CVE reports

The Common Vulnerabilities and Exposures (CVE) system is used to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. Canonical keeps track of all CVEs affecting Ubuntu, and releases a security notice when an issue is fixed. You can find additional guidance for high-profile vulnerabilities in the Ubuntu Vulnerability Knowledge Base section

Search CVEs

By Ubuntu release

Recent CVEs

CVE-2026-46300

High priority
Needs evaluation

Fragnesia linux kernel local privilege escalation issue

157 affected packages

linux, linux-hwe, linux-hwe-5.4, linux-hwe-5.8, linux-hwe-5.11...

CVE-2026-45185

High priority

Some fixes available 4 of 8

A remotely reachable Use-After-Free (UAF) vulnerability has been identified in Exim's BDAT (binary data transmission) body parsing path when using the GnuTLS backend. This vulnerability can lead to heap corruption and potential...

1 affected package

exim4

CVE-2026-43500

High priority
Needs evaluation

rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present

157 affected packages

linux, linux-hwe, linux-hwe-5.4, linux-hwe-5.8, linux-hwe-5.11...

CVE-2026-43284

High priority
Needs evaluation

In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG...

157 affected packages

linux, linux-hwe, linux-hwe-5.4, linux-hwe-5.8, linux-hwe-5.11...

CVE-2026-23918

High priority
Fixed

Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

1 affected package

apache2

Resources

Join the discussion

Ubuntu Pro

Up to 15 years of security coverage for Ubuntu and your full stack of open-source applications and toolchains.

Get Ubuntu Pro 30-day free trial

From our blog