CVE-2026-39958

Published: Apr 09, 2026 Last Modified: Apr 16, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,2

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: high

User Interaction: passive

Confidentiality: N/A

Integrity: N/A

Availability: N/A

CRITICAL 9,1

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: high

Availability: high

Description

AI Translation Available

oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible for fetching metadata for testing repositories (topics) named 'Topic Manifests' ({mirror}/debs/manifest/topics.json) from remote repository servers, registering them as APT source entries. However, the name field in said metadata were not checked for transliteration. In this case, a malicious party may supply a malformed Topic Manifest, which may cause malicious APT source entries to be added to /etc/apt/sources.list.d/atm.list as oma-topics finishes fetching and registering metadata. This vulnerability is fixed in 1.25.2.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0004

Percentile

0,1th

Updated

EPSS Score Trend (Last 7 Days)

Improper Neutralization of CRLF Sequences ('CRLF Injection')

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity

Potential Impacts:

Modify Application Data

Applicable Platforms

All platforms may be affected

View CWE Details

https://github.com/AOSC-Dev/oma/commit/b361c0f219bbf91a6846…

https://github.com/AOSC-Dev/oma/commit/b361c0f219bbf91a684610c76210f71f093dbc18

https://github.com/AOSC-Dev/oma/pull/733

https://github.com/AOSC-Dev/oma/releases/tag/v1.25.2

https://github.com/AOSC-Dev/oma/security/advisories/GHSA-86…

https://github.com/AOSC-Dev/oma/security/advisories/GHSA-86jc-7r6q-cr3f

CVE-2026-39958

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 7 Days)

Improper Neutralization of CRLF Sequences ('CRLF Injection')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter