CVE-2026-40609 was assigned by GitHub in GHSA-rjvr-hf8j-jg2h.
The advisory turned out to be a duplicate of GHSA-fvjf-68wh-rwp2 (not yet published), for which CVE-2026-34463 was previously assigned, which I unfortunately failed to notice at the time I requested the new CVE.
GHSA-rjvr-hf8j-jg2h was closed without publication, with a comment reflecting the above. As I got no response from that and not being sure about the normal process for this, I'm posting here. If this is not the right way to do things, please advise.
Could CVE-2026-40609 be flagged as invalid / duplicate ?
Thanks in advance.
CVE-2026-40609 was assigned by GitHub in GHSA-rjvr-hf8j-jg2h.
The advisory turned out to be a duplicate of GHSA-fvjf-68wh-rwp2 (not yet published), for which CVE-2026-34463 was previously assigned, which I unfortunately failed to notice at the time I requested the new CVE.
GHSA-rjvr-hf8j-jg2h was closed without publication, with a comment reflecting the above. As I got no response from that and not being sure about the normal process for this, I'm posting here. If this is not the right way to do things, please advise.
Could CVE-2026-40609 be flagged as invalid / duplicate ?
Thanks in advance.