Back to overview

CVE-2026-16211

LOW
2.6
CVSS 3.1
Description
A vulnerability was determined in allegro up to bcf65b994ef29fb3fc2e10b660e6288723d5209e. This impacts the function AssetLastHostname.increment_hostname of the file src/ralph/assets/models/assets.py of the component Hostname Allocation Handler. Executing a manipulation of the argument counter can lead to race condition. Attacks of this nature are highly complex. The exploitability is said to be difficult. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

Metadata

CVE ID
CVE-2026-16211
State
PUBLISHED
Assigner
VulDB
Reserved
2026-07-18 08:40 UTC
Published
2026-07-19 03:30 UTC
Last updated
2026-07-19 03:30 UTC
Primary CWE
CWE-362
Race Condition
Vendor / Product
n/a / allegro
Sources
cve.org  ·  NVD

Severity & Metrics

2.6 LOW CVSS 3.1
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
Affected products (1)
VendorProductPlatformVersions
n/a allegro bcf65b994ef29fb3fc2e10b660e6288723d5209e
Weakness (CWE)
CWESourceDescription
CWE-362 cna Race Condition
CVSS scores (4)
ScoreSeverityVersionSourceVector
2.6 LOW 3.1 cna CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
2.6 LOW 3.0 cna CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
2.1 LOW 4.0 cna CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
1.4 N/D 2.0 cna AV:A/AC:H/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR
References (5)
Back to overview