
| 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily exploitable
| vulnerability allows low privileged attacker with logon to the
| infrastructure where MySQL Shell executes to compromise MySQL Shell.
| Successful attacks require human interaction from a person other
| than the attacker. Successful attacks of this vulnerability can
| result in unauthorized ability to cause a hang or frequently
| repeatable crash (complete DOS) of MySQL Shell. CVSS 3.1 Base Score
| 5.0 (Availability impacts).  CVSS Vector:
| (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H).


CVE-2026-34318[15]:
| Vulnerability in the MySQL Shell product of Oracle MySQL (component:
| Shell: Core Client).  Supported versions that are affected are
| 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Difficult to exploit
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Shell.  While the
| vulnerability is in MySQL Shell, attacks may significantly impact
| additional products (scope change).  Successful attacks of this
| vulnerability can result in  unauthorized access to critical data or
| complete access to all MySQL Shell accessible data. CVSS 3.1 Base
| Score 5.8 (Confidentiality impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N).


CVE-2026-34319[16]:
| Vulnerability in the MySQL Shell product of Oracle MySQL (component:
| Shell: Core Client).  Supported versions that are affected are
| 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily exploitable
| vulnerability allows low privileged attacker with logon to the
| infrastructure where MySQL Shell executes to compromise MySQL Shell.
| Successful attacks require human interaction from a person other
| than the attacker. Successful attacks of this vulnerability can
| result in unauthorized ability to cause a hang or frequently
| repeatable crash (complete DOS) of MySQL Shell. CVSS 3.1 Base Score
| 5.0 (Availability impacts).  CVSS Vector:
| (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H).


CVE-2026-22004[17]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: InnoDB).  Supported versions that are affected are
| 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server.  Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS
| Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).


CVE-2026-22005[18]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Optimizer).  Supported versions that are
| affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily
| exploitable vulnerability allows high privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
| impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).


CVE-2026-22009[19]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Optimizer).  Supported versions that are
| affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily
| exploitable vulnerability allows low privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability
| impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).


CVE-2026-22015[20]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Information Schema).  Supported versions that
| are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily
| exploitable vulnerability allows low privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in  unauthorized
| read access to a subset of MySQL Server accessible data. CVSS 3.1
| Base Score 4.3 (Confidentiality impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).


CVE-2026-22017[21]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Optimizer).  Supported versions that are
| affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily
| exploitable vulnerability allows low privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability
| impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).


CVE-2026-21998[22]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Optimizer).  Supported versions that are
| affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily
| exploitable vulnerability allows high privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
| impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).


CVE-2026-22001[23]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Information Schema).  Supported versions that
| are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily
| exploitable vulnerability allows high privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in  unauthorized
| read access to a subset of MySQL Server accessible data. CVSS 3.1
| Base Score 2.7 (Confidentiality impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).


CVE-2026-22002[24]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Optimizer).  Supported versions that are
| affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily
| exploitable vulnerability allows high privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
| impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-34267
    https://www.cve.org/CVERecord?id=CVE-2026-34267
[1] https://security-tracker.debian.org/tracker/CVE-2026-35236
    https://www.cve.org/CVERecord?id=CVE-2026-35236
[2] https://security-tracker.debian.org/tracker/CVE-2026-35237
    https://www.cve.org/CVERecord?id=CVE-2026-35237
[3] https://security-tracker.debian.org/tracker/CVE-2026-35238
    https://www.cve.org/CVERecord?id=CVE-2026-35238
[4] https://security-tracker.debian.org/tracker/CVE-2026-35239
    https://www.cve.org/CVERecord?id=CVE-2026-35239
[5] https://security-tracker.debian.org/tracker/CVE-2026-35240
    https://www.cve.org/CVERecord?id=CVE-2026-35240
[6] https://security-tracker.debian.org/tracker/CVE-2026-34270
    https://www.cve.org/CVERecord?id=CVE-2026-34270
[7] https://security-tracker.debian.org/tracker/CVE-2026-34271
    https://www.cve.org/CVERecord?id=CVE-2026-34271
[8] https://security-tracker.debian.org/tracker/CVE-2026-34276
    https://www.cve.org/CVERecord?id=CVE-2026-34276
[9] https://security-tracker.debian.org/tracker/CVE-2026-34278
    https://www.cve.org/CVERecord?id=CVE-2026-34278
[10] https://security-tracker.debian.org/tracker/CVE-2026-34293
    https://www.cve.org/CVERecord?id=CVE-2026-34293
[11] https://security-tracker.debian.org/tracker/CVE-2026-34303
    https://www.cve.org/CVERecord?id=CVE-2026-34303
[12] https://security-tracker.debian.org/tracker/CVE-2026-34304
    https://www.cve.org/CVERecord?id=CVE-2026-34304
[13] https://security-tracker.debian.org/tracker/CVE-2026-34308
    https://www.cve.org/CVERecord?id=CVE-2026-34308
[14] https://security-tracker.debian.org/tracker/CVE-2026-34317
    https://www.cve.org/CVERecord?id=CVE-2026-34317
[15] https://security-tracker.debian.org/tracker/CVE-2026-34318
    https://www.cve.org/CVERecord?id=CVE-2026-34318
[16] https://security-tracker.debian.org/tracker/CVE-2026-34319
    https://www.cve.org/CVERecord?id=CVE-2026-34319
[17] https://security-tracker.debian.org/tracker/CVE-2026-22004
    https://www.cve.org/CVERecord?id=CVE-2026-22004
[18] https://security-tracker.debian.org/tracker/CVE-2026-22005
    https://www.cve.org/CVERecord?id=CVE-2026-22005
[19] https://security-tracker.debian.org/tracker/CVE-2026-22009
    https://www.cve.org/CVERecord?id=CVE-2026-22009
[20] https://security-tracker.debian.org/tracker/CVE-2026-22015
    https://www.cve.org/CVERecord?id=CVE-2026-22015
[21] https://security-tracker.debian.org/tracker/CVE-2026-22017
    https://www.cve.org/CVERecord?id=CVE-2026-22017
[22] https://security-tracker.debian.org/tracker/CVE-2026-21998
    https://www.cve.org/CVERecord?id=CVE-2026-21998
[23] https://security-tracker.debian.org/tracker/CVE-2026-22001
    https://www.cve.org/CVERecord?id=CVE-2026-22001
[24] https://security-tracker.debian.org/tracker/CVE-2026-22002
    https://www.cve.org/CVERecord?id=CVE-2026-22002

Please adjust the affected versions in the BTS as needed.
]