What's our exposure to CVE-2026-47252?
Latest intel
View all →Trending on GitHub
· this weekFixes shipped
Research
Supply chain compromise is shifting from static package poisoning towards runtime weaponisation, where trusted code becomes a credential harvester, traffic broker or covert infrastructure node after deployment.
Five RBAC failure modes show how route checks, UI gating, tenant scope gaps, workflow state and service identity bypass object-level authorisation across APIs.
CIFSwitch CVE-2026-46243 and PraisonAI show why vertical movement often follows from designs that let low-trust identities shape high-trust operations.
Threat Feed
liveGogs, PraisonAI and KnowledgeDeliver show why authentication bypass in self-hosted platforms is often an architectural failure, not a missing if statement.
May 2026 supply-chain compromises showed that poisoned developer tooling now targets the identity and execution layer before code reaches a repository.
More research
Credential harvesting against npm, PyPI and Docker Hub has turned developer identity into supply-chain infrastructure, with package registries now functioning as distribution systems for stolen trust.
Supply chain compromise has shifted from stealing credentials to poisoning package ecosystems through compromised CI/CD systems, maintainer accounts and trusted execution paths.
Google Project Zero's Pixel 10 zero-click chain shows how Android hardening changes exploit shape without removing reachable attack surface in media parsing and device drivers.
CI/CD compromise is moving away from poisoned dependencies alone and towards the infrastructure that builds, signs and releases trusted software.
Recent vm2, NodeVM and Ollama flaws show a recurring failure pattern: developer-friendly JavaScript isolation is being treated as a hard security boundary when the runtime was never designed to provide one.
A threat model analysis of Project NOMAD PR #823, where a hardcoded benchmark HMAC secret was a valid CWE-798 finding but the maintainer was right that client-side relocation was not enough.
operacle/checkcle persisted PocketBase authentication JWTs in localStorage, making token theft trivial after any same-origin script execution. PR #224 replaces local persistence with an in-memory auth store.
Checkmarx KICS, npm Bitwarden CLI packages and GlassWorm show how supply chain compromise has moved from poisoned code to weaponised developer trust.
A compromised AI productivity tool called Context.ai gave attackers OAuth access to a Vercel employee's Google Workspace, pivoting into internal systems. The AI tool supply chain is the new CI/CD supply chain.
Eighteen months of supply chain attacks against AI infrastructure reveal a structural pattern: the build pipeline, the package registry and the runtime protocol all share the same trust model failure.
Supply-chain compromise is no longer opportunistic. Self-replicating NPM worms, coordinated developer phishing and credential-harvesting pipelines show an attack class that has industrialised faster than the defences meant to contain it.
Modern frameworks keep reimplementing the same seven authentication bypass patterns. From hardcoded credentials to missing origin checks, the bugs are structural, not accidental, and the AI tooling boom is accelerating the cycle.
CVE-2025-10492, a CVSS 9.8 Java deserialisation flaw in the Jasper Report component of Hitachi Energy Ellipse, enables unauthenticated RCE on critical manufacturing systems. No patch exists for the community edition of the underlying library.
CVE-2026-27663 and CVE-2026-27664 affect shared firmware components across Siemens SICAM A8000, EGS and S8000 product lines, enabling unauthenticated denial of service in power grid infrastructure.
AI orchestration platforms like LangFlow and n8n are accumulating critical RCE vulnerabilities because their architectures treat user-supplied configuration as trusted code.
CVE-2026-3356 exposes a design-level authentication failure across Anritsu's entire Remote Spectrum Monitor line. CVSS 9.3, all versions affected, no fix planned.
CVE-2026-3055, a critical out-of-bounds read in Citrix NetScaler ADC and Gateway, is being actively exploited. CISA has added it to the KEV catalog.
CVE-2026-3055, a CVSS 9.3 memory overread in Citrix NetScaler ADC and Gateway configured as SAML IDPs, is drawing active reconnaissance. Attackers are probing authentication endpoints to identify vulnerable appliances.
CISA added CVE-2025-53521 to the Known Exploited Vulnerabilities catalog on 27 March 2026 after confirming active exploitation of this CVSS 9.8 RCE in F5 BIG-IP. Affected versions span three major branches.
AI agent frameworks and deployment tools keep shipping the same environment variable injection patterns that operational tooling solved years ago. The gptme fix was one project. The pattern is everywhere.
Attackers compromised Stryker's Microsoft Entra credentials and used Intune to remotely wipe tens of thousands of employee devices. No malware was deployed. CISA responded with an emergency hardening advisory.
PraisonAI's schedule config YAML could set LD_PRELOAD, PATH and 26 other dangerous environment variables with no validation. The fix adds a blocklist and fail-closed validation.
Git tags, package registries and AI extension marketplaces all share the same authentication failure - and attackers have noticed the pattern before defenders did.
gptme's evaluation runner passed API keys as Docker CLI arguments, exposing them to every user on the system via ps or /proc. The fix took one file and five tests.
A popular summarisation tool trusted every browser origin that asked. Fixing it meant thinking about who should be allowed to talk to your localhost.
Indirect prompt injection in AI coding assistants has turned every file, dependency and skill into a potential attack vector - and the CVEs are piling up.
