Package impact
Go / github.com/siderolabs/omni
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45726 | unknown | — | — | 14h ago | Omni: Reader-level users can retrieve imported cluster CA keys via ResourceService | |||
| CVE-2026-45723 | unknown | — | — | 14h ago | Omni: Operator can traverse image-factory API paths via unsanitized `talos_version` in CreateSchematic | |||
| CVE-2026-45720 | unknown | — | — | 14h ago | Omni has a TOCTOU race condition that allows multiple concurrent uses of a single-use SAML session token | |||
| CVE-2025-61688 | unknown | — | — | 8mo ago | Omni vulnerable to information leak via API in github.com/siderolabs/omni | |||
| CVE-2025-59836 | unknown | — | — | 8mo ago | Omni is Vulnerable to DoS via Empty Create/Update Resource Requests in github.com/siderolabs/omni | |||
| CVE-2025-59824 | unknown | — | — | 8mo ago | Omni Wireguard SideroLink potential escape in github.com/siderolabs/omni |