Labs
Short research notes on newly disclosed vulnerabilities: the problem, the payload, and the fix.
- highCVE-2026-49260
CVE-2026-49260: php-weasyprint OS Command Injection via Binary Path
A logic error in php-weasyprint's command builder means the safety check that should quote and validate the WeasyPrint binary path is permanently bypassed, letting any shell metacharacters in that pat
- critical
CVE-2026-42208: semantic-router Unbounded litellm Pin Pulls Credential-Stealing Wheel
Installing semantic-router 0.1.8 through 0.1.14 could silently pull in a backdoored version of litellm that steals every credential on the machine the moment Python starts, with no import required.
- high
muhammara NULL Pointer Dereference in LZWDecode DecodeParms Handling
Sending a crafted PDF with an LZWDecode filter and an empty DecodeParms dictionary to any app using muhammara crashes the Node.js process instantly, enabling denial of service by anyone who can upload
- highCVE-2026-48979
CVE-2026-48979: php-standard-library/h2 HTTP/2 Request Smuggling via Missing Content-Length Validation
A missing content-length check in the PHP Standard Library's HTTP/2 server lets a malicious client send a different number of bytes than it declared, bypassing size limits or corrupting application st
- high
CVE-2026-56396: phpMyFAQ Privilege Escalation via Missing Authorization in editUser and updateUserRights
A non-SuperAdmin administrator in phpMyFAQ can promote themselves to SuperAdmin or grant arbitrary permissions to any account, because two admin API endpoints never check whether the caller has the pr
- high
better-helperjs Path Traversal via String Prefix Bypass in Static Server
The production static file server in better-helperjs lets attackers read files from adjacent directories on disk by exploiting a flawed string prefix check that mistakes a shared directory name prefix
- criticalCVE-2026-49252
CVE-2026-49252: @deepstream/server Prototype Pollution via Record Path
Any authenticated deepstream user with write access to a record can pollute the server's JavaScript prototype by sending a crafted path in a record update, potentially escalating their own privileges
- highCVE-2026-49291
CVE-2026-49291: mcp-memory-service Missing Authorization on MCP tools/call
A read-only OAuth token can write or delete memories through the MCP JSON-RPC endpoint, bypassing the write-scope checks that protect the equivalent REST API routes.
- criticalCVE-2026-49257
CVE-2026-49257: mcp-pinot-server Unauthenticated Remote Tool Invocation
The mcp-pinot MCP server binds to all network interfaces with authentication disabled by default, letting any remote caller read or modify a production Apache Pinot cluster without any credentials.
- criticalCVE-2026-48797
CVE-2026-48797: backpropagate Authentication Bypass on UI Training Control Plane
The backpropagate web UI ignores the --auth flag operators pass at startup, so anyone who can reach the bound port gets full, unauthenticated access to training controls, dataset uploads, and HuggingF
- high
Hysteria: HTTP Sniff Unbounded Header Read Server DoS
When protocol sniffing is enabled, a Hysteria 2 server will buffer an attacker's HTTP header data indefinitely until the sniff timeout, allowing any authenticated client to exhaust server memory and c
- high
Hysteria Server Crash via Tiny QUIC max_datagram_frame_size
An authenticated Hysteria client can crash the server instantly by advertising a tiny QUIC datagram size and then sending a UDP packet, triggering a slice-bounds panic in the fragmentation code.