Research

62 pieces of security research, engineering and field notes.

maboloshi/github-chinese PR #692 fixed DOM XSS in translation results

maboloshi/github-chinese inserted third-party translation API responses into GitHub pages as HTML. PR #692 changes that untrusted response handling to text nodes.

17 May 2026

vulnerability7 min read

RAGFlow PR #14803 removed a CWE-502 pickle RCE footgun from deserialize_b64

RAGFlow's deserialize_b64 helper defaulted to bare pickle.loads behind an unset safety flag. PR #14803 makes RestrictedUnpickler the only path.

15 May 2026

vulnerability9 min read

getsentry/XcodeBuildMCP PR #289 hardens shell escaping in MCP tool execution

getsentry/XcodeBuildMCP accepted MCP tool parameters that could reach /bin/sh -c through unsafe double-quote escaping. PR #289 replaces that path with POSIX single-quote escaping and adds regression coverage.

14 May 2026

android12 min read

Project Zero's Pixel 10 chain shows Android mitigations still leave a zero-click path to root

Google Project Zero's Pixel 10 zero-click chain shows how Android hardening changes exploit shape without removing reachable attack surface in media parsing and device drivers.

14 May 2026

security13 min read

GitHub Actions OIDC tokens and Jenkins plugins show CI/CD infrastructure is now the supply chain target

CI/CD compromise is moving away from poisoned dependencies alone and towards the infrastructure that builds, signs and releases trusted software.

14 May 2026

vm212 min read

vm2, NodeVM and Ollama show why JavaScript runtime isolation keeps failing at 300,000 deployments

Recent vm2, NodeVM and Ollama flaws show a recurring failure pattern: developer-friendly JavaScript isolation is being treated as a hard security boundary when the runtime was never designed to provide one.

12 May 2026

vulnerability9 min read

AReaL PR #1323 refuses the default admin API key on network-facing proxy binds

AReaL's proxy rollout server used a public default admin API key while binding to a network interface by default. PR #1323 turns that insecure default into a startup failure.

11 May 2026

vulnerability7 min read

Harbor PR #236 blocks CWE-78 in remote profile downloads

Harbor accepted remotely downloaded profile values that could later be expanded through eval, allowing command injection through a configuration import path. PR #236 adds validation before remote profiles are installed.

9 May 2026

vulnerability7 min read

Softeria ms-365-mcp-server PR #456 validates redirect_uri before Microsoft Entra forwarding

Softeria's ms-365-mcp-server forwarded client-supplied OAuth redirect_uri values to Microsoft Entra without local validation. PR #456 adds scheme checks, loopback-only HTTP defaults and an exact-match allowlist for hosted deployments.

9 May 2026

vulnerability7 min read

CodeGraphContext PR #882 rejects write Cypher on /api/graph

CodeGraphContext's visualisation endpoint accepted arbitrary Cypher through /api/graph and passed it directly to Neo4j. PR #882 adds the missing read-only guard.

8 May 2026

vulnerability9 min read

Project NOMAD PR #823: a hardcoded HMAC secret was real, but the fix was incomplete

A threat model analysis of Project NOMAD PR #823, where a hardcoded benchmark HMAC secret was a valid CWE-798 finding but the maintainer was right that client-side relocation was not enough.

8 May 2026

security7 min read

Tabby PR #11228 requires HTTPS for config sync after YAML profiles reached command execution

PR #11228 in Eugeny/tabby blocks cleartext config sync because a tampered YAML response could inject terminal profiles that later execute commands.

8 May 2026

vulnerability8 min read

Koodo Reader PR #1598 replaced wildcard CORS with an ALLOWED_ORIGINS allowlist

Koodo Reader's optional HTTP server advertised Access-Control-Allow-Origin: * with credentials enabled. PR #1598 removes the wildcard, rejects untrusted cross-origin requests and adds an ALLOWED_ORIGINS allowlist.

8 May 2026