Labs
Short research notes on newly disclosed vulnerabilities: the problem, the payload, and the fix.
- highCVE-2026-55578
CVE-2026-55578: Pheditor OS Command Injection via Incomplete Terminal Blocklist
Pheditor's built-in terminal blocks some shell metacharacters but misses the pipe operator, backtick, and newline byte, letting any logged-in user run arbitrary OS commands on the server.
- criticalCVE-2026-55579
CVE-2026-55579: Pheditor Hardcoded Default Password Enables Unauthenticated RCE
Pheditor ships with a hardcoded default password 'admin' and no forced change on first login, letting any remote attacker authenticate and immediately reach file upload and terminal features for full
- highCVE-2026-59950
CVE-2026-59950: mcp WebSocket Transport Missing Origin Validation
The deprecated WebSocket server transport in the MCP Python SDK accepted connections from any web origin without checking Host or Origin headers, letting a malicious web page silently call tools on a
- high
ArcadeDB: JavaScript Trigger OS Command Injection (RCE)
A database user with schema-admin rights can create a JavaScript trigger in ArcadeDB that calls Java's Runtime.exec() directly, running arbitrary OS commands on the server.
- high
ArcadeDB: Cross-Database IDOR on Time-Series, Batch, Prometheus, and Grafana Endpoints
A logged-in ArcadeDB user granted access to one database can fully read and write any other database on the same server by targeting 14 HTTP endpoints that skip the authorization check entirely.
- highCVE-2026-52870
CVE-2026-52870: mcp (Python SDK) Missing Authorization on Experimental Task Handlers
When a multi-client MCP server enables the experimental tasks feature, any connected client can list, read, and cancel tasks that belong to other clients, including intercepting sensitive elicitation
- highCVE-2026-52869
CVE-2026-52869: mcp (Python SDK) Session Authorization Bypass
The MCP Python SDK's HTTP transports route requests to an existing session based only on the session ID, never checking that the caller is the same authenticated user who created it, so anyone who kno
- highCVE-2026-54077
CVE-2026-54077: ArcadeDB IMPORT DATABASE SSRF and Local File Read
Any authenticated ArcadeDB user could abuse the SQL IMPORT DATABASE statement to make the server fetch arbitrary internal URLs or read local files from disk, without needing admin rights.
- highCVE-2026-53714
CVE-2026-53714: Envoy Gateway xDS Authentication Bypass in GatewayNamespaceMode
Envoy Gateway in GatewayNamespaceMode lets any pod in the cluster read TLS private keys and all routing config from the xDS server without any authentication, because the JWT check was never applied t
- highCVE-2026-54498
CVE-2026-54498: view_component around_render HTML-Safety Bypass XSS
A flaw in ViewComponent's around_render hook lets it return raw, unescaped HTML strings that bypass the safety checks applied to normal component output, allowing attacker-controlled data to reach the
- highCVE-2026-50276
CVE-2026-50276: datadog (dd-trace-rb) W3C Baggage Header Denial of Service
The Datadog Ruby tracing gem parsed incoming W3C baggage HTTP headers with no item-count or size limit, so an unauthenticated attacker could crash any instrumented Ruby service by sending a single ove
- highCVE-2026-50285
CVE-2026-50285: Pomerium Pre-Auth Denial of Service via HPKE Decompression Bomb
Any unauthenticated attacker can crash a Pomerium proxy by sending a tiny HTTPS request that forces the server to decompress hundreds of megabytes of memory before it even checks who the caller is.