Detections
Analytics

Linux Distros Unpatched Vulnerability : CVE-2026-9358

medium Nessus Plugin ID 318727

Language:

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - A vulnerability was determined in postcss-selector-parser up to 6.1.2/7.1.2. Affected is the function toString of the file src/selectors/container.js of the component AST Serialization. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 6.1.3 and 7.1.3 is able to address this issue. This patch is called 5bc698cef66f8abd12610dc623e5d67cbc0f869d. It is suggested to upgrade the affected component. The vendor explains, that according to his definition DoS on server-side on user- generated CSS is low risk for us (since most users compile own CSS with PostCSS). The commits were backported to 6.x branch, which was the most downloaded version. (CVE-2026-9358)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

See Also

https://access.redhat.com/security/cve/cve-2026-9358

https://security-tracker.debian.org/tracker/CVE-2026-9358

https://ubuntu.com/security/CVE-2026-9358

Plugin Details

Severity: Medium

ID: 318727

File Name: unpatched_CVE_2026_9358.nasl

Version: 1.9

Type: Local

Agent: unix

Family: Misc.

Published: 6/4/2026

Updated: 6/25/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v4

Risk Factor: Medium

Base Score: 5.3

Threat Score: 2.1

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:10, cpe:/o:debian:debian_linux:12.0, cpe:/o:redhat:enterprise_linux:7, cpe:/o:centos:centos:7, cpe:/o:redhat:enterprise_linux:8, cpe:/o:centos:centos:8, cpe:/o:redhat:enterprise_linux:9, cpe:/o:debian:debian_linux:11.0, cpe:/o:debian:debian_linux:13.0, cpe:/o:debian:debian_linux:14.0, cpe:/o:canonical:ubuntu_linux:20.04:-:lts, p-cpe:/a:centos:centos:firefox, p-cpe:/a:redhat:enterprise_linux:firefox, p-cpe:/a:centos:centos:thunderbird, p-cpe:/a:redhat:enterprise_linux:thunderbird, p-cpe:/a:centos:centos:subscription-manager, p-cpe:/a:redhat:enterprise_linux:subscription-manager, p-cpe:/a:centos:centos:subscription-manager-gui, p-cpe:/a:redhat:enterprise_linux:subscription-manager-gui, p-cpe:/a:redhat:enterprise_linux:pcs, p-cpe:/a:centos:centos:pcs, p-cpe:/a:centos:centos:pcs-snmp, p-cpe:/a:redhat:enterprise_linux:pcs-snmp, p-cpe:/a:redhat:enterprise_linux:subscription-manager-initial-setup-addon, p-cpe:/a:centos:centos:subscription-manager-initial-setup-addon, p-cpe:/a:redhat:enterprise_linux:subscription-manager-plugin-container, p-cpe:/a:centos:centos:subscription-manager-plugin-container, p-cpe:/a:centos:centos:subscription-manager-plugin-ostree, p-cpe:/a:redhat:enterprise_linux:subscription-manager-plugin-ostree, p-cpe:/a:centos:centos:gjs, p-cpe:/a:redhat:enterprise_linux:gjs, p-cpe:/a:centos:centos:gjs-devel, p-cpe:/a:redhat:enterprise_linux:gjs-devel, p-cpe:/a:redhat:enterprise_linux:mozjs60, p-cpe:/a:centos:centos:mozjs60, p-cpe:/a:centos:centos:grafana, p-cpe:/a:redhat:enterprise_linux:grafana, p-cpe:/a:centos:centos:mozjs60-devel, p-cpe:/a:redhat:enterprise_linux:mozjs60-devel, p-cpe:/a:centos:centos:subscription-manager-migration, p-cpe:/a:redhat:enterprise_linux:subscription-manager-migration, p-cpe:/a:redhat:enterprise_linux:python3-subscription-manager-rhsm, p-cpe:/a:centos:centos:python3-subscription-manager-rhsm, p-cpe:/a:centos:centos:dotnet5.0-build-reference-packages, p-cpe:/a:redhat:enterprise_linux:dotnet5.0-build-reference-packages, p-cpe:/a:centos:centos:grafana-pcp, p-cpe:/a:redhat:enterprise_linux:grafana-pcp, p-cpe:/a:centos:centos:rhsm-gtk, p-cpe:/a:redhat:enterprise_linux:rhsm-gtk, p-cpe:/a:centos:centos:rhsm-icons, p-cpe:/a:redhat:enterprise_linux:rhsm-icons, p-cpe:/a:redhat:enterprise_linux:subscription-manager-cockpit, p-cpe:/a:centos:centos:subscription-manager-cockpit, p-cpe:/a:redhat:enterprise_linux:dnf-plugin-subscription-manager, p-cpe:/a:centos:centos:dnf-plugin-subscription-manager, p-cpe:/a:centos:centos:python3-syspurpose, p-cpe:/a:redhat:enterprise_linux:python3-syspurpose, p-cpe:/a:redhat:enterprise_linux:subscription-manager-rhsm-certificates, p-cpe:/a:centos:centos:subscription-manager-rhsm-certificates, p-cpe:/a:redhat:enterprise_linux:python3-cloud-what, p-cpe:/a:centos:centos:python3-cloud-what, cpe:/o:canonical:ubuntu_linux:22.04:-:lts, p-cpe:/a:centos:centos:firefox-x11, p-cpe:/a:redhat:enterprise_linux:firefox-x11, p-cpe:/a:centos:centos:python-syspurpose, p-cpe:/a:redhat:enterprise_linux:python-syspurpose, p-cpe:/a:centos:centos:subscription-manager-rhsm, p-cpe:/a:redhat:enterprise_linux:subscription-manager-rhsm, cpe:/o:canonical:ubuntu_linux:24.04:-:lts, p-cpe:/a:centos:centos:grafana-selinux, p-cpe:/a:redhat:enterprise_linux:grafana-selinux, cpe:/o:canonical:ubuntu_linux:25.10, p-cpe:/a:redhat:enterprise_linux:goose, p-cpe:/a:centos:centos:goose, cpe:/o:canonical:ubuntu_linux:26.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:node-css-loader, p-cpe:/a:debian:debian_linux:node-css-loader

Required KB Items: Host/local_checks_enabled, Host/cpu, global_settings/vendor_unpatched, Host/OS/identifier

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 5/24/2026

Reference Information

CVE: CVE-2026-9358