Research
Vulnerability research and advisories
Actionable writeups with exploit context, metadata, and practical remediation details.
CVE-2026-45783: @libp2p/kad-dht lets unauthenticated peers fill disk with unvalidated PUT_VALUE records
A newly published flaw in @libp2p/kad-dht before 16.2.6 allows any remote peer to stream crafted PUT_VALUE messages whose keys bypass record validation, turning DHT server nodes into unbounded disk sinks until the host or container runs out of storage.
CVE-2026-42305 and CVE-2026-47712: Dulwich 1.2.5 fixes Windows checkout abuse and format_patch path traversal
Dulwich before 1.2.5 accepts NTFS-hostile tree entries that can plant files under .git or escape the work tree on Windows, and it also derives format_patch filenames from unsanitized commit subjects, letting attacker-controlled commits write patch files outside the requested output directory.
CVE-2026-41840 and CVE-2026-41842: Spring 7.0.8 fixes WebFlux multipart and versioned-resource DoS flaws
Spring Framework 7.0.8 and 6.2.19 fix two newly disclosed denial-of-service flaws that matter to Maven-based application teams: a WebFlux multipart-processing leak reachable through hostile multipart bodies, and a static-resource resolution path that can pin connections when versioned filesystem assets are enabled.
dbmux npm package used Phantom Gyp to execute Miasma during install
The `dbmux` npm package was classified as critical malware after public tracking tied compromised `1.x` and `2.2.x` releases to Miasma's Phantom Gyp technique, where a weaponized `binding.gyp` forces `node-gyp rebuild` to execute a hidden loader during `npm install` even when `package.json` does not advertise lifecycle scripts.
onering 1.4.1 used Cargo build.rs to exfiltrate private source diffs
The compromised Rust crate `onering@1.4.1` added a 74-line `build.rs` that walks out of Cargo's `OUT_DIR`, runs `git log -n 1` and `git diff HEAD^ HEAD` against the consuming repository, and posts commit metadata plus the latest source diff to a Sentry ingest endpoint on every build.
Hades PyPI follow-on hit MCP packages and Python typosquats
On June 9, 2026, the Hades PyPI campaign expanded beyond the earlier scientific-package wave into MCP tooling and typo-squatted Python packages such as `openai-mcp`, `langchain-core-mcp`, `instructor-mcp`, `tiktoken-mcp`, `ray-mcp-server`, `rsquests`, `rlask`, and `tlask`, using `.pth` loaders, split staging, and native-extension triggers to launch a Bun-executed stealer.
Weekly Briefing - 09-06-2026
Corgea's weekly briefing for 2-9 June 2026 covers the Phantom Gyp Miasma npm wave, Hades' expansion into MCP-focused PyPI packages, the nvm mirror command injection flaw, and the now-exploited Oracle WebLogic T3/IIOP exposure issue.
CVE-2026-10796 lets hostile mirrors turn `nvm install` into shell RCE
A June 4 disclosure showed that nvm <= 0.40.4 trusted version fields from mirror index.tab metadata, letting hostile or MITM'd mirrors inject commands into both nvm_download() and nvm_get_checksum(). Version 0.40.5 fixes the issue by removing eval from downloader execution, passing tarball names to awk as data, and rejecting disallowed characters in mirror-supplied version strings.
Phantom Gyp Miasma hit Vapi, ai-sdk-ollama, and 55 more npm packages
A June 3-4 Miasma follow-on wave used a 157-byte binding.gyp file to force node-gyp command substitution during npm install, turning @vapi-ai/server-sdk, ai-sdk-ollama, and dozens of autotel, awaitly, executable-stories, and node-env-resolver packages into Bun-staged credential-stealing worm loaders while leaving their real dist/ code untouched.
CVE-2026-44488: Axios fetch adapter bypasses maxContentLength and maxBodyLength
Axios 1.7.0 through 1.15.x does not enforce configured request and response size limits when the fetch adapter is selected, allowing oversized uploads, downloads, and data: URL bodies to exhaust memory and CPU on server-side runtimes that relied on those limits as a security boundary.
CVE-2024-21182: Oracle WebLogic T3 and IIOP exposure is now exploited
CISA added CVE-2024-21182 to KEV after active exploitation of an Oracle WebLogic Server Core flaw that is reachable without authentication over T3 and IIOP and can expose all WebLogic-accessible data.
Miasma poisoned Red Hat Cloud Services npm packages through trusted publishing
A compromised Red Hat GitHub account pushed orphan commits into RedHatInsights repositories and used GitHub Actions OIDC trusted publishing to ship Miasma, a Bun-staged credential-stealing worm with GitHub dead-drop exfiltration and local persistence, across @redhat-cloud-services npm packages.
Weekly Briefing - 02-06-2026
Corgea's weekly briefing for 26 May-2 June 2026 covers the Red Hat Cloud Services Miasma npm compromise, private Gitea and Forgejo container-image exposure, the js-logger-pack MicrosoftSystem64 implant, banking-certificate theft through a malicious NuGet SDK, dependency-confusion reconnaissance, OpenSearch npm typosquats, CMS privilege escalations, and stored editor XSS.
CIFSwitch turns Linux CIFS SPNEGO upcalls into local root
CIFSwitch is a Linux kernel and cifs-utils privilege escalation where an unprivileged process can forge a cifs.spnego key request, make request-key launch cifs.upcall as root, and force NSS code execution inside an attacker-controlled namespace.
CVE-2026-27771 exposed private Gitea and Forgejo container images
CVE-2026-27771 is a Gitea container registry authorization flaw where unauthenticated requests could pull private OCI image manifests and layers from affected self-hosted instances, exposing application code, dependencies, and secrets baked into images.
roberts/leads Packagist dev branch hid a Famous Chollima blockchain loader
The Packagist package roberts/leads exposed a poisoned development branch as dev-drewroberts/feature/test-case, where tailwind.js appended obfuscated JavaScript that resolved payload material through TRON, Aptos, and BNB Smart Chain before executing it in Node.js.
oob.moika.tech npm campaign used dependency confusion to profile developer environments
Public reporting tied at least 179 malicious npm package-version records to an oob.moika.tech dependency-confusion campaign that abused internal-looking scopes, postinstall hooks, inflated versions, and detached JavaScript payloads to inventory developer and CI environments.
14 OpenSearch-themed npm typosquats stole AWS, Vault, GitHub, and npm secrets
A May 28 npm campaign published 14 OpenSearch, ElasticSearch, DevOps, and config lookalikes that executed during npm install, loaded a Bun-based credential harvester, and targeted cloud and CI/CD secrets.
CVE-2026-48864: libsolv .solv page decompression can overflow parser buffers
A high-severity libsolv flaw lets attacker-controlled .solv cache data reach unchecked decompression paths in repopagestore page loading, creating out-of-bounds memory access in tooling that parses untrusted package metadata caches.
js-logger-pack turns Hugging Face into a malware CDN and exfiltration backend
Recent js-logger-pack npm releases and related logger packages deliver MicrosoftSystem64, a cross-platform Node SEA implant that persists on Windows, macOS, and Linux, logs keystrokes, scans developer secrets, and uploads stolen data to private Hugging Face datasets.
Sicoob.Sdk NuGet impersonator steals mTLS certificates through Sentry telemetry
Malicious Sicoob.Sdk NuGet releases 2.0.0 through 2.0.4 impersonated an official Brazilian banking SDK, then exfiltrated client IDs, PFX passwords, base64-encoded PFX certificate archives, and boleto responses from the SicoobClient constructor.
TinyMCE CVE-2026-47759 through 47762 turn editor sanitization gaps into stored XSS
TinyMCE disclosed four high-severity stored-XSS vulnerabilities across npm, NuGet, and Composer packages, affecting data-mce-* attributes, nested SVG namespace handling, media plugin embeds, and forged mce:protected comments.
codexui-android npm package exfiltrates Codex OAuth tokens on startup
The npm package codexui-android, also pulled by Android apps at runtime, added registry-only code that reads Codex auth.json, XOR-encodes the full OpenAI OAuth token blob, and posts it to sentry.anyclaw.store on every launch.
@velora-dex/sdk 9.4.1 loaded a macOS MINIRAT backdoor on import
JINX-0164's npm compromise of @velora-dex/sdk 9.4.1 appended three registry-only lines to dist/index.js, causing any require() or import of the DeFi SDK to fetch a macOS shell dropper and install a Go backdoor with launchctl persistence.
CVE-2026-48172: exploited LiteSpeed cPanel plugin bug lets any tenant reach root
CISA added CVE-2026-48172 to KEV after active exploitation of LiteSpeed's User-End cPanel Plugin. A vulnerable Redis enable/disable JSON API path exposed to cPanel users can execute attacker-controlled scripts with root privileges on shared Linux hosting servers.
Joomla 5.4.6 and 6.1.1 patch com_users privilege-escalation paths
Joomla's 26 May security release fixes critical access-control failures in the com_users batch task and group-editing webservice endpoint. CVE-2026-48898 and CVE-2026-48904 affect Joomla CMS 4.0.0 through 5.4.5 and 6.0.0 through 6.1.0.
Snipe-IT 8.4.1 closes API admin escalation, component-note XSS, and open redirect flaws
Snipe-IT 8.4.1 fixes three newly published CVEs, led by CVE-2026-44832: an API permission-assignment bug where a user with users.edit could set permissions[admin]=1 on their own account.
CVE-2026-9082: exploited Drupal PostgreSQL SQL injection reaches KEV
CVE-2026-9082 is a highly critical Drupal core SQL injection in the PostgreSQL database abstraction path where crafted anonymous requests can influence query construction, leading to information disclosure, privilege escalation, and possible remote code execution; CISA added it to KEV after exploit attempts were observed in the wild.
Laravel-Lang tag rewrites turned Composer autoload into credential theft
The Laravel-Lang compromise rewrote trusted Composer tags across four community packages so that normal Laravel and Symfony bootstraps loaded a malicious src/helpers.php dropper through autoload.files, fetching a PHP stealer from flipboxstudio.info and targeting cloud, CI/CD, Kubernetes, Vault, browser, SSH, and developer secrets.
TrapDoor used npm, PyPI, and Crates.io lures to steal developer secrets
TrapDoor is a coordinated multi-registry malware campaign affecting 34 package names across npm, PyPI, and Crates.io, with ecosystem-specific execution paths for postinstall hooks, Python import-time remote JavaScript execution, and Rust build.rs scripts targeting crypto, DeFi, AI, and security developers.
Weekly Briefing - 26-05-2026
Corgea's weekly briefing for 19-26 May 2026 covers the GitHub internal repository breach tied to the Nx Console compromise, TrapDoor's multi-registry package malware campaign, exploited Drupal and Langflow KEV vulnerabilities, Laravel-Lang tag rewrites, TensorRT-LLM deserialization flaws, the art-template browser exploit-chain compromise, and a Linux ptrace local privilege escalation.
art-template npm compromise delivered a Coruna-like iOS exploit kit
Compromised npm releases of art-template appended browser-side script loaders to lib/template-web.js, sending downstream site visitors through hidden iframes into a Safari/iOS exploit delivery framework instead of only stealing developer secrets at install time.
CVE-2025-34291: Langflow CORS and refresh-token chain reaches RCE
CISA added CVE-2025-34291 to KEV after exploitation of a Langflow chain where wildcard credentialed CORS and a SameSite=None refresh-token cookie let a malicious webpage mint API tokens and reach authenticated code-execution endpoints.
CVE-2026-46333: Linux ptrace race leaks privileged file descriptors
CVE-2026-46333 is a Linux kernel ptrace authorization flaw where pidfd_getfd can race a dying privileged process after it drops credentials, duplicating sensitive file descriptors such as /etc/shadow, SSH host keys, or authenticated system D-Bus sockets.
NVIDIA TensorRT-LLM deserialization flaws expose distributed inference control paths
CVE-2025-33255 and CVE-2026-24142 affect NVIDIA TensorRT-LLM before 1.2, where unsafe deserialization in MPI and serialized weight-handle paths could turn crafted control-plane data into code execution, data tampering, information disclosure, or denial of service.
GitHub breached through a poisoned VS Code extension: 3,800 internal repositories stolen
TeamPCP exploited a cascading supply chain attack from TanStack to Nx Console to a GitHub employee workstation to exfiltrate approximately 3,800 private GitHub repositories containing infrastructure configs, deployment scripts, staging credentials, and internal API schemas.
Nx Console VS Code extension 18.95.0 shipped a developer credential stealer
A malicious 18.95.0 release of the Nx Console VS Code extension executed a hidden npx task on workspace activation, fetched an obfuscated Bun payload from a dangling nrwl/nx commit, harvested developer and cloud credentials, installed macOS persistence, and demonstrated the same auto-update path now tied to GitHub internal repository exposure.
shopsprint/decimal Go typosquat hides DNS TXT command backdoor
The typosquatted Go module github.com/shopsprint/decimal copied the popular shopspring/decimal API, then weaponized version 1.3.3 with an init() goroutine that polls DNS TXT records and executes returned commands.
CVE-2026-25244: WebdriverIO BrowserStack Service executes Git branch names in shell commands
WebdriverIO BrowserStack Service versions through 9.23.2 interpolate attacker-controlled Git branch names into execSync() calls during test orchestration smart selection, allowing command injection on CI runners and developer machines.
Mini Shai-Hulud npm worm hits AntV, echarts-for-react, and timeago.js
TeamPCP's Mini Shai-Hulud campaign expanded on May 19 with hundreds of malicious npm releases across the AntV data-visualization ecosystem and related packages including echarts-for-react, timeago.js, size-sensor, and jest-canvas-mock.
durabletask PyPI releases backdoored with multi-cloud credential stealer
Three malicious PyPI releases of Microsoft's durabletask Python SDK, versions 1.4.1 through 1.4.3, executed an import-time Linux dropper that fetched rope.pyz, harvested cloud and developer secrets, and attempted lateral movement through AWS SSM and Kubernetes.
Weekly Briefing - 19-05-2026
Corgea's weekly briefing for 12-19 May 2026 covers the durabletask PyPI compromise, the Mini Shai-Hulud expansion into AntV and related npm packages, the Nx Console extension compromise, WebdriverIO command injection, and other important supply-chain, kernel, and application-security research from the week.
Backdoored Cemu Linux release assets reused TeamPCP credential-stealer payload
Cemu v2.6 Linux GitHub release assets were deleted and re-uploaded with a Python zipapp payload tied to the TanStack and Mistral TeamPCP supply-chain campaign, exposing users who ran the AppImage or Ubuntu ZIP to credential theft and possible destructive behavior.
Strapi advisory cluster exposes admin token oracle and content-builder SQL injection
Five Strapi advisories published in mid-May affect npm packages across the Strapi CMS stack, including a critical unauthenticated admin reset-token oracle in @strapi/strapi and a critical Content-Type Builder SQL injection in @strapi/content-type-builder and @strapi/plugin-content-type-builder.
MAL-2026-3744: node-ipc npm releases backdoored with DNS exfiltration stealer
Three npm releases of node-ipc, versions 9.1.6, 9.2.3, and 12.0.1, were published with an obfuscated CommonJS payload that steals developer and CI credentials and exfiltrates gzipped archives through DNS TXT queries.
Fragnesia: Linux ESP-in-TCP bug revives page-cache root escalation
CVE-2026-46300, nicknamed Fragnesia, is a new Linux kernel XFRM ESP-in-TCP local privilege escalation that lets unprivileged local attackers corrupt read-only file contents in page cache and execute a root shell from a patched-in-memory system binary.
GemStuffer abuses RubyGems as a data-exfiltration channel
GemStuffer is a RubyGems registry-abuse campaign that published 155 junk package artifacts containing scraped UK council portal data, using hardcoded RubyGems API keys and valid .gem archives as a public data drop.
CVE-2026-41242: protobufjs can execute code from attacker-controlled schemas
protobufjs before 7.5.5 and 8.0.1 can turn schema metadata into executable JavaScript through unsafe runtime code generation, exposing Node.js services that load attacker-influenced protobuf definitions or JSON descriptors.
Dirty Frag: Linux kernel ESP and RxRPC flaws enable local root escalation
Dirty Frag chains CVE-2026-43284 in Linux kernel ESP/IPsec handling with CVE-2026-43500 in RxRPC to turn local access into root on many Linux distributions, with public proof-of-concept code available before broad vendor patch coverage.
Five malicious IR.* NuGet packages impersonate Chinese .NET libraries
A NuGet campaign published five IR.* packages under the bmrxntfj account, using functional .NET library wrappers plus a Reactor-protected infostealer to target browser credentials, SSH keys, cloud secrets, and crypto wallets across developer workstations and CI systems.
Mini Shai-Hulud Supply-Chain Worm Compromises TanStack, Mistral AI, UiPath, and 160+ npm Packages
TeamPCP launched a coordinated supply-chain attack against the npm and PyPI ecosystems, compromising 373 malicious package versions across 169 package names including @tanstack/react-router, @mistralai/mistralai, and @uipath packages. TanStack's npm compromise is now tracked as CVE-2026-45321 after attackers used a misconfigured CI workflow, cache poisoning, and OIDC token theft to publish malware with trusted provenance.
CVE-2026-6907: Django cache middleware mishandles Vary: *
Django's UpdateCacheMiddleware could cache responses that explicitly declared themselves uncacheable for shared caches, creating a path for private data exposure.
No matching content found.