[Git][security-tracker-team/security-tracker][master] Add CVE-2026-26278/node-webfont
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Feb 19 21:18:21 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d4ad3d1a by Salvatore Bonaccorso at 2026-02-19T22:17:34+01:00
Add CVE-2026-26278/node-webfont
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -87,7 +87,10 @@ CVE-2026-26318 (systeminformation is a System and OS information library for nod
CVE-2026-26280 (systeminformation is a System and OS information library for node.js. ...)
NOT-FOR-US: systeminformation Node.js module
CVE-2026-26278 (fast-xml-parser allows users to validate XML, parse XML to JS object, ...)
- TODO: check
+ - node-webfont <undetermined>
+ NOTE: https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-jmr7-xgp7-cmfj
+ NOTE: Fixed by: https://github.com/NaturalIntelligence/fast-xml-parser/commit/910dae5be2de2955e968558fadf6e8f74f117a77 (v5.3.6)
+ NOTE: node-webfont provides node-fast-xml-parser
CVE-2026-26267 (soroban-sdk is a Rust SDK for Soroban contracts. Prior to versions 22. ...)
NOT-FOR-US: soroban-sdk
CVE-2026-26223 (SPIP before 4.4.8 allows Cross-Site Scripting (XSS) in the private are ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4ad3d1a0c2b0e05141bcd9d8eb87e523eaa55c8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4ad3d1a0c2b0e05141bcd9d8eb87e523eaa55c8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260219/83f6d40a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list