CVE-2026-27876 - Vulnerability Analysis

Luca Hammer

@luca

Mar 28, 2026

- Syncthing got a 2.0 release and switched from LevelDB to SQLite https://github.com/syncthing/syncthing/releases - macOS did that weird (a) Upgrade https://support.apple.com/de-de/126604 and is now at 2.6.4 with 8 (eight!) new emojis https://support.apple.com/en-us/122868 - Grafana security fix 12.4.1 -> 12.4.2 https://grafana.com/blog/grafana-security-release-critical-and-high-severity-security-fixes-for-cve-2026-27876-and-cve-2026-27880/ - TandoorRecipes got shared shopping lists and pantry inventory with 2.6.0 and an security update to 2.6.1 https://github.com/TandoorRecipes/recipes/releases - Grist, qbittorrent and smokeping got updates for their containers. I haven't figured out what changed. https://hub.docker.com/r/gristlabs/grist https://github.com/linuxserver/docker-qbittorrent/releases https://github.com/linuxserver/docker-smokeping/releases - Redis 8.6.2 with some bugfixes https://github.com/redis/redis/releases - Home Assistant 2026.3.3 -> 2026.3.4. Nothing interesting. https://github.com/home-assistant/core/releases - oh-my-zsh with tiny changes https://github.com/ohmyzsh/ohmyzsh/commits/master/ - Next section is done by homebrew. I don't even know what half of the stuff is used for. Don't judge for having fish and zsh. ffmpeg 8.0.1_4 -> 8.1 pandoc 3.9 -> 3.9.0.2 nghttp2 1.68.0_1 -> 1.68.1 simdjson 4.4.0 -> 4.4.2 freetype 2.14.2 -> 2.14.3 cryptography 46.0.5 -> 46.0.6 ipython 9.11.0 -> 9.12.0 libavif 1.4.0 -> 1.4.1 harfbuzz 13.1.1 -> 13.2.1 glib 2.86.4 -> 2.88.0 aom 3.13.1 -> 3.13.2 svt-av1 4.0.1 -> 4.1.0 libnghttp2 1.68.0 -> 1.68.1 openexr 3.4.6 -> 3.4.8 ca-certificates 2025-12-02 -> 2026-03-19 esphome 2026.2.4 -> 2026.3.1 jupyterlab 4.5.6 -> 4.5.6_1 ada-url 3.4.3 -> 3.4.4 node 25.8.1_1 -> 25.8.2 fish 4.5.0 -> 4.6.0 icu4c@78 78.2 -> 78.3 jpeg-turbo 3.1.3 -> 3.1.4 - tailscale 1.96.2 now with easy file transfers "taildrop" https://tailscale.com/changelog - Xcode 26.4 https://developer.apple.com/documentation/xcode-release-notes/xcode-26_4-release-notes I haven't touched my desktop yet and probably won't. Edit 1 I missed the Nextcloud update because I use that weird Nextcloud All-In-One container. nextcloud.com/changelog/ Edit 2 How did I miss the Mastodon upgrade from 4.5.7 to 4.5.8. I may be gone for a moment. https://github.com/mastodon/mastodon/releases Edit 3 Why do I run a server in the garage? evcc 0.209.6 -> 0.303.2 https://github.com/evcc-io/evcc/releases