Labs
Short research notes on newly disclosed vulnerabilities: the problem, the payload, and the fix.
- highCVE-2026-55431
CVE-2026-55431: Coder CLI Session Token Exfiltration via External App URLs
A malicious Coder workspace template can register an external app whose URL contains the $SESSION_TOKEN placeholder, causing the CLI to send the user's live session token to an attacker-controlled ser
- highCVE-2026-55426
CVE-2026-55426: linuxfabrik-lib OS Command Injection via shell_exec
Linuxfabrik monitoring plugins pass user-supplied arguments directly into a shell command string, letting a nagios user inject pipe-separated OS commands and escalate to root via sudoers entries.
- criticalCVE-2026-54496
CVE-2026-54496: halo2_gadgets Variable-Base Scalar Multiplication Under-Constrained Base Point
A missing copy constraint in Zcash's halo2_gadgets ECC gadget let a malicious prover substitute an arbitrary base point into the Orchard Action circuit, bypassing the integrity check that ties a shiel
- highCVE-2026-54640
CVE-2026-54640: OpenRemote KNXProtocol XXE Arbitrary File Read
An incomplete security fix left the KNX asset import handler in OpenRemote unprotected against XML External Entity injection, letting any logged-in user read sensitive files off the server by uploadin
- highCVE-2026-55076
CVE-2026-55076: Coder OIDC email_verified Type Coercion Authentication Bypass
A flaw in Coder's OIDC login lets an attacker register a victim's email address at any compatible identity provider without verifying it, then sign in and inherit the victim's existing Coder account a
- highCVE-2026-55075
CVE-2026-55075: Coder OIDC Account Takeover via Email Fallback and email_verified Bypass
Two flaws in Coder's OIDC login can be chained to let an attacker authenticate as a different user by matching their email address and bypassing the email verification check.
- highCVE-2026-55428
CVE-2026-55428: Coder Tailnet Coordinator Route Hijacking via Unvalidated AllowedIPs
A rogue Coder workspace agent can steal another agent's tailnet address by advertising it as its own routing prefix, letting it intercept web terminal and app traffic meant for the victim workspace.
- criticalCVE-2026-53486
CVE-2026-53486: @xhmikosr/decompress Path Traversal, Symlink Escape, and Setuid File Creation
A crafted archive extracted with @xhmikosr/decompress (and the unmaintained upstream decompress package) can write files outside the target directory, expose arbitrary files via hardlinks, and create
- criticalCVE-2026-54760
CVE-2026-54760: langroid SQLChatAgent pg_read_file Blocklist Bypass
Langroid's SQLChatAgent blocks dangerous PostgreSQL file-read functions by regex, but quoting the function name, inserting an inline comment, or schema-qualifying it bypasses the check entirely, letti
- highCVE-2026-54771
CVE-2026-54771: langroid Unauthorized Tool Invocation via User-Supplied JSON
A user chatting with a Langroid application can directly invoke backend tool handlers by sending raw JSON, bypassing the use=False restriction that developers expect to block end-user tool access.
- highCVE-2026-55787
CVE-2026-55787: flyto-core SSRF Guard Bypass via IPv6 Transition Addresses
flyto-core's SSRF protection can be bypassed using IPv6 transition address forms like ::ffff:127.0.0.1 or 64:ff9b::a9fe:a9fe, letting a workflow author drive authenticated HTTP fetches to internal ser
- highCVE-2026-55786
CVE-2026-55786: flyto-core Unauthenticated OS Command Injection via HTTP MCP
flyto-core's HTTP MCP endpoint accepts JSON-RPC requests with no authentication check, letting any local process run arbitrary shell commands by calling the built-in sandbox.execute_shell module.