Labs

Short research notes on newly disclosed vulnerabilities: the problem, the payload, and the fix.

• highCVE-2026-46498

  CVE-2026-46498: OpenAM Arbitrary OAuth2 Token Minting via CTS Namespace Confusion

  A logic flaw in OpenAM's token store lets a low-privileged attacker plant a crafted JSON blob and have it accepted as a valid OAuth2 bearer token, granting access to any resource with attacker-chosen

• highCVE-2026-46560

  CVE-2026-46560: OpenAM RADIUS Client Authentication Bypass via Response Spoofing

  OpenAM's RADIUS client never validates the server response, so any attacker who can race or spray a forged Access-Accept UDP packet to the client port gains a full session as any RADIUS user without k

• criticalCVE-2026-48714

  CVE-2026-48714: i18next-http-middleware Prototype Pollution via Dotted Missing-Key

  A bypass in i18next-http-middleware's missing-key guard lets attackers send a crafted translation key like '__proto__.polluted' over HTTP, which downstream backends split and walk directly into Object

• criticalCVE-2026-48713

  CVE-2026-48713: i18next-fs-backend Prototype Pollution via Crafted Missing-Key String

  A crafted translation key containing __proto__ sent to the i18next missing-key persistence endpoint can overwrite properties on JavaScript's global Object prototype, potentially crashing the app or by

• high

  go-chi/chi RealIP Middleware IP Spoofing via X-Forwarded-For

  The chi RealIP middleware blindly trusts the leftmost value in the X-Forwarded-For header, letting any client forge their source IP and bypass access controls or corrupt audit logs.

• high

  chi RealIP Middleware IP Spoofing via Unvalidated X-Forwarded-For Header

  chi's built-in RealIP middleware blindly trusts client-supplied headers like X-Forwarded-For and X-Real-IP without verifying the request came from a trusted proxy, letting any attacker fake their IP a

• highCVE-2026-9291

  CVE-2026-9291: amazon-braket-sdk Insecure Deserialization via pickle.loads()

  A user with write access to an Amazon Braket job output S3 bucket can plant a malicious results file that causes the SDK to run arbitrary code on the victim's machine when job results are retrieved.

• highCVE-2026-48502

  CVE-2026-48502: MessagePack-CSharp ReadDateTime Stack Overflow via Oversized Extension Length

  Sending a MessagePack timestamp extension header with a bogus body length causes MessagePack-CSharp to stack-allocate a massive buffer before validating the input, crashing the host process with an un

• highCVE-2026-48506

  CVE-2026-48506: MessagePack-CSharp Uncontrolled Recursion in TrySkip Causes Process Crash

  A bug in MessagePack-CSharp's skip logic lets an attacker send a deeply nested binary payload that bypasses all depth limits, exhausts the process stack, and crashes the application with an uncatchabl

• highCVE-2026-48505

  CVE-2026-48505: Filament MFA Recovery Code Race Condition

  Filament's app-based MFA recovery codes can be reused across multiple sessions by submitting the same code in parallel HTTP requests, defeating the single-use guarantee.

• highCVE-2026-48702

  CVE-2026-48702: Rekor Alpine APK Gzip Decompression Bomb (OOM DoS)

  Rekor's Alpine APK parser decompresses gzip members into memory without a size cap, so an attacker can crash the transparency-log server with a tiny compressed upload that expands to gigabytes.

• criticalCVE-2026-39833

  CVE-2026-39833: golang.org/x/crypto ssh/agent ConfirmBeforeUse Constraint Bypass

  The Go SSH agent keyring silently ignored the 'require user confirmation' flag on stored keys, letting any process with agent access sign with those keys without ever prompting the user.