Every CVE whose affected-product data names Canonical Multipass, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2021-3626 — CVSS 8.8 (high): The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts…
CVE-2021-3747 — CVSS 8.8 (high): The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner.
CVE-2026-49238 — CVSS 8.4 (high): An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component (sshfs_server), which executes…
CVE-2026-49237 — CVSS 7.8 (high): An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch…
CVE-2025-5199 — CVSS 7.3 (high): In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate…