All Hands

A critical remote code execution vulnerability (CVSS 9.8) has been discovered in All Hands' product that requires no authentication or user interaction to exploit over the network. The vulnerability allows attackers to completely compromise system confidentiality, integrity, and availability from a remote location with minimal attack complexity. Security teams should immediately monitor for patches from All Hands (vendor deadline February 4, 2026) and restrict network access to affected systems until remediation is available.