VYPR

apk package

chainguard/rke2-runtime-fips-kube-scheduler-1.36

pkg:apk/chainguard/rke2-runtime-fips-kube-scheduler-1.36

Vulnerabilities (23)

  • CVE-2026-39828MedMay 22, 2026
    affected < 0fixed 0

    When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with Par

  • CVE-2026-39827MedMay 22, 2026
    affected < 0fixed 0

    An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state

  • CVE-2026-33814HigMay 7, 2026
    affected < 1.36.1.2.2-r1fixed 1.36.1.2.2-r1

    When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.

Page 2 of 2