Ctrlpanel-gg · MrWeez · May 8, 2026 · May 8, 2026
diff --git a/blog/2026/04-24-1.2.0-release.md b/blog/2026/04-24-1.2.0-release.md
@@ -88,18 +88,12 @@ Thank you to everyone else who contributed, reported issues, or helped test alon
 
 ### Fixed Vulnerabilities
 
-:::info
-
-**Vulnerability details will be disclosed two weeks after the release date**
-
-:::
-
-- CVE-2026-34234
-- CVE-2026-34358
-- CVE-2026-34246
-- CVE-2026-34216
-- CVE-2026-34241
-- CVE-2026-34233
+- [CVE-2026-34234](https://github.com/Ctrlpanel-gg/panel/security/advisories/GHSA-jmhr-q9q5-fqwh) (CVSS Score 10.0/10) - Unauthenticated RCE via Installer Accessible After Installation and Unsanitized Shell Arguments
+- [CVE-2026-34358](https://github.com/Ctrlpanel-gg/panel/security/advisories/GHSA-pxmw-gj52-9p68) (CVSS Score 8.1/10) - Missing Authorization on Admin Write Endpoints Allows RBAC Bypass
+- [CVE-2026-34246](https://github.com/Ctrlpanel-gg/panel/security/advisories/GHSA-wpqj-xwhq-2mmh) (CVSS Score 4.8/10) - Stored XSS in Admin Role Management via Unescaped DataTable HTML Output
+- [CVE-2026-34216](https://github.com/Ctrlpanel-gg/panel/security/advisories/GHSA-vcg3-fjrx-rg5q) (CVSS Score 6.6/10) - Unsafe Dynamic Class Instantiation in Admin Settings Allows Potential Remote Code Execution
+- [CVE-2026-34241](https://github.com/Ctrlpanel-gg/panel/security/advisories/GHSA-cmrr-q3hw-3vqh) (CVSS Score 8.7/10) - Stored XSS in Ticket Reply Notifications Allows Session Hijacking
+- [CVE-2026-34233](https://github.com/Ctrlpanel-gg/panel/security/advisories/GHSA-mj5g-j7fq-7hc4) (CVSS Score 6.5/10) - Missing Authorization on Admin Datatable Endpoints Allows Unauthorized Access to Sensitive Data
 
 ---