SB2026042288 - Multiple vulnerabilities in Communications Unified Assurance
Published: April 22, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 23 secuirty vulnerabilities.
1) Resource exhaustion (CVE-ID: CVE-2025-58181)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when parsing GSSAPI authentication requests. A remote attacker can send specially crafted GSSAPI authentication requests to the application, trigger resource exhaustion and perform a denial of service (DoS) attack.
2) Out-of-bounds write (CVE-ID: CVE-2025-27821)
The vulnerability allows a local user to crash the application.
The vulnerability exists due to a boundary error in the URI parser within the HDFS native client. A local user can pass a specially crafted URI to the application and perform a denial of service attack.
3) Path manipulation (CVE-ID: CVE-2026-21637)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper error handling in _tls_wrap.js when processing TLS SNI handshake requests. A remote attacker can send a specially crafted request with unexpected servername input to cause an uncaught exception, crashing the Node.js process.
Exploitation occurs during TLS handshake when SNICallback is configured and throws synchronously.
4) Improper authorization (CVE-ID: CVE-2026-24734)
The vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to incomplete OCSP verification checks. When using an OCSP responder, Tomcat's FFM integration with OpenSSL does not complete verification or freshness checks on the OCSP response. A remote attacker can bypass certificate revocation and gain unauthorized access to the application.
5) Insufficient verification of data authenticity (CVE-ID: CVE-2026-26007)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), EllipticCurvePublicNumbers.public_key(), load_der_public_key() and load_pem_public_key() functions do not verify that the point belongs to the expected prime-order subgroup of the curve. A remote attacker can provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor > 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup.
6) Out-of-bounds read (CVE-ID: CVE-2025-9086)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition when reading cookie path. A malicious server can set a specially crafted cookie path using the secure keyword, trigger an out-of-bounds read error and crash the application.
7) Protection Mechanism Failure (CVE-ID: CVE-2025-41248)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to the annotation detection mechanism does not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. A remote attacker can gain access to sensitive information.
8) Protection Mechanism Failure (CVE-ID: CVE-2025-41249)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to the annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. A remote attacker can gain access to sensitive information.
9) Resource exhaustion (CVE-ID: CVE-2025-58057)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in BrotliDecoder and some other decompressing decoders. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
10) Improper validation of certificate with host mismatch (CVE-ID: CVE-2025-68161)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to the Socket Appender does not perform TLS hostname verification of the peer certificate, even when the "verifyHostName" configuration attribute or the "log4j2.sslVerifyHostName" system property is set to true. A remote attacker can perform MitM attack and intercept or redirect the log traffic.
11) Out-of-bounds write (CVE-ID: CVE-2025-9230)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when trying to decrypt CMS messages encrypted using password based encryption. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
Successful exploitation of the vulnerability requires that password based (PWRI) encryption support in CMS messages is enabled.
12) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2025-66418)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to missing limits on the number of links in the decompression chain when handling gzip or zstd data in the server response. A malicious server can send a response with a large amount of links and cause high CPU load, leading to a denial of service condition.
13) Resource exhaustion (CVE-ID: CVE-2025-15284)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the arrayLimit option does not enforce limits for bracket notation (a[]=1&a[]=2). A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
14) Link following (CVE-ID: CVE-2024-45339)
The vulnerability allows a local user to overwrite arbitrary files on the system.
The vulnerability exists due to insecure link following when writing log files. A local user can point a symbolic link to a critical file on the system and overwrite it with the log data.
15) Improper input validation (CVE-ID: CVE-2025-52967)
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Core (mlflow) component in Oracle Communications Unified Assurance. A remote privileged user can exploit this vulnerability to execute arbitrary code.
16) Integer overflow (CVE-ID: CVE-2026-25210)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the doContent() function. A remote attacker can pass specially crafted XML data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
17) Stack-based buffer overflow (CVE-ID: CVE-2025-68615)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the SnmpTrapd service. A remote unauthenticated attacker can send specially crafted input to port 162/UDP, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
18) Incorrect calculation (CVE-ID: CVE-2025-5372)
The vulnerability allows a remote user to perform MitM attack.
The vulnerability exist due to incorrect calculation within the ssh_kdf() function responsible for key derivation when built with OpenSSL versions older than 3.0. A remote user can compromise the integrity of the SSH session.
19) Code Injection (CVE-ID: CVE-2026-3288)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation where the "nginx.ingress.kubernetes.io/rewrite-target" Ingress annotation can be used to inject configuration into nginx. A remote user can inject and execute arbitrary code in the context of the ingress-nginx controller.
20) Code Injection (CVE-ID: CVE-2025-33042)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability occurs when generating specific records from untrusted Avro schemas. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
21) Improper authorization (CVE-ID: CVE-2026-22022)
The vulnerability allows a remote user to bypass implemented security restrictions.
The vulnerability exists due to improper input validation in the Rule Based Authorization Plugin. A remote authenticated user can bypass certain "predefined permission" rules in the RuleBasedAuthorizationPlugin under specific configurations and gain unauthorized access to the application.
22) Improper Output Neutralization for Logs (CVE-ID: CVE-2025-55754)
The vulnerability allows a remote attacker to execute arbitrary OS commands.
The vulnerability exists due to improper input validation of ANSI escape sequences in log messages. A remote attacker can use a crafted URL to inject ANSI escape sequences to manipulate the console and the clip-boardand potentially execute arbitrary code.
The vulnerability affects Windows installations only.
23) Code Injection (CVE-ID: CVE-2025-48913)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation when handling JMS configuration. A remote user can pass specially crafted configuration file to the application and execute arbitrary code on the target system.
Remediation
Install update from vendor's website.