CLEANSTART-2026-VN28553

Import Source

https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-VN28553.json

JSON Data

https://api.test.osv.dev/v1/vulns/CLEANSTART-2026-VN28553

Upstream

CVE-2026-1605

CVE-2026-22732

CVE-2026-24281

CVE-2026-33870

CVE-2026-33871

CVE-2026-3505

CVE-2026-5588

ghsa-2m67-wjpj-xhg9

ghsa-355h-qmc2-wpwf

ghsa-3677-xxcr-wjqv

ghsa-72hv-8253-57qq

ghsa-c3fc-8qff-9hwx

ghsa-cj8j-37rh-8475

ghsa-qqpg-mvqg-649v

ghsa-wg6q-6289-32hp

ghsa-x2wq-9x2f-fhj7

ghsa-x44p-gvrj-pj2r

Published

2026-04-30T00:39:26.941756Z

Modified

2026-05-20T18:15:21.004516815Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc

Details

Multiple security vulnerabilities affect the apache-nifi package. Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. See references for individual vulnerability details.

References

Affected packages

CleanStart / apache-nifi

Package

Name: apache-nifi

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.0-r0

Database specific

source

"https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-VN28553.json"