Omni

CVEs (3)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2026-45726	Omni Omni	hig	0.38	—	—	Jun 5, 2026	## Summary Omni supports importing standalone Talos clusters. During this process, an ImportedClusterSecrets resource is created, which contains the full CA secrets bundle for the cluster being imported. If these secrets are not rotated by the importing actor, an…
CVE-2026-45720	Omni Omni	hig	0.38	—	—	Jun 5, 2026	## Summary `SAML.getSession` (`internal/pkg/auth/interceptor/saml.go`) checks the `Used` flag on a `SAMLAssertion` resource and then marks it used in two separate state operations. Because the check and the update are not atomic, concurrent requests carrying the same…
CVE-2026-45723	Omni Omni	low	0.00	—	—	Jun 5, 2026	## Summary `managementServer.CreateSchematic` (`internal/backend/grpc/schematics.go`) passes the caller-controlled `TalosVersion` field directly to `imageFactoryClient.OverlaysVersions`, which embeds it verbatim into a `fmt.Sprintf("/version/%s/overlays/official",…

CVE-2026-45726higJun 5, 2026
Omni
Omni
risk 0.38cvss —epss —
## Summary Omni supports importing standalone Talos clusters. During this process, an ImportedClusterSecrets resource is created, which contains the full CA secrets bundle for the cluster being imported. If these secrets are not rotated by the importing actor, an…
CVE-2026-45720higJun 5, 2026
Omni
Omni
risk 0.38cvss —epss —
## Summary `SAML.getSession` (`internal/pkg/auth/interceptor/saml.go`) checks the `Used` flag on a `SAMLAssertion` resource and then marks it used in two separate state operations. Because the check and the update are not atomic, concurrent requests carrying the same…
CVE-2026-45723lowJun 5, 2026
Omni
Omni
risk 0.00cvss —epss —
## Summary `managementServer.CreateSchematic` (`internal/backend/grpc/schematics.go`) passes the caller-controlled `TalosVersion` field directly to `imageFactoryClient.OverlaysVersions`, which embeds it verbatim into a `fmt.Sprintf("/version/%s/overlays/official",…