{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-11852", "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "state": "PUBLISHED", "assignerShortName": "debian", "dateReserved": "2026-06-10T08:25:35.480Z", "datePublished": "2026-06-10T09:10:21.401Z", "dateUpdated": "2026-06-10T18:51:58.197Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian", "dateUpdated": "2026-06-10T09:12:30.625Z"}, "affected": [{"vendor": "Debian", "product": "debusine", "versions": [{"status": "affected", "version": "0.2.0", "lessThan": "0.14.6", "changes": [{"at": "0.14.6", "status": "unaffected"}], "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relationships between artifacts enforced no permissions checks beyond being able to see the artifacts in question.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relationships between artifacts enforced no permissions checks beyond being able to see the artifacts in question."}]}], "references": [{"url": "https://salsa.debian.org/freexian-team/debusine/-/work_items/1499"}, {"url": "https://salsa.debian.org/freexian-team/debusine/-/merge_requests/2836"}, {"url": "https://salsa.debian.org/freexian-team/debusine/-/commit/98104f46dc546a27a0326d5ef728ac7f426c430a"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-862", "lang": "en", "description": "CWE-862 Missing Authorization"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-06-10T18:51:52.457963Z", "id": "CVE-2026-11852", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-10T18:51:58.197Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-11852", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-10T18:51:52.457963Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-10T18:51:36.720Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Debian", "product": "debusine", "versions": [{"status": "affected", "changes": [{"at": "0.14.6", "status": "unaffected"}], "version": "0.2.0", "lessThan": "0.14.6", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://salsa.debian.org/freexian-team/debusine/-/work_items/1499"}, {"url": "https://salsa.debian.org/freexian-team/debusine/-/merge_requests/2836"}, {"url": "https://salsa.debian.org/freexian-team/debusine/-/commit/98104f46dc546a27a0326d5ef728ac7f426c430a"}], "x_generator": {"engine": "Vulnogram 1.0.2"}, "descriptions": [{"lang": "en", "value": "Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relationships between artifacts enforced no permissions checks beyond being able to see the artifacts in question.", "supportingMedia": [{"type": "text/html", "value": "Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relationships between artifacts enforced no permissions checks beyond being able to see the artifacts in question.", "base64": false}]}], "providerMetadata": {"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian", "dateUpdated": "2026-06-10T09:12:30.625Z"}}}, "cveMetadata": {"cveId": "CVE-2026-11852", "state": "PUBLISHED", "dateUpdated": "2026-06-10T18:51:58.197Z", "dateReserved": "2026-06-10T08:25:35.480Z", "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "datePublished": "2026-06-10T09:10:21.401Z", "assignerShortName": "debian"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relationships between artifacts enforced no permissions checks beyond being able to see the artifacts in question."}], "id": "CVE-2026-11852", "lastModified": "2026-06-10T20:11:16.543", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-06-10T10:16:31.350", "references": [{"source": "security@debian.org", "url": "https://salsa.debian.org/freexian-team/debusine/-/commit/98104f46dc546a27a0326d5ef728ac7f426c430a"}, {"source": "security@debian.org", "url": "https://salsa.debian.org/freexian-team/debusine/-/merge_requests/2836"}, {"source": "security@debian.org", "url": "https://salsa.debian.org/freexian-team/debusine/-/work_items/1499"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.2.0,0.14.6)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "debusine", "source": "cna", "vendor": "Debian"}, "product": "debusine", "vendor": "debian"}], "created": "2026-06-10T10:30:26.061209+00:00", "updated": "2026-06-10T21:30:36.612903+00:00", "vendors": ["debian", "debian$PRODUCT$debusine"]}