These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A critical SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3. This vulnerability, tracked as CVE-2026-45779, allows an unauthenticated remote attacker to execute arbitrary SQL statements, potentially leading to complete compromise of the underlying database. The issue was discovered on 2023-08-03 and patched on 2023-08-04. All deployments of Open XDMoD prior to 10.0.3 are impacted. [truncated]
CVE-2026-45778 is a high-severity vulnerability in Open XDMoD, a framework for collecting and analyzing HPC metrics. An authenticated attacker can inject malicious JavaScript into their Open XDMoD user profile and abuse the password reset functionality to email a link to an HTML page. When visited by the victim, the page reflects and executes the unsanitized payload in the victim's browser, potentially le [truncated]
CVE-2026-45777 is a critical vulnerability in Open XDMoD, a framework for collecting and analyzing HPC metrics. The issue, with a CVSS score of 9.3, allows an attacker to remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This could enable an attacker to read or modify application data, alter system configuration, or disrupt servi [truncated]
CVE-2026-45776 is a medium-severity vulnerability in Open XDMoD, a framework for collecting and analyzing HPC metrics. A flaw in its access control logic allows an attacker to bypass intended data access restrictions and view other users' compute job efficiency metrics if the optional Job Performance (SUPReMM) module is installed. The vulnerability was patched in Open XDMoD version 11.0.3.