Missing Report of Error Condition in kube-logging-operator | CVE-2026-42246

Q: How to fix?

Upgrade Wolfi kube-logging-operator to version 6.5.0-r2 or higher.

Threat Intelligence

0.07% (21^st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-WOLFILATEST-KUBELOGGINGOPERATOR-16620233
published10 May 2026
disclosed9 May 2026

Report a new vulnerability Found a mistake?

Introduced: 9 May 2026

NewCVE-2026-42246 (opens in a new tab) CWE-392 (opens in a new tab) CWE-393 (opens in a new tab) CWE-636 (opens in a new tab) CWE-754 (opens in a new tab) CWE-841 (opens in a new tab)

How to fix?

Upgrade Wolfi kube-logging-operator to version 6.5.0-r2 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kube-logging-operator package and not the kube-logging-operator package as distributed by Wolfi. See How to fix? for Wolfi relevant fixed versions and status.

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4.

Missing Report of Error Condition Affecting kube-logging-operator package, versions <6.5.0-r2

Severity

Threat Intelligence

Do your applications use this vulnerable package?

Introduced: 9 May 2026

How to fix?

NVD Description

References