case-study

10 pieces of writing

NVIDIA's RAG Blueprint had a path traversal in its MCP server. We got the fix merged in three days.

A CWE-22 path traversal in NVIDIA's RAG Blueprint MCP server allowed any MCP client to read arbitrary files and ingest them into the RAG collection. We submitted the fix and NVIDIA merged it.

12 April 2026

vulnerability8 min read

full-stack-ai-agent-template's webhook service had a full read SSRF with response exfiltration

9 April 2026

vulnerability5 min read

Edict's file:// handler let anyone read files outside the project directory (CWE-22)

5 April 2026

vulnerability5 min read

AIPex's localhost daemon let any website control your browser through a WebSocket

AIPex's MCP daemon on 127.0.0.1:9223 accepted WebSocket connections from any origin, letting malicious web pages invoke 30+ browser automation tools. A 39-line fix adds origin validation at the single upgrade handler.

3 April 2026

vulnerability7 min read

Every MCPHub instance started with the same admin password. I changed that.

30 March 2026

vulnerability7 min read

LightRAG's Memgraph backend had a Cypher injection vulnerability hiding in plain sight

28 March 2026

vulnerability7 min read

A single index change bypassed daily_stock_analysis's entire rate limiter

A self-hosted stock analysis platform trusted the leftmost X-Forwarded-For entry for rate limiting, letting attackers rotate IPs and brute-force the admin login at will.

26 March 2026

vulnerability7 min read

PraisonAI let YAML config files set LD_PRELOAD and nobody checked

25 March 2026

vulnerability8 min read

gptme was passing API keys on the command line where any user could read them

23 March 2026

vulnerability7 min read

I found SQL injection in Hugging Face's AI skills framework and got it fixed in nine days

An audit of Hugging Face's skills repository found five SQL injection vectors in a single file. The fix was merged in nine days.

2 March 2026