CoreOS Security Update (MINDBREEZE40981)

ID: MINDBREEZE40981 
Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS 
Severity: 8.4 High 
Status: Final 
First published: June 11, 2026 
CVEs:  CVE-2025-15281, CVE-2026-0915, CVE-2026-0861, CVE-2026-2100, CVE-2026-24882 

Summary 

• glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory 
• glibc: glibc: Information disclosure via zero-valued network query 
• glibc: Integer overflow in memalign leads to heap corruption 
• p11-kit: p11-kit: NULL dereference via C_DeriveKey with specific NULL parameters 
• GnuPG: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution 

Hotfix Information 

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 

• Mindbreeze InSpire 26.2 Release
• Mindbreeze InSpire SaaS 26.2 Release