Skip to main content
CVE-2026-12823 LOW POC Monitor

Incorrect default file permissions in Browserbase's Autobrowse Trace Artifact Handler (versions up to 20260526) expose locally stored trace artifact files to low-privileged users on the same host, resulting in unauthorized information disclosure. A public exploit (poc.sh) was released without a vendor patch, as the vendor did not respond to responsible disclosure. With a CVSS 4.0 score of 1.9, the attack is strictly local and limited to confidentiality impact; no KEV listing exists, but publicly available exploit code lowers the bar for exploitation in shared-host environments.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.1%
CVE-2026-8823 LOW Monitor

Incorrect authorization in Mattermost's demote-user API allows a lower-privileged administrator to degrade arbitrary bot accounts to guest status, affecting versions 11.7.0 and 10.11.17 and earlier. The root cause is missing validation of whether the target of a demotion operation is a bot account, meaning an admin who lacks full system privileges can still weaponize the standard API endpoint against bot identities. No public exploit exists and the vulnerability is not listed in CISA KEV; its real-world priority is low given the high-privilege requirement and limited blast radius.

Mattermost Authentication Bypass
NVD
CVSS 3.1
3.8
EPSS
0.2%
CVE-2026-8074 LOW Monitor

{id}/active endpoint despite lacking the Integrations permission required to manage bots. The server fails to apply bot-specific permission checks at this endpoint, accepting the deactivation request based solely on user management write access. While no public exploit has been identified at time of analysis, successful abuse disrupts any automated workflows or integration pipelines dependent on the targeted bot accounts.

Mattermost Authentication Bypass
NVD VulDB
CVSS 3.1
3.8
EPSS
0.2%
CVE-2026-52796 LOW PATCH GHSA Monitor

{` placeholder, the third-party `com.Expand()` call in `internal/markup/markup.go` panics due to a negative slice index, making all repository pages that render issue references permanently unavailable until the configuration is corrected. No public exploit beyond the PoC included in the advisory is identified at time of analysis; this is not in CISA KEV.

Ssti Information Disclosure
NVD GitHub
CVSS 3.1
3.5
EPSS
0.3%
CVE-2026-12888 LOW PATCH Monitor

HTML injection in Canarytokens' Google Chat webhook notifications allows an attacker who triggers a deployed canarytoken to embed limited HTML content - including crafted hyperlinks - inside the resulting alert message rendered in Google Chat. The vulnerable system is Canarytokens itself (Docker tag sha-4aef1db90 through sha-8ab4dccd), but the integrity impact lands on the subsequent system: the Google Chat interface where defenders receive their alerts. A proof of concept exists per CVSS 4.0 supplemental metric E:P; no confirmed active exploitation or CISA KEV listing exists at time of analysis.

Google Code Injection Docker Canarytokens
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.3%
CVE-2026-12822 LOW Monitor

Code injection in langflow's Bundle URL Loader component allows local attackers with low privileges to inject and execute arbitrary code within the langflow process across versions 1.9.0 through 1.9.3. A publicly available proof-of-concept demonstrating startup-time RCE via maliciously crafted bundle URLs has been published by the researcher, though the CVSS 4.0 vector (VC:L/VI:L/VA:L) rates impact as low - a discrepancy with the RCE claim in the PoC that warrants independent verification. No vendor-released patch is available; the vendor did not respond to the researcher's disclosure.

Code Injection Langflow
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.1%
CVE-2026-44793 LOW PATCH GHSA Monitor

Reflected XSS in OpenAM's SAML2 federation library (openam-federation-library versions prior to 16.1.1) allows unauthenticated remote attackers to inject arbitrary JavaScript into the OpenAM origin via the Cookie-Hash-Redirect path, exploiting inconsistent output encoding in the FSUtils.postToTarget method. The attack surface is limited to deployments using a non-default clustered configuration; standard single-node deployments are not affected. A vendor-released patch (16.1.1) is available, and no public exploit has been identified at time of analysis.

XSS
NVD GitHub
CVE-2026-44778 LOW PATCH GHSA Monitor

Denial of service in Inspektor Gadget's USDT note parser (pkg/uprobetracer/usdt.go) allows an unprivileged container process to crash or OOM-kill the privileged IG host process by placing a crafted ELF binary at a path targeted by a custom USDT gadget. Two distinct attack vectors exist: a panic from out-of-bounds slice access when DescSize is artificially small, and unbounded memory allocation (~4 GiB) when NameSize or DescSize is set to 0xFFFFFFFF. No public exploit identified at time of analysis; critically, no gadget shipped by the Inspektor Gadget project uses USDT probes, so only deployments running operator-developed custom USDT gadgets are exposed.

RCE Denial Of Service Privilege Escalation Kubernetes
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy