Labs

Short research notes on newly disclosed vulnerabilities: the problem, the payload, and the fix.

• criticalCVE-2026-49257

  CVE-2026-49257: mcp-pinot-server Unauthenticated Remote Tool Invocation

  The mcp-pinot MCP server binds to all network interfaces with authentication disabled by default, letting any remote caller read or modify a production Apache Pinot cluster without any credentials.

• criticalCVE-2026-48797

  CVE-2026-48797: backpropagate Authentication Bypass on UI Training Control Plane

  The backpropagate web UI ignores the --auth flag operators pass at startup, so anyone who can reach the bound port gets full, unauthenticated access to training controls, dataset uploads, and HuggingF

• high

  Hysteria: HTTP Sniff Unbounded Header Read Server DoS

  When protocol sniffing is enabled, a Hysteria 2 server will buffer an attacker's HTTP header data indefinitely until the sniff timeout, allowing any authenticated client to exhaust server memory and c

• high

  Hysteria Server Crash via Tiny QUIC max_datagram_frame_size

  An authenticated Hysteria client can crash the server instantly by advertising a tiny QUIC datagram size and then sending a UDP packet, triggering a slice-bounds panic in the fragmentation code.

• criticalCVE-2026-48769

  CVE-2026-48769: Incus Arbitrary File Write via Trusted Image Hash Header

  A malicious image server can trick the Incus daemon into writing attacker-controlled content to any file on the host, including cron jobs, by returning a path-traversal sequence in the HTTP Incus-Imag

• highCVE-2026-48788

  CVE-2026-48788: Remark42 Image Proxy XSS via Content-Type Spoofing

  Remark42's image proxy blindly trusts the Content-Type header from remote servers, so an attacker can serve HTML/JavaScript disguised as an image and have it executed in the browser under Remark42's o

• criticalCVE-2026-48753

  CVE-2026-48753: Incus S3 Multipart Upload Path Traversal to Arbitrary File Write

  A missing path sanitization check in Incus's built-in S3 server lets any authenticated bucket user write files anywhere on the host filesystem, including cron directories, making remote code execution

• criticalCVE-2026-48755

  CVE-2026-48755: Incus Argument Injection in Backup Compression Leading to Arbitrary File Write and RCE

  Incus allows a remote authenticated user to inject extra arguments into the backup compression command, letting them write arbitrary files on the host and potentially execute code as root.

• criticalCVE-2026-48749

  CVE-2026-48749: Incus Arbitrary File Read and Write via rootfs Symlink in Malicious Image

  A crafted container image can trick Incus into mapping its rootfs to any path on the host, letting an authenticated user read or overwrite arbitrary host files as root.

• criticalCVE-2026-48751

  CVE-2026-48751: Incus Restricted Project Bypass via Snapshot Restore

  A flaw in Incus lets an attacker smuggle dangerous low-level container configuration inside a snapshot, move that snapshot into a locked-down project, and restore it to run arbitrary commands as root

• criticalCVE-2026-48752

  CVE-2026-48752: Incus Arbitrary Host File Read and Write via templates/ Symlink

  A malicious container image or instance backup can trick Incus into treating a symlink as its templates directory, letting an attacker read or overwrite any file on the host, including cron jobs that

• highCVE-2026-46619

  CVE-2026-46619: OpenAM MSISDN Authentication Bypass via LDAP Injection

  A missing LDAP filter escape in OpenAM's MSISDN authentication module lets an unauthenticated attacker inject LDAP metacharacters and obtain a valid session as any directory user, no password required