Labs

Short research notes on newly disclosed vulnerabilities: the problem, the payload, and the fix.

• high

  chi RealIP Middleware IP Spoofing via Unvalidated X-Forwarded-For Header

  chi's built-in RealIP middleware blindly trusts client-supplied headers like X-Forwarded-For and X-Real-IP without verifying the request came from a trusted proxy, letting any attacker fake their IP a

• highCVE-2026-9291

  CVE-2026-9291: amazon-braket-sdk Insecure Deserialization via pickle.loads()

  A user with write access to an Amazon Braket job output S3 bucket can plant a malicious results file that causes the SDK to run arbitrary code on the victim's machine when job results are retrieved.

• highCVE-2026-48502

  CVE-2026-48502: MessagePack-CSharp ReadDateTime Stack Overflow via Oversized Extension Length

  Sending a MessagePack timestamp extension header with a bogus body length causes MessagePack-CSharp to stack-allocate a massive buffer before validating the input, crashing the host process with an un

• highCVE-2026-48506

  CVE-2026-48506: MessagePack-CSharp Uncontrolled Recursion in TrySkip Causes Process Crash

  A bug in MessagePack-CSharp's skip logic lets an attacker send a deeply nested binary payload that bypasses all depth limits, exhausts the process stack, and crashes the application with an uncatchabl

• highCVE-2026-48505

  CVE-2026-48505: Filament MFA Recovery Code Race Condition

  Filament's app-based MFA recovery codes can be reused across multiple sessions by submitting the same code in parallel HTTP requests, defeating the single-use guarantee.

• highCVE-2026-48702

  CVE-2026-48702: Rekor Alpine APK Gzip Decompression Bomb (OOM DoS)

  Rekor's Alpine APK parser decompresses gzip members into memory without a size cap, so an attacker can crash the transparency-log server with a tiny compressed upload that expands to gigabytes.

• criticalCVE-2026-39833

  CVE-2026-39833: golang.org/x/crypto ssh/agent ConfirmBeforeUse Constraint Bypass

  The Go SSH agent keyring silently ignored the 'require user confirmation' flag on stored keys, letting any process with agent access sign with those keys without ever prompting the user.

• highCVE-2026-48508

  CVE-2026-48508: Lemur Authorization Bypass via Empty Flask-Principal Need Set

  A read-only user in Netflix Lemur can create root Certificate Authorities, upload arbitrary certificates, and manipulate notifications because two permission classes default to an empty Need set that

• highCVE-2026-53461

  CVE-2026-53461: ImageMagick ICON Decoder Heap Out-of-Bounds Write

  A loop bug in ImageMagick's ICON decoder lets a crafted .ICO file write past the end of a heap buffer, crashing any application that processes untrusted icons.

• highCVE-2026-49218

  CVE-2026-49218: Magick.NET DCM Decoder Invalid Dimension Denial of Service

  A crafted DICOM medical image file with zero-value dimension fields can bypass ImageMagick's input validation, producing an image with no width or height that crashes any downstream operation that tri

• highCVE-2026-53460

  CVE-2026-53460: Magick.NET (ImageMagick) AcquireAlignedMemory Policy Bypass DoS

  A missing bounds check in ImageMagick's aligned memory allocator lets a crafted image bypass the operator-configured memory cap and exhaust process memory, crashing any application that processes untr

• criticalCVE-2026-42508

  CVE-2026-42508: golang.org/x/crypto/ssh/knownhosts CA Revocation Bypass

  A bug in Go's SSH known_hosts library meant that a revoked CA signing key was never actually checked for revocation, letting an attacker impersonate any SSH host that CA had ever certified.