CLEANSTART-2026-DU32240

See a problem?
Import Source
https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-DU32240.json
JSON Data
https://api.test.osv.dev/v1/vulns/CLEANSTART-2026-DU32240
Upstream
  • ghsa-34x7-hfp2-rc4v
  • ghsa-5359-pvf2-pw78
  • ghsa-73rr-hh4g-fpgx
  • ghsa-8qq5-rm4j-mr97
  • ghsa-r6q2-hw4h-h46w
Published
2026-04-01T09:57:23.228226Z
Modified
2026-04-01T18:47:37.777213Z
Summary
Security fixes for CVE-2026-2391, CVE-2026-26960, CVE-2026-29786, CVE-2026-31802, ghsa-34x7-hfp2-rc4v, ghsa-5359-pvf2-pw78, ghsa-73rr-hh4g-fpgx, ghsa-8qq5-rm4j-mr97, ghsa-r6q2-hw4h-h46w applied in versions: 4.2.1.1-r1, 4.2.1.1-r2, 4.3.0.1-r0, 4.3.1-r0
Details

Multiple security vulnerabilities affect the thingsboard-tb-web-ui package. These issues are resolved in later releases. See references for individual vulnerability details.

References

Affected packages

CleanStart / thingsboard-tb-web-ui

Package

Name
thingsboard-tb-web-ui

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.1-r0

Database specific

source 
"https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-DU32240.json"