This is an automated email from the ASF dual-hosted git repository.
vgalaxies pushed a commit to branch VGalaxies-patch-1
in repository https://gitbox.apache.org/repos/asf/incubator-hugegraph-doc.git
The following commit(s) were added to refs/heads/VGalaxies-patch-1 by this push:
new 593b146e Update security.md with new CVE entries
593b146e is described below
commit 593b146e98433e91a55beba1a769196379829e66
Author: VGalaxies <[email protected]>
AuthorDate: Fri Dec 12 14:08:02 2025 +0800
Update security.md with new CVE entries
Added new CVE entries for HugeGraph vulnerabilities.
---
content/en/docs/guides/security.md | 2 ++
1 file changed, 2 insertions(+)
diff --git a/content/en/docs/guides/security.md
b/content/en/docs/guides/security.md
index 5fde7137..4ce21102 100644
--- a/content/en/docs/guides/security.md
+++ b/content/en/docs/guides/security.md
@@ -29,6 +29,8 @@ The general process for handling security vulnerabilities is
as follows:
- [CVE-2024-27348](https://www.cve.org/CVERecord?id=CVE-2024-27348):
HugeGraph-Server - Command execution in gremlin
- [CVE-2024-27349](https://www.cve.org/CVERecord?id=CVE-2024-27349):
HugeGraph-Server - Bypass whitelist in Auth mode
+- [CVE-2024-43441](https://www.cve.org/CVERecord?id=CVE-2024-43441):
HugeGraph-Server - Fixed JWT Token (Secret)
+- [CVE-2025-26866](https://www.cve.org/CVERecord?id=CVE-2025-26866):
HugeGraph-Server - RAFT and deserialization vulnerability
### HugeGraph-Toolchain project (Hubble/Loader/Client/Tools/..)
