CVE reports

The Common Vulnerabilities and Exposures (CVE) system is used to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. Canonical keeps track of all CVEs affecting Ubuntu, and releases a security notice when an issue is fixed. You can find additional guidance for high-profile vulnerabilities in the Ubuntu Vulnerability Knowledge Base section

Search CVEs

By Ubuntu release

Recent CVEs

CVE-2026-41651

High priority
Fixed

security update

1 affected package

packagekit

CVE-2026-31431

High priority
Vulnerable

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit...

157 affected packages

linux-hwe, linux-hwe-5.4, linux-hwe-5.8, linux-hwe-5.11, linux-hwe-5.13...

CVE-2026-1584

High priority
Not affected

A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key (PSK) binder value during the TLS handshake. This can...

1 affected package

gnutls28

CVE-2026-34197

High priority
Needs evaluation

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web...

1 affected package

activemq

CVE-2026-35535

High priority
Fixed

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.

1 affected package

sudo

Resources

Join the discussion

Ubuntu Pro

Up to 15 years of security coverage for Ubuntu and your full stack of open-source applications and toolchains.

Get Ubuntu Pro 30-day free trial

From our blog