Package impact
Go / github.com/siderolabs/omni
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45726 | unknown | — | — | 19h ago | Omni: Reader-level users can retrieve imported cluster CA keys via ResourceService | |||
| CVE-2026-45723 | unknown | — | — | 19h ago | Omni: Operator can traverse image-factory API paths via unsanitized `talos_version` in CreateSchematic | |||
| CVE-2026-45720 | unknown | — | — | 19h ago | Omni has a TOCTOU race condition that allows multiple concurrent uses of a single-use SAML session token |