Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Opentofu-FIPS Configuration Error Allows Unauthorized Access
CLEANSTART-2026-XV54160
Summary
The opentofu-fips package has a configuration error that allows attackers to access sensitive information. This could lead to unauthorized access to your system. We recommend checking the package's documentation and configuration settings to ensure they are secure and up-to-date.
What to do
- Update opentofu-fips to version 1.9.4-r0.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | opentofu-fips | <= 1.9.4-r0 | 1.9.4-r0 |
Original title
Within HostnameError
Original description
Multiple security vulnerabilities affect the opentofu-fips package. Within HostnameError. See references for individual vulnerability details.
osv CVSS3.1
9.8
- https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advis... Vendor Advisory
- https://osv.dev/vulnerability/CVE-2025-47913 URL
- https://osv.dev/vulnerability/CVE-2025-47914 URL
- https://osv.dev/vulnerability/CVE-2025-58181 URL
- https://osv.dev/vulnerability/CVE-2025-61727 URL
- https://osv.dev/vulnerability/CVE-2025-61729 URL
- https://osv.dev/vulnerability/GHSA-2464-8j7c-4cjm URL
- https://osv.dev/vulnerability/GHSA-2x5j-vhc8-9cwm URL
- https://osv.dev/vulnerability/GHSA-6v2p-p543-phr9 URL
- https://osv.dev/vulnerability/GHSA-c6gw-w398-hv78 URL
- https://osv.dev/vulnerability/GHSA-fv92-fjc5-jj9h URL
- https://osv.dev/vulnerability/GHSA-hcg3-q754-cr77 URL
- https://osv.dev/vulnerability/GHSA-jc7w-c686-c4v9 URL
- https://osv.dev/vulnerability/GHSA-mh63-6h87-95cp URL
- https://osv.dev/vulnerability/GHSA-qxp5-gwg8-xv66 URL
- https://osv.dev/vulnerability/GHSA-vvgc-356p-c3xw URL
- https://osv.dev/vulnerability/GHSA-wjrx-6529-hcj3 URL
- https://nvd.nist.gov/vuln/detail/CVE-2025-47913 URL
- https://nvd.nist.gov/vuln/detail/CVE-2025-47914 URL
- https://nvd.nist.gov/vuln/detail/CVE-2025-58181 URL
- https://nvd.nist.gov/vuln/detail/CVE-2025-61727 URL
- https://nvd.nist.gov/vuln/detail/CVE-2025-61729 URL
Published: 17 Feb 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026