Ubuntu
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Ubuntu product.
RSS Feeds for Ubuntu security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Ubuntu products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Ubuntu Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2026 there have been 1 vulnerability in Ubuntu. Last year, in 2025 Ubuntu had 2 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Ubuntu in 2026 could surpass last years number.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 0.00 |
| 2025 | 2 | 7.70 |
| 2024 | 0 | 0.00 |
| 2023 | 1 | 4.40 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 8.80 |
| 2020 | 1 | 5.50 |
| 2019 | 7 | 0.00 |
| 2018 | 2 | 0.00 |
It may take a day or so for new Ubuntu vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Ubuntu Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-3497 | Mar 12, 2026 |
OpenSSH GSSAPI: Uninitialized Variables via sshpkt_disconnectVulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration. |
|
| CVE-2025-7044 | Dec 03, 2025 |
MAAS: Improper Input Validation in WebSocket Allows SelfPromotion to AdminAn Improper Input Validation vulnerability exists in the user websocket handler of MAAS. An authenticated, unprivileged attacker can intercept a user.update websocket request and inject the is_superuser property set to true. The server improperly validates this input, allowing the attacker to self-promote to an administrator role. This results in full administrative control over the MAAS deployment. |
|
| CVE-2025-2486 | Nov 26, 2025 |
Ubuntu edk2 UEFI: Secure Boot Bypass via Shell (2024.05-2ubuntu0.3)The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing bypass of Secure Boot constraints. Versions 2024.05-2ubuntu0.3 and 2024.02-2ubuntu0.3 disable the Shell. Some previous versions inserted a secure-boot-based decision to continue running inside the Shell itself, which is believed to be sufficient to enforce Secure Boot restrictions. This is an additional repair on top of the incomplete fix for CVE-2023-48733. |
|
| CVE-2020-11935 | Apr 07, 2023 |
aufs inode refcount loss causing local DoSIt was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service attack. |
|
| CVE-2021-3493 | Apr 17, 2021 |
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file systemThe overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges. |
|
| CVE-2020-8832 | Apr 10, 2020 |
The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processorsThe fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information. |
|
| CVE-2015-1320 | Apr 22, 2019 |
The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interfaceThe SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. This issue affects Ubuntu MAAS versions prior to 1.9.2. |
|
| CVE-2015-1343 | Apr 22, 2019 |
All versions of unity-scope-gdrive logs search terms to syslog.All versions of unity-scope-gdrive logs search terms to syslog. |
|
| CVE-2015-1341 | Apr 22, 2019 |
Any Python module in sys.pathAny Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path. |
|
| CVE-2015-1340 | Apr 22, 2019 |
LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() callLXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice. |