critical

CVE

CVE-2026-48027, CVE-2026-9082, CVE-2026-46333, CVE-2025-34291, CVE-2025-33255, CVE-2026-24142, CVE-2024-23222

CWE

CWE-506, CWE-200, CWE-89, CWE-1357, CWE-269, CWE-346, CWE-502

Affected Surface

GitHub internal repositories, nrwl.angular-console 18.95.0, npm, PyPI, and Crates.io packages, drupal/core on PostgreSQL, Laravel-Lang Composer packages, langflow <= 1.6.9, NVIDIA TensorRT-LLM before 1.2, art-template 4.13.3, 4.13.5, and 4.13.6, Linux kernel ptrace and pidfd_getfd paths

Welcome to Corgea’s weekly briefing. The briefing covers the most important security findings and research from the week.

This edition covers the Tuesday, 19 May through Tuesday, 26 May 2026 research window, excluding items already covered in the 19 May briefing.

Top Article

GitHub breached through a poisoned VS Code extension: 3,800 internal repositories stolen

The most important story this week is the downstream consequence of the Nx Console VS Code extension compromise: GitHub confirmed unauthorized access to roughly 3,800 internal repositories after a GitHub employee workstation auto-updated to the poisoned extension. GitHub disclosed the investigation publicly, while Aikido, StepSecurity, SecurityWeek, and BleepingComputer connected the breach back to TeamPCP’s cascading supply-chain campaign.

This is why the incident matters beyond GitHub. The chain moved from the TanStack and Mistral npm/PyPI compromise, to Nx contributor credential theft, to a malicious VS Code extension, and finally to a corporate developer workstation with internal repository access. It is the same developer-workstation targeting pattern seen across the AntV Mini Shai-Hulud wave, durabletask PyPI compromise, and Cemu release-asset swap. Security teams should treat IDE extensions as code with workstation-wide authority, not as low-risk productivity plugins.

More news

TrapDoor used npm, PyPI, and Crates.io lures to steal developer secrets

Socket discovered and published the TrapDoor campaign after correlating malicious packages across npm, PyPI, and Crates.io. The campaign affected 34 package names aimed at crypto, DeFi, AI, Sui/Move, and security developers, with execution customized to each ecosystem: npm postinstall hooks, PyPI import-time remote JavaScript execution, and Rust build.rs scripts.

The important detail is how broad the credential target set was. TrapDoor looked for wallets, SSH keys, GitHub tokens, cloud credentials, browser stores, .env files, and AI coding-tool context, while also attempting persistence through .cursorrules, CLAUDE.md, Git hooks, shell profiles, cron, and systemd. That puts it in the same modern package-malware family as the node-ipc DNS exfiltration incident, the NuGet IR.* credential-stealer campaign, and GemStuffer’s registry-abuse pattern: package ecosystems are now both delivery channels and post-compromise infrastructure.

CVE-2026-9082: exploited Drupal PostgreSQL SQL injection reaches KEV

Drupal published SA-CORE-2026-004 for a highly critical PostgreSQL-only SQL injection in Drupal core, then updated the advisory after exploit attempts were observed in the wild. CISA added CVE-2026-9082 to the Known Exploited Vulnerabilities catalog on 22 May, and CyCognito and CyberPress provided additional public analysis.

The bug is especially urgent because anonymous users can exploit affected PostgreSQL-backed Drupal sites, and impact can range from information disclosure to privilege escalation and possible code execution depending on routes, modules, schema, and database permissions. Teams should patch fixed Drupal releases, separately inventory PostgreSQL-backed sites, and review logs from 20 May onward for nested array or EntityQuery-style probing. This belongs in the same emergency-response bucket as the exploited Langflow KEV chain, not as a routine CMS maintenance item.

Other news:

  • Laravel-Lang tag rewrites turned Composer autoload into credential theft - Socket, Aikido, Phoenix Security, and StepSecurity reported that attackers rewrote trusted tags across four Laravel-Lang Composer packages, causing vendor/autoload.php to load a malicious src/helpers.php dropper that fetched a PHP stealer from flipboxstudio[.]info. The incident is a strong Composer parallel to the npm and PyPI supply-chain compromises covered in the GitHub/Nx breach analysis and the TrapDoor campaign.
  • CVE-2025-34291: Langflow CORS and refresh-token chain reaches RCE - CISA added Langflow’s exploited CORS and refresh-token chain to KEV after Obsidian Security, VulnCheck, and CrowdSec documented how wildcard credentialed CORS plus SameSite=None refresh cookies can let a malicious webpage mint tokens and reach authenticated code-execution paths in AI workflow deployments.
  • NVIDIA TensorRT-LLM deserialization flaws expose distributed inference control paths - NVIDIA disclosed CVE-2025-33255 and CVE-2026-24142 in TensorRT-LLM before 1.2, where unsafe Python deserialization in MPI and serialized weight-handle paths could expose distributed inference workers to code execution, data tampering, information disclosure, or denial of service.
  • art-template npm compromise delivered a Coruna-like iOS exploit kit - Socket and SafeDep found compromised art-template npm releases that appended browser-side loaders to lib/template-web.js, sending downstream site visitors toward a Coruna-like Safari/iOS exploit chain previously documented by Google TAG. Unlike many package attacks, this one targeted application users through bundled frontend code, not only developers and CI runners.
  • CVE-2026-46333: Linux ptrace race leaks privileged file descriptors - Qualys published the Linux ptrace advisory after exploit material appeared during coordinated distribution patching. The local race lets an unprivileged attacker use pidfd_getfd() to duplicate file descriptors from privileged processes, putting /etc/shadow, SSH host keys, and authenticated D-Bus sockets at risk; it pairs naturally with initial access from malware like TrapDoor or Laravel-Lang.