These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A directory traversal vulnerability exists in Northern.tech Mender Server versions v4.1.0, v4.0.1 and below. The issue has been remediated in versions v4.1.1 and v4.0.2. Directory traversal vulnerabilities typically allow attackers to access files and directories stored outside the intended web root folder, potentially exposing sensitive configuration files, source code, or system files. The vulnerability [truncated]
CVE-2026-33552 is an incorrect access control vulnerability affecting Northern.tech Mender Enterprise Server versions prior to 4.1.1. The vulnerability was published on 2026-05-27. According to the vendor's advisory, this issue relates to access control weaknesses in the Mender Server platform alongside a related input sanitization vulnerability (CVE-2026-49009). The incorrect access control classificatio [truncated]
A cryptographic signature verification bypass vulnerability exists in Northern.tech Mender Client versions 5.0.0 through 5.0.3. The flaw allows an attacker to bypass signature validation mechanisms, potentially enabling the installation of unauthorized or malicious software updates on affected IoT/embedded devices. Mender is an open-source over-the-air (OTA) software update manager for embedded Linux devi [truncated]
A command injection vulnerability in Northern.tech CFEngine Enterprise and Community allows unauthenticated remote attackers to execute arbitrary commands on affected systems. The vulnerability stems from improper neutralization of special elements used in OS commands (CWE-77). Affected versions include all Enterprise and Community editions prior to 3.21.8, versions 3.24.0 through 3.24.2, and version 3.26 [truncated]
Northern.tech CFEngine Enterprise contains an incorrect access control vulnerability (CWE-284) affecting multiple versions prior to 3.21.8, 3.24.3, and 3.27.0. The vulnerability, published on 2026-05-14 and last modified on 2026-05-19, has a CVSS 3.1 score of 5.3 (Medium severity) with a vector of AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating network-based attack vector with low attack complexity, no pr [truncated]
A cross-site scripting (XSS) vulnerability exists in Northern.tech CFEngine Enterprise versions prior to 3.21.8, 3.24.3, and 3.27.0. The vulnerability, published on 2026-05-14 and last modified on 2026-05-19, allows attackers to inject malicious scripts into web pages viewed by other users. With a CVSS 3.1 score of 6.1 (MEDIUM severity), the attack vector is network-based with low attack complexity, requi [truncated]