VIR Vulnerability Intelligence Relay

CVE-2026-11852

medium
Published 2026-06-10 Β· Modified 2026-06-10
πŸ’¬ Discuss on Community ✚ Propose mitigation
CVSS v3
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVSS v4 NEW
β€”
not yet in upstream
VIR risk
6.5

Description

Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relationships between artifacts enforced no permissions checks beyond being able to see the artifacts in question.

Predictions

Exploit likelihood
75%
Patch ETA
β€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Debian Security Tracker Β· View original β†— Β· DFSG

CVE-2026-11852 NameCVE-2026-11852 SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) Vulnerable and fixed packages The table below lists information on source packages. Source PackageReleaseVersionStatus debusine (PTS)trixie0.11.3vulnerable forky, sid0.14.9fixed The information below is…

CVE-2026-11852

NameCVE-2026-11852
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
debusine (PTS)trixie0.11.3vulnerable
forky, sid0.14.9fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
debusinesource(unstable)0.14.6

Notes

[trixie] - debusine <no-dsa> (Will be fixed via point release)
https://salsa.debian.org/freexian-team/debusine/-/work_items/1499
https://salsa.debian.org/freexian-team/debusine/-/merge_requests/2836
https://salsa.debian.org/freexian-team/debusine/-/commit/98104f46dc546a27a0326d5ef728ac7f426c430a

Home - Debian Security - Source (Git)

Apply commands

text fix
Notes
[trixie] - debusine <no-dsa> (Will be fixed via point release)https://salsa.debian.org/freexian-team/debusine/-/work_items/1499https://salsa.debian.org/freexian-team/debusine/-/merge_requests/2836https://salsa.debian.org/freexian-team/debusine/-/commit/98104f46dc546a27a0326d5ef728ac7f426c430a

OS impact
debian Debian Mixed 3 releases
VersionStatusFixed in
trixie Affected β€”
sid Fixed 0.14.6
forky Fixed 0.14.6

References

CWEs

CWE-862

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.