Integer Overflow or Wraparound Affecting fluxcd-source-controller package, versions <1.9.0-r0


Severity

Recommended
0.0
high
0
10

Snyk's Security Team recommends NVD's CVSS assessment. Learn more

Threat Intelligence

EPSS
1.03% (59th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-MINIMOSLATEST-FLUXCDSOURCECONTROLLER-17376813
  • published19 Jun 2026
  • disclosed24 Apr 2026

Introduced: 24 Apr 2026

CVE-2026-32952  (opens in a new tab)
CWE-190  (opens in a new tab)

How to fix?

Upgrade Minimos:latest fluxcd-source-controller to version 1.9.0-r0 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream fluxcd-source-controller package and not the fluxcd-source-controller package as distributed by Minimos. See How to fix? for Minimos:latest relevant fixed versions and status.

go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue.

CVSS Base Scores

version 3.1