Detections
Analytics

Linux Distros Unpatched Vulnerability : CVE-2026-4800

critical Nessus Plugin ID 304625

Language:

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Impact: The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not apply the same validation to options.imports key names.
 Both paths flow into the same Function() constructor sink. When an application passes untrusted input as options.imports key names, an attacker can inject default-parameter expressions that execute arbitrary code at template compilation time. Additionally, _.template uses assignInWith to merge imports, which enumerates inherited properties via for..in. If Object.prototype has been polluted by any other vector, the polluted keys are copied into the imports object and passed to Function(). Patches: Users should upgrade to version 4.18.0. Workarounds: Do not pass untrusted input as key names in options.imports. Only use developer-controlled, static key names. (CVE-2026-4800)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

See Also

https://access.redhat.com/security/cve/cve-2026-4800

https://security-tracker.debian.org/tracker/CVE-2026-4800

https://ubuntu.com/security/CVE-2026-4800

Plugin Details

Severity: Critical

ID: 304625

File Name: unpatched_CVE_2026_4800.nasl

Version: 1.14

Type: Local

Agent: unix

Family: Misc.

Published: 4/2/2026

Updated: 4/21/2026

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2026-4800

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:U/RC:C

Vulnerability Information

CPE: cpe:/o:debian:debian_linux:11.0, p-cpe:/a:centos:centos:librados2, cpe:/o:canonical:ubuntu_linux:20.04:-:lts, cpe:/o:canonical:ubuntu_linux:24.04:-:lts, p-cpe:/a:centos:centos:sgx-libs, p-cpe:/a:redhat:enterprise_linux:tdx-qgs, p-cpe:/a:redhat:enterprise_linux:pcs, p-cpe:/a:centos:centos:gjs, p-cpe:/a:redhat:enterprise_linux:cockpit-ws-selinux, p-cpe:/a:centos:centos:sgx-mpa, p-cpe:/a:centos:centos:cockpit-system, p-cpe:/a:redhat:enterprise_linux:cockpit-bridge, p-cpe:/a:redhat:enterprise_linux:subscription-manager-cockpit, p-cpe:/a:centos:centos:cockpit, p-cpe:/a:centos:centos:cockpit-ws-selinux, p-cpe:/a:redhat:enterprise_linux:cockpit-ha-cluster, p-cpe:/a:canonical:ubuntu_linux:node-lodash, p-cpe:/a:centos:centos:cockpit-storaged, p-cpe:/a:centos:centos:subscription-manager-cockpit, p-cpe:/a:centos:centos:pcs, p-cpe:/a:centos:centos:pcs-snmp, p-cpe:/a:centos:centos:cockpit-session-recording, cpe:/o:canonical:ubuntu_linux:22.04:-:lts, p-cpe:/a:redhat:enterprise_linux:cockpit-pcp, p-cpe:/a:redhat:enterprise_linux:cockpit-dashboard, p-cpe:/a:centos:centos:tdx-qgs, p-cpe:/a:redhat:enterprise_linux:cockpit-system, p-cpe:/a:redhat:enterprise_linux:cockpit-machines, p-cpe:/a:centos:centos:librados-devel, p-cpe:/a:centos:centos:cockpit-packagekit, p-cpe:/a:centos:centos:cockpit-image-builder, p-cpe:/a:redhat:enterprise_linux:cockpit-files, cpe:/o:canonical:ubuntu_linux:25.10, p-cpe:/a:redhat:enterprise_linux:librados-devel, p-cpe:/a:redhat:enterprise_linux:librbd-devel, cpe:/o:redhat:enterprise_linux:9, p-cpe:/a:centos:centos:cockpit-pcp, cpe:/o:redhat:enterprise_linux:10, p-cpe:/a:redhat:enterprise_linux:librados2, p-cpe:/a:centos:centos:librbd1, p-cpe:/a:redhat:enterprise_linux:cockpit, p-cpe:/a:redhat:enterprise_linux:librbd1, cpe:/o:canonical:ubuntu_linux:16.04:-:lts, p-cpe:/a:redhat:enterprise_linux:cockpit-podman, p-cpe:/a:centos:centos:cockpit-dashboard, p-cpe:/a:centos:centos:cockpit-machines, p-cpe:/a:centos:centos:cockpit-ws, p-cpe:/a:redhat:enterprise_linux:gjs, p-cpe:/a:centos:centos:cockpit-files, cpe:/o:canonical:ubuntu_linux:18.04:-:lts, p-cpe:/a:centos:centos:cockpit-ha-cluster, cpe:/o:redhat:enterprise_linux:8, cpe:/o:debian:debian_linux:13.0, p-cpe:/a:centos:centos:libradospp-devel, p-cpe:/a:redhat:enterprise_linux:rhsm-icons, p-cpe:/a:debian:debian_linux:node-lodash, p-cpe:/a:centos:centos:cockpit-podman, p-cpe:/a:redhat:enterprise_linux:cockpit-session-recording, p-cpe:/a:redhat:enterprise_linux:cockpit-packagekit, p-cpe:/a:redhat:enterprise_linux:pcs-snmp, p-cpe:/a:centos:centos:librbd-devel, p-cpe:/a:redhat:enterprise_linux:cockpit-doc, p-cpe:/a:redhat:enterprise_linux:libradospp-devel, cpe:/o:debian:debian_linux:12.0, p-cpe:/a:redhat:enterprise_linux:sgx-pckid-tool, cpe:/o:centos:centos:8, p-cpe:/a:centos:centos:cockpit-bridge, p-cpe:/a:redhat:enterprise_linux:sgx-libs, p-cpe:/a:redhat:enterprise_linux:cockpit-ws, p-cpe:/a:centos:centos:gjs-devel, p-cpe:/a:redhat:enterprise_linux:sgx-common, p-cpe:/a:centos:centos:sgx-common, p-cpe:/a:redhat:enterprise_linux:cockpit-image-builder, p-cpe:/a:redhat:enterprise_linux:cockpit-storaged, p-cpe:/a:centos:centos:rhsm-icons, p-cpe:/a:centos:centos:cockpit-doc, p-cpe:/a:centos:centos:sgx-pckid-tool, p-cpe:/a:redhat:enterprise_linux:sgx-mpa, p-cpe:/a:redhat:enterprise_linux:gjs-devel

Required KB Items: Host/cpu, Host/local_checks_enabled, global_settings/vendor_unpatched, Host/OS/identifier

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 3/31/2026

Reference Information

CVE: CVE-2026-4800