CNNVD-202602-923 Information
CNNVD ID
CNNVD-202602-923
Related CVE
- CNNVD Published: 2026-02-06
Description (Chinese)
Nebula是Web UI Designing开源的一个专注于增强开发的 WordPress 主题框架。 Nebula 1.7.0至1.10.2版本存在数据伪造问题漏洞,该漏洞源于使用P256证书时可能通过ECDSA签名延展性规避证书指纹的阻止列表条目。
Description (English)
Nebula is a WordPress thematic framework focused on enhanced development, an open source for Web UI Designing. Nebula 1.7.0 to 1.10.2 contains a gap in data forgery, which arises from the use of the P256 certificate, which may be used to extend the block list entry to circumvent the fingerprints of the certificate through the signature of CCDSA.
Hazard Level
High
Vulnerability Type
数据伪造问题
Affected Vendor
Web UI Designing
Published
2026-02-06
Last Modified
2026-02-24
References
https://github.com/slackhq/nebula/commit/f573e8a26695278f9d71587390fbfe0d0933aa21 https://github.com/slackhq/nebula/security/advisories/GHSA-69x3-g4r3-p962 https://access.redhat.com/security/cve/cve-2026-25793
Patch
https://github.com/slackhq/nebula/releases
Share on: