{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/authorization/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["cms (\u003c= 4.8.0)","cms (\u003e= 5.0.0, \u003c= 5.3.3)","Kirby Panel","Kirby REST API"],"_cs_severities":["high"],"_cs_tags":["authorization","cms","web-application"],"_cs_type":"advisory","_cs_vendors":["getkirby"],"content_html":"\u003cp\u003eKirby CMS versions prior to 4.9.0 and between 5.0.0 and 5.3.3 are vulnerable to a missing authorization flaw. This vulnerability impacts Kirby sites where user roles are intentionally configured with restricted access to pages or files through disabled \u003ccode\u003epages.access\u003c/code\u003e, \u003ccode\u003epages.list\u003c/code\u003e, \u003ccode\u003efiles.access\u003c/code\u003e, or \u003ccode\u003efiles.list\u003c/code\u003e permissions. The issue stems from inconsistent permission checks within the Kirby Panel and REST API, allowing authenticated users to access resources they should not be able to. Updating to versions 4.9.0, 5.4.0, or later resolves this vulnerability by implementing consistent permission checks. The vulnerability is identified as CVE-2026-42137.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn authenticated user logs into the Kirby CMS Panel or REST API.\u003c/li\u003e\n\u003cli\u003eThe user attempts to access a page or file for which their role lacks the necessary \u003ccode\u003epages.access\u003c/code\u003e/\u003ccode\u003efiles.access\u003c/code\u003e or \u003ccode\u003epages.list\u003c/code\u003e/\u003ccode\u003efiles.list\u003c/code\u003e permissions.\u003c/li\u003e\n\u003cli\u003eDue to inconsistent permission checks, the user can view the page or file details via the \u0026ldquo;changes\u0026rdquo; dialog in the Panel, even if listing is disabled.\u003c/li\u003e\n\u003cli\u003eThe user accesses the REST API, which, despite direct access checks, fails to properly filter collections or related models (children, drafts, files, etc.).\u003c/li\u003e\n\u003cli\u003eThe attacker views images associated with restricted site, pages, or user resources in lists within the Panel.\u003c/li\u003e\n\u003cli\u003eThe user exploits the incorrect permission check (using \u003ccode\u003epages.access\u003c/code\u003e instead of \u003ccode\u003epages.list\u003c/code\u003e or \u003ccode\u003efiles.access\u003c/code\u003e instead of \u003ccode\u003efiles.list\u003c/code\u003e in specific API routes).\u003c/li\u003e\n\u003cli\u003eThe user traverses to previous or next files using direct links in the files view, even if those files should not be listable.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to sensitive information or modifies content due to the bypassed permission checks.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThis vulnerability allows authenticated users to bypass intended access restrictions within Kirby CMS, leading to potential unauthorized access to sensitive information and/or unauthorized content modification. The inconsistent permission checks in the Panel and REST API could result in unintended disclosure of data restricted by role-based access controls. Successful exploitation could compromise the confidentiality and integrity of the affected Kirby CMS instance. While the advisory does not list the number of victims, this flaw impacts any Kirby site with restricted roles.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Kirby CMS version 4.9.0 or 5.4.0 (or later) to patch the vulnerability as recommended in the advisory.\u003c/li\u003e\n\u003cli\u003eReview user role permissions and blueprint configurations to ensure appropriate access controls are in place after patching, as described in the overview.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for unusual API requests to resources that should be restricted, using the rules below, to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eImplement rate limiting on API endpoints to mitigate potential brute-force attacks attempting to exploit this or other vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-30T21:03:20Z","date_published":"2026-04-30T21:03:20Z","id":"/briefs/2026-04-kirby-auth-bypass/","summary":"A missing authorization vulnerability in Kirby CMS allows authenticated users to bypass intended access restrictions on pages and files, potentially leading to unauthorized information disclosure and content modification; patched in versions 4.9.0 and 5.4.0.","title":"Kirby CMS Missing Authorization Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-kirby-auth-bypass/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["@clerk/shared","@clerk/backend","@clerk/nextjs","@clerk/clerk-js","@clerk/clerk-react","@clerk/react","@clerk/vue","@clerk/astro","@clerk/nuxt","@clerk/clerk-expo","@clerk/expo","@clerk/react-router","@clerk/tanstack-react-start","@clerk/chrome-extension","@clerk/fastify","@clerk/express","@clerk/hono"],"_cs_severities":["high"],"_cs_tags":["authorization","bypass","clerk","cve-2026-42349"],"_cs_type":"advisory","_cs_vendors":["Clerk"],"content_html":"\u003cp\u003eA critical authorization bypass vulnerability has been identified in Clerk\u0026rsquo;s authorization predicates (\u003ccode\u003ehas()\u003c/code\u003e and \u003ccode\u003eauth.protect()\u003c/code\u003e) across multiple SDKs, including \u003ccode\u003e@clerk/shared\u003c/code\u003e, \u003ccode\u003e@clerk/nextjs\u003c/code\u003e, and \u003ccode\u003e@clerk/backend\u003c/code\u003e. This flaw, reported on April 18, 2026, and patched on April 22, 2026, can lead to incorrect authorization decisions when combining multiple authorization dimensions (e.g., reverification with role). Specifically, the predicates may return \u003ccode\u003etrue\u003c/code\u003e even if the user does not satisfy all required conditions, potentially allowing unauthorized access to gated actions. A secondary bypass exists in \u003ccode\u003e@clerk/nextjs\u003c/code\u003e, where \u003ccode\u003eauth.protect()\u003c/code\u003e silently discards authorization parameters under certain conditions. The vulnerability affects applications using specific combinations of authorization checks, emphasizing the need for immediate patching.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies an application utilizing affected Clerk packages and vulnerable authorization checks.\u003c/li\u003e\n\u003cli\u003eThe attacker targets an endpoint protected by a combined authorization check (e.g., requiring a specific role and reverification).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a request that satisfies one, but not all, of the authorization conditions.\u003c/li\u003e\n\u003cli\u003eDue to the bypass vulnerability, the \u003ccode\u003ehas()\u003c/code\u003e or \u003ccode\u003eauth.protect()\u003c/code\u003e predicate incorrectly returns \u003ccode\u003etrue\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe application grants the attacker access to the protected resource or functionality.\u003c/li\u003e\n\u003cli\u003eIn the case of the \u003ccode\u003e@clerk/nextjs\u003c/code\u003e bypass, the attacker might exploit the silent discarding of authorization parameters when \u003ccode\u003eunauthenticatedUrl\u003c/code\u003e, \u003ccode\u003eunauthorizedUrl\u003c/code\u003e, or \u003ccode\u003etoken\u003c/code\u003e are also present in the \u003ccode\u003eauth.protect()\u003c/code\u003e call, effectively bypassing authorization.\u003c/li\u003e\n\u003cli\u003eThe attacker performs unauthorized actions, such as modifying data or accessing restricted areas of the application.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability could lead to unauthorized access to sensitive resources and functionalities within applications using Clerk for authentication and authorization. This could result in data breaches, privilege escalation, and other security incidents. The vulnerability affects a wide range of Clerk packages, potentially impacting a significant number of applications relying on Clerk for access control. Immediate patching is crucial to mitigate the risk of exploitation.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to the latest patch release of the consuming app\u0026rsquo;s framework package as specified in the advisory to remediate CVE-2026-42349.\u003c/li\u003e\n\u003cli\u003eIf immediate upgrade is not feasible, implement the suggested workaround of splitting combined \u003ccode\u003ehas()\u003c/code\u003e or \u003ccode\u003eauth.protect()\u003c/code\u003e calls into sequential single-condition checks as described in the advisory.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eClerkAuthProtectBypass\u003c/code\u003e to detect potential exploitation attempts by monitoring for calls to \u003ccode\u003eauth.protect\u003c/code\u003e that include \u003ccode\u003eunauthenticatedUrl\u003c/code\u003e, \u003ccode\u003eunauthorizedUrl\u003c/code\u003e, or \u003ccode\u003etoken\u003c/code\u003e parameters.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eClerkCombinedAuthCheckBypass\u003c/code\u003e to identify suspicious process creation events that may indicate unauthorized access due to the authorization bypass.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-30T18:20:02Z","date_published":"2026-04-30T18:20:02Z","id":"/briefs/2026-04-clerk-auth-bypass/","summary":"Clerk has an authorization bypass vulnerability in multiple packages where the `has()` and `auth.protect()` predicates can incorrectly return true, potentially allowing unauthorized actions.","title":"Clerk Authorization Bypass Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-clerk-auth-bypass/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["admidio"],"_cs_severities":["medium"],"_cs_tags":["saml","signature-bypass","authentication","authorization","web-application"],"_cs_type":"advisory","_cs_vendors":["admidio"],"content_html":"\u003cp\u003eAdmidio, a free web-based content management system for organizations and groups, contains a critical vulnerability in its SAML Single Sign-On (SSO) implementation. The \u003ccode\u003evalidateSignature()\u003c/code\u003e method within the SAMLService class returns error strings upon signature validation failure, rather than throwing exceptions. The calling functions, \u003ccode\u003ehandleSSORequest()\u003c/code\u003e and \u003ccode\u003ehandleSLORequest()\u003c/code\u003e, incorrectly assume that the method throws an exception, and therefore, do not check the return value. This oversight renders the \u003ccode\u003esmc_require_auth_signed\u003c/code\u003e configuration option ineffective, allowing attackers to forge SAML AuthnRequests and LogoutRequests. An attacker can exploit this vulnerability to obtain sensitive user information or cause denial of service by terminating user sessions. This affects Admidio versions 5.0.8 and earlier and requires SAML SSO to be enabled.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious SAML AuthnRequest or LogoutRequest without a valid signature, impersonating a legitimate Service Provider (SP).\u003c/li\u003e\n\u003cli\u003eThe attacker sends the forged SAML request to the Admidio instance via HTTP GET or POST to \u003ccode\u003emodules/sso/index.php\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ereceiveMessage()\u003c/code\u003e function parses the SAML binding directly from the HTTP request, requiring no prior authentication.\u003c/li\u003e\n\u003cli\u003eThe Entity ID is extracted from the forged request\u0026rsquo;s Issuer element, and the corresponding client configuration is loaded.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003evalidateSignature()\u003c/code\u003e function is called, but its return value (indicating signature validity) is discarded.\u003c/li\u003e\n\u003cli\u003eFor AuthnRequests, if the targeted user has an active session (\u003ccode\u003e$gValidLogin\u003c/code\u003e is true), the login form is skipped.\u003c/li\u003e\n\u003cli\u003eAdmidio builds a SAML Response containing the user\u0026rsquo;s attributes (login, name, email, roles) and sends it to the attacker-controlled \u003ccode\u003eAssertionConsumerServiceURL\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFor LogoutRequests, the user\u0026rsquo;s session is immediately terminated in the database, triggering a cascading single logout across all registered SPs.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability can lead to several critical impacts. The primary impact is the complete bypass of signature enforcement, negating the security benefits of the \u003ccode\u003esmc_require_auth_signed\u003c/code\u003e setting. This can lead to the disclosure of sensitive user attributes, including login name, email, and role memberships, to unauthorized parties by forging SSO requests and redirecting them to attacker-controlled endpoints. Furthermore, attackers can terminate any user\u0026rsquo;s Admidio session by forging SLO requests, potentially causing a denial-of-service condition. This vulnerability affects all Admidio instances with SAML SSO enabled and can potentially impact all users of the system.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the recommended fix in the Admidio codebase to check the return value of \u003ccode\u003evalidateSignature()\u003c/code\u003e and throw an exception on failure, as outlined in the advisory (\u003ca href=\"https://github.com/advisories/GHSA-25cw-98hg-g3cg)\"\u003ehttps://github.com/advisories/GHSA-25cw-98hg-g3cg)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Admidio Forged SAML AuthnRequest Detection\u0026rdquo; to detect potentially malicious SAML AuthnRequests lacking a valid signature via webserver logs.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Admidio Forged SAML LogoutRequest Detection\u0026rdquo; to detect potentially malicious SAML LogoutRequests lacking a valid signature via webserver logs.\u003c/li\u003e\n\u003cli\u003eMonitor webserver logs for requests to \u003ccode\u003e/adm_program/modules/sso/index.php/saml/sso\u003c/code\u003e and \u003ccode\u003e/adm_program/modules/sso/index.php/saml/slo\u003c/code\u003e without proper signature validation to detect potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eUpgrade to a patched version of Admidio to address CVE-2026-41669.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-29T21:56:13Z","date_published":"2026-04-29T21:56:13Z","id":"/briefs/2026-04-admidio-saml-bypass/","summary":"Admidio's SAML Identity Provider implementation fails to properly validate signatures on SAML AuthnRequests and LogoutRequests, enabling attackers to bypass signature enforcement, potentially disclose user attributes via forged SSO requests, and terminate user sessions via forged SLO requests.","title":"Admidio SAML Signature Validation Bypass Allows Forged AuthnRequests and LogoutRequests","url":"https://feed.craftedsignal.io/briefs/2026-04-admidio-saml-bypass/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-6977"}],"_cs_exploited":false,"_cs_products":["vanna"],"_cs_severities":["medium"],"_cs_tags":["vulnerability","authorization","web application"],"_cs_type":"advisory","_cs_vendors":["vanna-ai"],"content_html":"\u003cp\u003eA security vulnerability, identified as CVE-2026-6977, has been discovered in vanna-ai vanna versions up to 2.0.2. The vulnerability resides within an unspecified function of the Legacy Flask API component. Successful exploitation of this flaw leads to improper authorization, potentially granting unauthorized access to sensitive resources or functionalities. The vulnerability is remotely exploitable and a proof-of-concept exploit is publicly available. The vendor was contacted but did not respond. This vulnerability poses a risk to systems utilizing the affected versions of vanna-ai vanna, as attackers could leverage it to bypass intended access controls.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable vanna-ai vanna instance running version 2.0.2 or earlier.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious HTTP request targeting the Legacy Flask API. The specific endpoint and parameters involved are not defined in the source material.\u003c/li\u003e\n\u003cli\u003eThe crafted request exploits the improper authorization vulnerability (CVE-2026-6977) within the Legacy Flask API.\u003c/li\u003e\n\u003cli\u003eDue to the improper authorization flaw, the attacker\u0026rsquo;s request bypasses the intended access controls.\u003c/li\u003e\n\u003cli\u003eThe vulnerable application grants the attacker unauthorized access to resources or functionalities that should be restricted.\u003c/li\u003e\n\u003cli\u003eDepending on the accessed resources, the attacker may gain access to sensitive data, modify system settings, or perform other unauthorized actions.\u003c/li\u003e\n\u003cli\u003eThe attacker may escalate privileges or move laterally within the affected system if further vulnerabilities exist or if the compromised application has elevated permissions.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-6977 allows a remote attacker to bypass authorization checks in vanna-ai vanna, potentially leading to unauthorized access to sensitive data or functionality. Given that a public exploit exists, organizations utilizing affected versions of vanna-ai vanna are at increased risk. The lack of vendor response further exacerbates the risk, as no official patch or mitigation guidance is available.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor web server logs for suspicious activity targeting the Legacy Flask API in vanna-ai vanna, using a webserver category Sigma rule focused on unusual HTTP requests.\u003c/li\u003e\n\u003cli\u003eApply generic hardening and input validation techniques to mitigate the impact of potential exploits targeting web applications.\u003c/li\u003e\n\u003cli\u003eInvestigate and validate the activity from the VulDB references provided in this brief.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-25T11:16:19Z","date_published":"2026-04-25T11:16:19Z","id":"/briefs/2026-04-vanna-ai-authz-bypass/","summary":"An improper authorization vulnerability (CVE-2026-6977) exists in vanna-ai vanna up to version 2.0.2 due to manipulation of an unknown function within the Legacy Flask API, potentially allowing remote attackers to bypass intended access restrictions.","title":"vanna-ai vanna Improper Authorization Vulnerability (CVE-2026-6977)","url":"https://feed.craftedsignal.io/briefs/2026-04-vanna-ai-authz-bypass/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.1,"id":"CVE-2026-41190"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["cve","authorization","web application"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eFreeScout is a self-hosted help desk and shared mailbox platform. Prior to version 1.8.215, a vulnerability exists related to authorization controls when the \u003ccode\u003eAPP_SHOW_ONLY_ASSIGNED_CONVERSATIONS\u003c/code\u003e setting is enabled. Specifically, the \u003ccode\u003esave_draft\u003c/code\u003e AJAX endpoint lacks proper authorization checks. This allows an attacker to potentially bypass intended access restrictions and create drafts within conversations that they should not be able to access, leading to unauthorized modification or viewing of conversation data. This vulnerability was addressed in version 1.8.215.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a FreeScout instance running a version prior to 1.8.215 with \u003ccode\u003eAPP_SHOW_ONLY_ASSIGNED_CONVERSATIONS\u003c/code\u003e enabled.\u003c/li\u003e\n\u003cli\u003eAttacker authenticates to the FreeScout instance with a valid, but unauthorized user account.\u003c/li\u003e\n\u003cli\u003eAttacker identifies the conversation ID of a conversation they are not assigned to and cannot normally access via the UI.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a POST request to the \u003ccode\u003e/index.php?m=conversations\u0026amp;a=save_draft\u003c/code\u003e endpoint, including the conversation ID and the draft content they wish to create.\u003c/li\u003e\n\u003cli\u003eThe server, lacking proper authorization checks on the \u003ccode\u003esave_draft\u003c/code\u003e endpoint, accepts the POST request.\u003c/li\u003e\n\u003cli\u003eA draft is created within the targeted conversation, associated with the attacker\u0026rsquo;s user account.\u003c/li\u003e\n\u003cli\u003eThe attacker, or potentially other unauthorized users who later gain access to the attacker\u0026rsquo;s account, can view or modify the drafted content, potentially exfiltrating sensitive information.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows unauthorized users to create drafts within conversations they are not assigned to. This could lead to the unauthorized viewing or modification of sensitive information contained within the conversations, potentially leading to data breaches or compliance violations. The vulnerability affects FreeScout instances running versions prior to 1.8.215 with the specific \u003ccode\u003eAPP_SHOW_ONLY_ASSIGNED_CONVERSATIONS\u003c/code\u003e setting enabled.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade FreeScout to version 1.8.215 or later to remediate the vulnerability (references: \u003ca href=\"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.215)\"\u003ehttps://github.com/freescout-help-desk/freescout/releases/tag/1.8.215)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for POST requests to the \u003ccode\u003e/index.php?m=conversations\u0026amp;a=save_draft\u003c/code\u003e endpoint originating from unusual IP addresses or user agents using the Sigma rule provided below.\u003c/li\u003e\n\u003cli\u003eImplement web application firewall (WAF) rules to filter or block unauthorized POST requests to the vulnerable endpoint.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-22T12:00:00Z","date_published":"2026-04-22T12:00:00Z","id":"/briefs/2026-04-freescout-auth-bypass/","summary":"FreeScout before 1.8.215 has an incorrect authorization vulnerability where a direct POST request to the `save_draft` AJAX path can create a draft inside a hidden conversation when `APP_SHOW_ONLY_ASSIGNED_CONVERSATIONS` is enabled, potentially allowing unauthorized access or modification of data.","title":"FreeScout Incorrect Authorization Vulnerability via Save Draft","url":"https://feed.craftedsignal.io/briefs/2026-04-freescout-auth-bypass/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.1,"id":"CVE-2026-41189"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["freescout","authorization","vulnerability"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eFreeScout, a self-hosted help desk and shared mailbox platform, is affected by an authorization bypass vulnerability. Specifically, versions prior to 1.8.215 fail to properly restrict access to customer threads within conversations. The vulnerability resides in the \u003ccode\u003eThreadPolicy::edit()\u003c/code\u003e function, which checks mailbox access but neglects to enforce the \u003ccode\u003eConversationPolicy\u003c/code\u003e\u0026rsquo;s assigned-only restriction.  This allows a user who should not have access to a conversation to still load and modify customer-authored threads contained within that conversation. Upgrading to version 1.8.215 resolves this vulnerability. This allows unauthorized modification of customer communications, potentially leading to data breaches or manipulated customer service interactions.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains access to a FreeScout user account with limited privileges.\u003c/li\u003e\n\u003cli\u003eAttacker attempts to access a conversation thread for which they lack explicit authorization.\u003c/li\u003e\n\u003cli\u003eThe application\u0026rsquo;s \u003ccode\u003eThreadPolicy::edit()\u003c/code\u003e function is invoked to authorize the edit action.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eThreadPolicy::edit()\u003c/code\u003e function incorrectly authorizes the action by only checking mailbox access, bypassing the \u003ccode\u003eConversationPolicy\u003c/code\u003e\u0026rsquo;s assigned-only restriction.\u003c/li\u003e\n\u003cli\u003eThe attacker successfully loads the customer-authored thread, gaining unauthorized access.\u003c/li\u003e\n\u003cli\u003eAttacker modifies the content of the customer-authored thread.\u003c/li\u003e\n\u003cli\u003eThe modified thread is saved, altering the conversation history.\u003c/li\u003e\n\u003cli\u003eThe change impacts communications with the customer.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThis vulnerability (CVE-2026-41189) allows unauthorized users to modify customer communications within the FreeScout help desk platform.  Successful exploitation can lead to data integrity issues, potentially impacting all customer conversations within the affected FreeScout instance. The severity is heightened by the potential for attackers to manipulate sensitive information, leading to reputational damage, legal ramifications, and loss of customer trust.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade FreeScout to version 1.8.215 or later to patch CVE-2026-41189.\u003c/li\u003e\n\u003cli\u003eMonitor FreeScout web server logs for unauthorized access attempts using the provided Sigma rule.\u003c/li\u003e\n\u003cli\u003eReview user access controls and ensure that the principle of least privilege is enforced to limit the impact of potential compromises.\u003c/li\u003e\n\u003cli\u003eImplement the provided Sigma rule to detect potential unauthorized thread editing attempts based on HTTP request patterns.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-22T12:00:00Z","date_published":"2026-04-22T12:00:00Z","id":"/briefs/2026-04-freescout-authz-bypass/","summary":"FreeScout versions before 1.8.215 are vulnerable to an incorrect authorization issue where users without conversation access can edit customer threads due to a flaw in the `ThreadPolicy::edit()` function.","title":"FreeScout Incorrect Authorization Vulnerability (CVE-2026-41189)","url":"https://feed.craftedsignal.io/briefs/2026-04-freescout-authz-bypass/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["oauth","authorization","bypass","privilege-escalation","defense-evasion"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eAn authorization bypass vulnerability affects the OAuth provider component of Better Auth, specifically versions 1.4.8-beta.7 through 1.6.4 and 1.7.0-beta.0 through 1.7.0-beta.1. This flaw allows any authenticated, low-privilege user to create OAuth clients, bypassing the intended restrictions set by the \u003ccode\u003eclientPrivileges\u003c/code\u003e configuration. The vulnerability stems from the client creation endpoints (\u003ccode\u003eadminCreateOAuthClient\u003c/code\u003e and \u003ccode\u003ecreateOAuthClient\u003c/code\u003e) not enforcing the \u003ccode\u003eclientPrivileges\u003c/code\u003e check before creating new OAuth clients. This bypass allows attackers to register OAuth clients with attacker-controlled redirect URIs and metadata, potentially leading to phishing attacks and abuse of trust assumptions in OAuth/OIDC flows. Defenders should implement detections to identify unauthorized OAuth client creation attempts.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker authenticates to the Better Auth application with a low-privilege account.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a POST request to either \u003ccode\u003e/api/auth/oauth2/create-client\u003c/code\u003e or a custom endpoint that routes to \u003ccode\u003eadminCreateOAuthClient\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker includes parameters for \u003ccode\u003eclient_name\u003c/code\u003e, \u003ccode\u003eredirect_uris\u003c/code\u003e, and other client metadata within the POST request body.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ecreateOAuthClientEndpoint\u003c/code\u003e function is called without first performing a \u003ccode\u003eclientPrivileges\u003c/code\u003e authorization check.\u003c/li\u003e\n\u003cli\u003eA new OAuth client is created and persisted in the system.\u003c/li\u003e\n\u003cli\u003eThe attacker now controls a registered OAuth client with attacker-defined redirect URIs.\u003c/li\u003e\n\u003cli\u003eThe attacker can potentially use this client for phishing attacks or to bypass consent flows if \u003ccode\u003eskip_consent\u003c/code\u003e is enabled (if \u003ccode\u003eadminCreateOAuthClient\u003c/code\u003e is exposed).\u003c/li\u003e\n\u003cli\u003eThe attacker exploits the newly created OAuth client to gain unauthorized access to resources or user data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThis vulnerability allows unauthorized users to create OAuth clients, potentially leading to several negative consequences. Attackers can register clients with malicious redirect URIs, which can be used in phishing campaigns to steal user credentials or OAuth tokens. In scenarios where the \u003ccode\u003eadminCreateOAuthClient\u003c/code\u003e endpoint is exposed, attackers can create clients that bypass user consent, further increasing the risk of successful attacks. The impact is significant because it breaks the intended access control mechanism of the \u003ccode\u003eclientPrivileges\u003c/code\u003e configuration, affecting applications that rely on it to restrict client registration. Successful exploitation can lead to unauthorized access to user data, compromised accounts, and damaged trust in the application.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor web server logs for POST requests to the \u003ccode\u003e/api/auth/oauth2/create-client\u003c/code\u003e endpoint, especially from users who should not have client creation privileges. Implement the \u0026ldquo;Detect Unauthorized OAuth Client Creation Attempt\u0026rdquo; Sigma rule below, using webserver logs (category: \u0026ldquo;webserver\u0026rdquo;, product: \u0026ldquo;linux\u0026rdquo;).\u003c/li\u003e\n\u003cli\u003eApply the necessary patches to upgrade \u003ccode\u003e@better-auth/oauth-provider\u003c/code\u003e to a version that addresses this vulnerability (\u0026gt;= 1.6.5 or \u0026gt;= 1.7.0-beta.2).\u003c/li\u003e\n\u003cli\u003eAudit your application\u0026rsquo;s OAuth client registration process to ensure that the \u003ccode\u003eclientPrivileges\u003c/code\u003e check is enforced correctly.\u003c/li\u003e\n\u003cli\u003eIf using \u003ccode\u003eadminCreateOAuthClient\u003c/code\u003e, ensure it is not exposed to low-privilege authenticated users to prevent the \u003ccode\u003eskip_consent\u003c/code\u003e bypass.\u003c/li\u003e\n\u003cli\u003eDeploy the \u0026ldquo;Detect OAuth Client Creation with Skip Consent\u0026rdquo; Sigma rule if your deployment exposes the admin client creation endpoint.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-17T12:00:00Z","date_published":"2026-04-17T12:00:00Z","id":"/briefs/2026-04-better-auth-oauth-bypass/","summary":"An authorization bypass vulnerability exists in Better Auth's OAuth provider, allowing low-privilege users to create OAuth clients despite configured clientPrivileges, potentially leading to unauthorized client registration and increased phishing risks.","title":"Better Auth OAuth Provider Authorization Bypass Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-better-auth-oauth-bypass/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-4525"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["vault","token-leak","authorization","cve-2026-4525"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-4525 describes a vulnerability in HashiCorp Vault where an improperly sanitized \u0026ldquo;Authorization\u0026rdquo; header can lead to token exposure. Specifically, if a Vault auth mount is configured to pass through the \u0026ldquo;Authorization\u0026rdquo; header, and that header is used to authenticate with Vault, the Vault token itself is inadvertently forwarded to the auth plugin backend. This unintended token forwarding could allow malicious actors to gain unauthorized access if they can intercept or control the auth plugin backend. This issue affects Vault versions prior to 2.0.0, 1.21.5, 1.20.10, and 1.19.16 and was reported by HashiCorp. The vulnerability was patched in the aforementioned versions. Exploitation would require specific Vault configuration and the ability to influence the authentication process via the Authorization header.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a Vault instance with an auth mount configured to pass through the \u0026ldquo;Authorization\u0026rdquo; header.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request to Vault, including a valid \u0026ldquo;Authorization\u0026rdquo; header for authentication purposes.\u003c/li\u003e\n\u003cli\u003eVault processes the request and, due to the vulnerability, forwards the Vault token contained in the \u0026ldquo;Authorization\u0026rdquo; header to the configured auth plugin backend.\u003c/li\u003e\n\u003cli\u003eThe attacker intercepts the forwarded Vault token, either by compromising the auth plugin backend or through network monitoring.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the stolen Vault token to authenticate directly to Vault, bypassing normal authentication procedures.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to sensitive data and secrets stored within Vault.\u003c/li\u003e\n\u003cli\u003eThe attacker escalates privileges within the Vault environment by leveraging the compromised token\u0026rsquo;s permissions.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-4525 allows an attacker to steal Vault tokens, potentially granting them complete control over the Vault instance and access to all stored secrets. The severity is high due to the potential for complete compromise of sensitive data. The impact depends on the scope of secrets managed by the compromised Vault instance; in some cases, this could lead to a complete breach of the affected organization\u0026rsquo;s infrastructure. The vulnerability affects all organizations using vulnerable versions of Vault with auth mounts configured to pass through the \u0026ldquo;Authorization\u0026rdquo; header.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Vault instances to versions 2.0.0, 1.21.5, 1.20.10, or 1.19.16 or later to remediate CVE-2026-4525.\u003c/li\u003e\n\u003cli\u003eReview Vault auth mount configurations to ensure that the \u0026ldquo;Authorization\u0026rdquo; header is not being passed through unnecessarily.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for unauthorized access attempts using stolen Vault tokens after applying the patch.\u003c/li\u003e\n\u003cli\u003eImplement the provided Sigma rule targeting the usage of specific auth paths after a potential compromise.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-17T04:16:09Z","date_published":"2026-04-17T04:16:09Z","id":"/briefs/2026-04-vault-token-leak/","summary":"Vault instances configured to pass through the 'Authorization' header may forward Vault tokens to auth plugin backends when the header is used for authentication, potentially leading to token compromise; this vulnerability is tracked as CVE-2026-4525 and patched in versions 2.0.0, 1.21.5, 1.20.10, and 1.19.16.","title":"Vault Token Leak via Authorization Header Forwarding","url":"https://feed.craftedsignal.io/briefs/2026-04-vault-token-leak/"},{"_cs_actors":[],"_cs_cves":[{"cvss":9.9,"id":"CVE-2026-5412"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["vulnerability","authorization","cloud"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-5412 identifies an authorization bypass vulnerability affecting Juju, an open-source service orchestration tool. Specifically, versions prior to 2.9.57 and 3.6.21 are susceptible. An authenticated user with low privileges can exploit this vulnerability by invoking the CloudSpec API method. This method, intended for controller bootstrapping, inadvertently exposes sensitive cloud credentials when accessed by unauthorized users. Successful exploitation grants access to the credentials used to manage the cloud environment where Juju is deployed. This poses a significant risk, potentially allowing attackers to compromise the entire cloud infrastructure managed by the vulnerable Juju controller. Defenders should prioritize patching vulnerable Juju deployments.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker authenticates to the Juju controller with a low-privileged account.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious API request to the \u003ccode\u003eCloudSpec\u003c/code\u003e method.\u003c/li\u003e\n\u003cli\u003eThe Juju controller, lacking proper authorization checks, processes the request.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eCloudSpec\u003c/code\u003e method retrieves the cloud credentials used for bootstrapping.\u003c/li\u003e\n\u003cli\u003eThe controller returns the cloud credentials to the attacker.\u003c/li\u003e\n\u003cli\u003eAttacker obtains the sensitive cloud credentials, such as AWS access keys or Azure service principal secrets.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the stolen cloud credentials to access and control cloud resources.\u003c/li\u003e\n\u003cli\u003eAttacker achieves complete compromise of the cloud environment.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-5412 allows a low-privileged, authenticated attacker to steal cloud credentials. This can lead to complete compromise of the cloud infrastructure managed by the vulnerable Juju controller. The impact includes unauthorized access to data, potential data breaches, denial of service, and the ability to deploy malicious workloads within the cloud environment. The severity is heightened by the ease of exploitation and the high value of the exposed cloud credentials.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Juju controllers to versions 2.9.57 or 3.6.21 to remediate CVE-2026-5412.\u003c/li\u003e\n\u003cli\u003eImplement the Sigma rule \u0026ldquo;Detect Juju CloudSpec API Access\u0026rdquo; to detect unauthorized calls to the CloudSpec API method in Juju environments.\u003c/li\u003e\n\u003cli\u003eMonitor Juju controller logs for suspicious API requests originating from low-privileged accounts.\u003c/li\u003e\n\u003cli\u003eReview and enforce strict access control policies within the cloud environment to limit the impact of compromised credentials.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-10T13:16:45Z","date_published":"2026-04-10T13:16:45Z","id":"/briefs/2026-04-juju-auth-bypass/","summary":"CVE-2026-5412 describes an authorization issue in Juju versions prior to 2.9.57 and 3.6.21, where a low-privileged authenticated user can call the CloudSpec API method to extract cloud credentials used to bootstrap the controller, leading to sensitive credential exposure.","title":"Juju CloudSpec API Authorization Bypass (CVE-2026-5412)","url":"https://feed.craftedsignal.io/briefs/2026-04-juju-auth-bypass/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["kcp","kubernetes","cache","authentication","authorization","privilege-escalation"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe kcp (Kubernetes Cluster Platform) cache server, responsible for replicating resources, is directly exposed by the root shard without any authentication or authorization checks. This vulnerability allows anyone with network access to the root shard to read replicated resources and potentially write to the cache server, creating a race condition. The lack of authentication in the preHandlerChainMux, specifically identified in \u003ccode\u003epkg/server/config.go\u003c/code\u003e at line 514-518, causes the cache server to be proxied before authentication or authorization can take place. This impacts kcp versions prior to v0.29.3 and between v0.30.0 and v0.30.3. This vulnerability allows unauthorized access to sensitive information, including RBAC rules, cluster topology, API surfaces, admission control policies, and tenancy configurations.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains network access to the kcp root shard, typically through exposed ports or external URLs.\u003c/li\u003e\n\u003cli\u003eAttacker crafts an HTTP request targeting the \u003ccode\u003e/services/cache/*\u003c/code\u003e endpoint without any authentication headers.\u003c/li\u003e\n\u003cli\u003eThe request bypasses authentication and authorization checks due to the flawed preHandlerChainMux configuration.\u003c/li\u003e\n\u003cli\u003eThe attacker reads replicated resources from the cache, such as clusterroles, clusterrolebindings, logicalclusters, apiexports, and validatingwebhookconfigurations.\u003c/li\u003e\n\u003cli\u003e(Optional) The attacker attempts to inject a malicious ClusterRole and ClusterRoleBinding via a POST request to the cache server.\u003c/li\u003e\n\u003cli\u003eThe cache etcd watch fires, notifying the authorization informer and replication controller in parallel.\u003c/li\u003e\n\u003cli\u003eThe authorization informer updates its in-memory store, briefly granting the attacker the injected RBAC rules.\u003c/li\u003e\n\u003cli\u003eThe replication controller eventually reconciles and deletes the injected object, but a small window of opportunity exists for privilege escalation.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows unauthorized access to critical cluster information, potentially exposing RBAC configurations, API endpoints, and internal infrastructure details. An attacker can read replicated resources, including cluster roles, cluster role bindings, logical clusters, shards, API exports, API resource schemas, mutating webhook configurations, validating webhook configurations, validating admission policies, and workspace types. While injected objects are quickly cleaned up, a brief race condition allows for temporary privilege escalation. This affects kcp deployments where the root shard is network-reachable by untrusted clients, including Helm chart deployments, Operator deployments with external URLs set, and deployments with a reachable \u0026ndash;shard-external-url.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement network-level access control to restrict access to the \u003ccode\u003e/services/cache/*\u003c/code\u003e paths at the load balancer, reverse proxy, or firewall level as described in the \u003cstrong\u003eWorkarounds\u003c/strong\u003e section of the advisory.\u003c/li\u003e\n\u003cli\u003eDeploy the cache server separately with its own kubeconfig (\u003ccode\u003e--cache-server-kubeconfig\u003c/code\u003e) and restrict network access to it, mitigating direct exposure to the root shard as per the \u003cstrong\u003eWorkarounds\u003c/strong\u003e section.\u003c/li\u003e\n\u003cli\u003eUpgrade to kcp version v0.29.3 or v0.30.3 or later to patch the vulnerability as per \u003cstrong\u003eCVE-2026-39429\u003c/strong\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-08T15:04:22Z","date_published":"2026-04-08T15:04:22Z","id":"/briefs/2026-04-kcp-cache-unauth/","summary":"The kcp cache server is exposed without authentication, allowing unauthorized read access to sensitive data and a race condition for write access that could lead to temporary privilege escalation.","title":"Unauthenticated Access to kcp Cache Server","url":"https://feed.craftedsignal.io/briefs/2026-04-kcp-cache-unauth/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2025-59420"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["jwt","vulnerability","authentication","authorization"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe \u003ccode\u003efast-jwt\u003c/code\u003e library, versions 6.1.0 and below, exhibits a critical vulnerability where it does not properly validate the \u003ccode\u003ecrit\u003c/code\u003e (Critical) Header Parameter as defined in RFC 7515. This oversight allows JWS tokens containing unrecognized extensions within the \u003ccode\u003ecrit\u003c/code\u003e array to be accepted instead of being rejected as mandated by the RFC. The vulnerability, identified as CVE-2026-35042, can lead to significant security implications, especially in environments utilizing a mix of JWT verification libraries. This flaw enables attackers to potentially bypass security policies and token binding protections, creating a window for unauthorized access or actions.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker crafts a JWT with a \u003ccode\u003ecrit\u003c/code\u003e header containing an extension (e.g., \u0026ldquo;x-custom-policy\u0026rdquo;) that \u003ccode\u003efast-jwt\u003c/code\u003e does not support.\u003c/li\u003e\n\u003cli\u003eThe attacker includes this unsupported extension header (e.g., \u003ccode\u003e\u0026quot;x-custom-policy\u0026quot;: \u0026quot;require-mfa\u0026quot;\u003c/code\u003e) in the JWT header.\u003c/li\u003e\n\u003cli\u003eThe attacker signs the JWT using a valid signing key and algorithm (e.g., HS256).\u003c/li\u003e\n\u003cli\u003eThe attacker presents the crafted JWT to a system or application using the vulnerable \u003ccode\u003efast-jwt\u003c/code\u003e library for verification.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003efast-jwt\u003c/code\u003e library incorrectly accepts the token without validating the \u003ccode\u003ecrit\u003c/code\u003e header extensions.\u003c/li\u003e\n\u003cli\u003eThe application logic proceeds based on the accepted (but invalid) JWT, potentially granting unauthorized access or privileges.\u003c/li\u003e\n\u003cli\u003eIf other JWT libraries are used in the same environment that \u003cem\u003edo\u003c/em\u003e properly validate the \u003ccode\u003ecrit\u003c/code\u003e header, a \u0026ldquo;split-brain\u0026rdquo; verification scenario can occur, with some systems rejecting the token while others accept it.\u003c/li\u003e\n\u003cli\u003eThe ultimate objective is to bypass intended security policies, such as multi-factor authentication or token binding requirements, gaining unauthorized access or control.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability (CVE-2026-35042) can lead to several critical consequences. First, in mixed-library environments, it creates a split-brain verification scenario where different systems interpret the same token differently. Second, it allows attackers to bypass security policies enforced through the \u003ccode\u003ecrit\u003c/code\u003e header, such as mandatory multi-factor authentication. Finally, it can circumvent token binding mechanisms (RFC 7800 \u003ccode\u003ecnf\u003c/code\u003e confirmation), weakening overall authentication security. The full impact analysis is described in CVE-2025-59420. This vulnerability affects applications using \u003ccode\u003efast-jwt\u003c/code\u003e version 6.1.0 and earlier.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the \u003ccode\u003efast-jwt\u003c/code\u003e library to a version greater than 6.1.0 to remediate CVE-2026-35042.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect fast-jwt crit Header Bypass Attempt\u0026rdquo; to identify attempts to exploit this vulnerability in your environment.\u003c/li\u003e\n\u003cli\u003eIf a mixed-library JWT verification environment exists, evaluate and standardize on a single JWT library that correctly handles the \u003ccode\u003ecrit\u003c/code\u003e header parameter.\u003c/li\u003e\n\u003cli\u003eReview existing JWT usage to identify instances where the \u003ccode\u003ecrit\u003c/code\u003e header is used for security policy enforcement and ensure that appropriate validation is in place.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-03T22:01:25Z","date_published":"2026-04-03T22:01:25Z","id":"/briefs/2026-04-fast-jwt-crit-validation-bypass/","summary":"The fast-jwt library fails to validate the 'crit' header, allowing attackers to bypass security policies and potentially achieve split-brain verification in mixed-library environments.","title":"fast-jwt Library Vulnerability Allows crit Header Validation Bypass","url":"https://feed.craftedsignal.io/briefs/2026-04-fast-jwt-crit-validation-bypass/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-3872"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["keycloak","redirect-uri-bypass","cve-2026-3872","authentication","authorization"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-3872 is a security flaw found in Keycloak, a popular open-source identity and access management solution. This vulnerability allows a malicious actor who has control over another path on the same web server hosting Keycloak to circumvent the allowed path restrictions in redirect URIs that use a wildcard. By exploiting this weakness, an attacker can potentially redirect a user to a malicious site after authentication, intercept the access token, and gain unauthorized access to the user\u0026rsquo;s resources. The vulnerability could lead to the disclosure of sensitive information and potentially compromise user accounts. This was published on April 2, 2026, and has a CVSS v3.1 score of 7.3.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker gains control of a path on the same web server hosting the Keycloak instance. This could be achieved through various means, such as exploiting a separate vulnerability in another application hosted on the server.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious URL that exploits the wildcard redirect URI validation flaw in Keycloak. The crafted URL includes a redirect URI that bypasses the intended restrictions.\u003c/li\u003e\n\u003cli\u003eA legitimate user initiates an authentication request to Keycloak, potentially through a vulnerable application relying on Keycloak for authentication.\u003c/li\u003e\n\u003cli\u003eKeycloak processes the authentication request and, due to the vulnerability, accepts the attacker\u0026rsquo;s crafted redirect URI as valid.\u003c/li\u003e\n\u003cli\u003eKeycloak redirects the user to the attacker-controlled URL after successful authentication.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s server captures the access token from the redirect URI.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the stolen access token to impersonate the user and access protected resources.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to sensitive information or performs actions on behalf of the user, leading to information disclosure or other malicious activities.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-3872 can lead to the theft of access tokens, enabling unauthorized access to user accounts and sensitive data. This could result in the compromise of user privacy, financial loss, or reputational damage for organizations relying on affected Keycloak instances. The impact is significant because Keycloak is used across various sectors to secure web applications and APIs.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the security patches or updates provided by Red Hat for Keycloak to address CVE-2026-3872. Refer to the Red Hat advisory linked in the references for specific instructions.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule to detect exploitation attempts of CVE-2026-3872 based on suspicious redirect URIs in web server logs.\u003c/li\u003e\n\u003cli\u003eReview and harden the configuration of redirect URIs in Keycloak, avoiding the use of wildcards where possible and implementing stricter validation rules.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious activity related to redirect URIs, looking for unusual patterns or attempts to access unauthorized resources.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-02T13:16:26Z","date_published":"2026-04-02T13:16:26Z","id":"/briefs/2026-04-keycloak-redirect-bypass/","summary":"CVE-2026-3872 is a vulnerability in Keycloak that allows an attacker controlling a path on the same web server to bypass URI redirect validation using a wildcard, potentially leading to access token theft and information disclosure.","title":"Keycloak Redirect URI Bypass Vulnerability (CVE-2026-3872)","url":"https://feed.craftedsignal.io/briefs/2026-04-keycloak-redirect-bypass/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.4,"id":"CVE-2026-4282"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["keycloak","privilege-escalation","authorization"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-4282 identifies a critical vulnerability within the Keycloak authentication server, specifically affecting the SingleUseObjectProvider. This component, responsible for managing single-use key-value pairs, suffers from a lack of sufficient type and namespace isolation. The absence of proper isolation mechanisms allows a remote, unauthenticated attacker to manipulate the system by forging authorization codes. Successful exploitation allows for the creation of access tokens with administrative privileges. The vulnerability was published on April 2, 2026.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker sends a crafted request to the Keycloak server to initiate the authorization flow.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the lack of type and namespace isolation in the SingleUseObjectProvider.\u003c/li\u003e\n\u003cli\u003eThe attacker forges a valid authorization code using the vulnerability.\u003c/li\u003e\n\u003cli\u003eThe attacker presents the forged authorization code to the token endpoint.\u003c/li\u003e\n\u003cli\u003eKeycloak validates the forged code due to the flawed SingleUseObjectProvider logic.\u003c/li\u003e\n\u003cli\u003eThe attacker receives an access token with elevated (admin) privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the admin-capable access token to perform administrative actions.\u003c/li\u003e\n\u003cli\u003eThe attacker gains full control over Keycloak resources and user data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-4282 allows a remote attacker to gain full administrative control over a Keycloak instance. This can lead to the compromise of all applications and services relying on Keycloak for authentication and authorization. The impact includes data breaches, account takeovers, and the potential for widespread service disruption. Given Keycloak\u0026rsquo;s prevalence in securing web applications and APIs, the vulnerability poses a significant risk to organizations using affected versions.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch or upgrade to a version of Keycloak that resolves CVE-2026-4282 as soon as it becomes available from Red Hat.\u003c/li\u003e\n\u003cli\u003eMonitor Keycloak logs (webserver category, linux product) for suspicious requests to the authorization and token endpoints indicative of authorization code forging attempts.\u003c/li\u003e\n\u003cli\u003eImplement stricter input validation and sanitization on the authorization code parameter to mitigate the vulnerability.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-02T13:16:26Z","date_published":"2026-04-02T13:16:26Z","id":"/briefs/2026-04-keycloak-privesc/","summary":"An unauthenticated attacker can exploit CVE-2026-4282 in Keycloak's SingleUseObjectProvider to forge authorization codes, leading to privilege escalation and the creation of admin-capable access tokens.","title":"Keycloak Authorization Code Forging Vulnerability (CVE-2026-4282)","url":"https://feed.craftedsignal.io/briefs/2026-04-keycloak-privesc/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["gitlab","jira","authentication","authorization","cve-2026-2370"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eGitLab has addressed a critical vulnerability, CVE-2026-2370, affecting GitLab CE/EE installations with Jira Connect enabled.  This vulnerability impacts versions 14.3 up to 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1. The vulnerability stems from improper authorization checks, which enable an authenticated user with minimal workspace permissions within Jira to potentially obtain GitLab installation credentials. This, in turn, allows the attacker to impersonate the GitLab application…\u003c/p\u003e\n","date_modified":"2026-03-30T00:16:01Z","date_published":"2026-03-30T00:16:01Z","id":"/briefs/2026-03-gitlab-jira-connect-auth-bypass/","summary":"GitLab CE/EE versions 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 are vulnerable to improper authorization checks in Jira Connect installations, allowing an authenticated user with minimal workspace permissions to obtain installation credentials and impersonate the GitLab application.","title":"GitLab Jira Connect Authentication Bypass Vulnerability (CVE-2026-2370)","url":"https://feed.craftedsignal.io/briefs/2026-03-gitlab-jira-connect-auth-bypass/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["openclaw","vulnerability","authorization"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe \u003ccode\u003eopenclaw\u003c/code\u003e package, specifically versions up to and including 2026.3.24, contains a vulnerability within the gateway plugin subagent fallback mechanism. The \u003ccode\u003edeleteSession\u003c/code\u003e function, when invoked without a request-scoped client, incorrectly dispatched \u003ccode\u003esessions.delete\u003c/code\u003e utilizing a synthetic \u003ccode\u003eoperator.admin\u003c/code\u003e runtime scope. This means that under certain conditions, session deletion operations were being performed with elevated privileges, potentially leading to unauthorized session management. This vulnerability was present in the code up to version 2026.3.24 and has been patched in version 2026.3.25. Defenders should ensure they are running version 2026.3.25 or later to mitigate this risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eA request is made to the gateway plugin that triggers the \u003ccode\u003edeleteSession\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003edeleteSession\u003c/code\u003e function checks for a request-scoped client.\u003c/li\u003e\n\u003cli\u003eIf no request-scoped client exists, the code falls back to a default mechanism.\u003c/li\u003e\n\u003cli\u003eThe vulnerable code path then incorrectly creates a synthetic \u003ccode\u003eoperator.admin\u003c/code\u003e runtime scope.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003esessions.delete\u003c/code\u003e function is dispatched with the elevated \u003ccode\u003eoperator.admin\u003c/code\u003e scope.\u003c/li\u003e\n\u003cli\u003eSession deletion occurs with the privileges of the synthetic admin operator.\u003c/li\u003e\n\u003cli\u003eAn attacker could potentially trigger this code path to delete sessions they should not have access to.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability could lead to unauthorized session deletion within the \u003ccode\u003eopenclaw\u003c/code\u003e application. While the exact impact depends on the specific deployment and usage of \u003ccode\u003eopenclaw\u003c/code\u003e, the ability to delete arbitrary sessions could disrupt service availability or allow an attacker to invalidate legitimate user sessions. If an attacker can reliably trigger this vulnerability, it could lead to denial-of-service or other forms of service disruption.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the \u003ccode\u003eopenclaw\u003c/code\u003e package to version 2026.3.25 or later to remediate the vulnerability described in the overview.\u003c/li\u003e\n\u003cli\u003eReview the \u003ccode\u003eopenclaw\u003c/code\u003e codebase and audit the usage of \u003ccode\u003edeleteSession\u003c/code\u003e to identify any potential misuse or unexpected invocations.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-29T15:50:41Z","date_published":"2026-03-29T15:50:41Z","id":"/briefs/2026-04-openclaw-admin-scope/","summary":"The openclaw package versions 2026.3.24 and earlier are vulnerable due to the gateway plugin subagent fallback `deleteSession` function dispatching `sessions.delete` with a synthetic `operator.admin` runtime scope, potentially leading to unauthorized session deletion.","title":"OpenClaw Gateway Plugin Subagent Admin Scope Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-openclaw-admin-scope/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["openclaw","sandbox-escape","authorization"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-32918 affects OpenClaw versions prior to 2026.3.11. The vulnerability resides in the \u003ccode\u003esession_status\u003c/code\u003e tool, which is intended to manage sandboxed subagents. However, a flaw allows these sandboxed agents to bypass their intended restrictions and access session data belonging to parent or sibling sessions. An attacker can exploit this by supplying arbitrary \u003ccode\u003esessionKey\u003c/code\u003e values, enabling them to read and modify sensitive session data, including persisted model overrides, far beyond the…\u003c/p\u003e\n","date_modified":"2026-03-29T13:17:00Z","date_published":"2026-03-29T13:17:00Z","id":"/briefs/2026-03-openclaw-sandbox-escape/","summary":"OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool, allowing sandboxed subagents to access and modify session data outside their intended scope.","title":"OpenClaw Session Sandbox Escape Vulnerability (CVE-2026-32918)","url":"https://feed.craftedsignal.io/briefs/2026-03-openclaw-sandbox-escape/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["docker","authz","authorization","bypass","cve-2026-34040"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA vulnerability exists in Moby (Docker) that can be exploited to bypass authorization plugins (AuthZ) when processing API requests. This vulnerability occurs because the Docker daemon may forward a request to an authorization plugin without the request body if the body is oversized. This incomplete fix for CVE-2024-41110 allows an attacker to craft a specific API request that triggers this behavior. This could lead to an AuthZ plugin making incorrect authorization decisions, potentially allowing unauthorized actions to be performed. This affects deployments that rely on AuthZ plugins that inspect the request body for access control. The vulnerable packages include \u003ccode\u003ego/github.com/moby/moby\u003c/code\u003e (versions prior to 29.3.1), \u003ccode\u003ego/github.com/docker/docker\u003c/code\u003e (versions prior to 29.3.1), and \u003ccode\u003ego/github.com/moby/moby/v2\u003c/code\u003e (versions prior to 2.0.0-beta.8).\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a Docker environment utilizing an AuthZ plugin that relies on request body inspection for authorization.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious Docker API request targeting a sensitive resource or action.\u003c/li\u003e\n\u003cli\u003eThe attacker inflates the request body to exceed a size threshold that triggers the bypass behavior.\u003c/li\u003e\n\u003cli\u003eThe Docker daemon receives the oversized API request.\u003c/li\u003e\n\u003cli\u003eDue to the vulnerability, the Docker daemon forwards the request to the AuthZ plugin without the request body.\u003c/li\u003e\n\u003cli\u003eThe AuthZ plugin, lacking the request body, makes an authorization decision based on incomplete information.\u003c/li\u003e\n\u003cli\u003eThe AuthZ plugin, unable to properly validate the request, grants access to the sensitive resource or action.\u003c/li\u003e\n\u003cli\u003eThe attacker successfully executes the unauthorized action, bypassing the intended security controls.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThis vulnerability primarily impacts Docker environments that utilize authorization plugins and rely on request body inspection for access control decisions. If exploited successfully, an attacker can bypass the intended authorization mechanisms, potentially leading to unauthorized access to sensitive resources, data breaches, or other malicious activities within the containerized environment. The severity is high for affected installations, however, the base likelihood of exploitation is low, and only impacts those using AuthZ plugins.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Moby version 29.3.1 or later to address the vulnerability. This resolves the incomplete fix for CVE-2024-41110 and prevents the AuthZ bypass.\u003c/li\u003e\n\u003cli\u003eFor environments where immediate upgrades are not possible, avoid using AuthZ plugins that rely on request body inspection for security decisions as described in the overview.\u003c/li\u003e\n\u003cli\u003eRestrict access to the Docker API to trusted parties following the principle of least privilege to reduce the attack surface.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-27T17:44:58Z","date_published":"2026-03-27T17:44:58Z","id":"/briefs/2026-04-moby-authz-bypass/","summary":"A vulnerability in Moby allows attackers to bypass authorization plugins by crafting API requests with oversized bodies, causing the Docker daemon to forward the request without the body to the plugin, potentially leading to unauthorized actions.","title":"Moby Authorization Plugin Bypass via Oversized Request Bodies","url":"https://feed.craftedsignal.io/briefs/2026-04-moby-authz-bypass/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["ai-agent","api-key","authorization","credential-theft"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA recent audit of 30 popular AI agent frameworks, including OpenClaw, AutoGen, CrewAI, LangGraph, MetaGPT, and AutoGPT, reveals a widespread lack of robust authorization mechanisms. The report, published in March 2026, highlights that 93% of these frameworks rely solely on unscoped API keys for authentication. This means that any agent with access to the API key has full privileges, creating significant security risks. Furthermore, none of the frameworks provide per-agent cryptographic identity or revocation capabilities. In multi-agent systems, child agents inherit the full credentials of their parent agents, with no option for scope narrowing. This lack of granular control and isolation can lead to significant security breaches, including credential exposure and privilege escalation, as demonstrated by the 21,000 exposed OpenClaw instances leaking credentials and the 1.5 million API tokens exposed in the Moltbook breach.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains access to an unscoped API key, either through exposed instances like the 21,000 OpenClaw instances or breaches like the Moltbook incident affecting 1.5 million tokens.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the unscoped API key to authenticate to the AI agent framework.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the API key to control an AI agent, potentially injecting malicious goals or code.\u003c/li\u003e\n\u003cli\u003eIn multi-agent systems, the attacker exploits the inherited privileges of child agents to gain broader access.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the agent\u0026rsquo;s capabilities to access sensitive data or perform unauthorized actions.\u003c/li\u003e\n\u003cli\u003eThe attacker escalates privileges by exploiting vulnerabilities within the agent framework or underlying system.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the compromised agent to move laterally within the system or network.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves their objective, which could include data theft, system disruption, or further compromise of the environment.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe widespread use of unscoped API keys and lack of proper authorization in AI agent frameworks creates a significant security risk. Successful exploitation can lead to data breaches, system compromise, and reputational damage. The report cites real-world incidents, including 21,000 exposed OpenClaw instances leaking credentials and 1.5 million API tokens exposed in the Moltbook breach, demonstrating the potential for widespread impact. The lack of per-agent revocation means that if one agent is compromised, the API key for all agents must be rotated, causing significant disruption.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement network monitoring to detect unusual traffic patterns originating from AI agent servers. Analyze outbound connections for connections to unusual or malicious domains (grantex.dev).\u003c/li\u003e\n\u003cli\u003eAudit the configuration of AI agent frameworks to identify instances using unscoped API keys. Prioritize upgrading or replacing frameworks that lack proper authorization controls.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule for detecting API key usage in command-line arguments or environment variables to identify potential credential exposure.\u003c/li\u003e\n\u003cli\u003eMonitor for access to sensitive data or resources by AI agents and implement least-privilege access controls.\u003c/li\u003e\n\u003cli\u003eImplement regular security audits and penetration testing of AI agent frameworks to identify and address vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-16T12:00:00Z","date_published":"2026-03-16T12:00:00Z","id":"/briefs/2026-03-ai-agent-auth/","summary":"A research report auditing popular AI agent projects found that 93% rely on unscoped API keys as the only authentication mechanism, leading to potential credential exposure, privilege escalation, and lateral movement within multi-agent systems.","title":"Unscoped API Keys in AI Agent Frameworks","url":"https://feed.craftedsignal.io/briefs/2026-03-ai-agent-auth/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["argo-workflows/v4"],"_cs_severities":["high"],"_cs_tags":["argo-workflows","kubernetes","configmap","authorization","vulnerability"],"_cs_type":"advisory","_cs_vendors":["Argo"],"content_html":"\u003cp\u003eArgo Workflows, a Kubernetes-native workflow engine, is vulnerable to an authorization bypass in its Sync Service\u0026rsquo;s ConfigMap-backed provider. This vulnerability, present in versions 4.0.0 through 4.0.4, stems from a lack of authorization checks on CRUD operations performed on ConfigMaps. This means that any authenticated user, even with a fake Bearer token, can create, read, update, and delete Kubernetes ConfigMaps used for synchronization limits. This flaw allows attackers to potentially disrupt workflow execution, access sensitive configuration data, or even manipulate ConfigMaps in namespaces accessible to the server\u0026rsquo;s service account. The vulnerability was reported on May 4, 2026, and poses a significant risk to Argo Workflows deployments.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains network access to the Argo Server.\u003c/li\u003e\n\u003cli\u003eAttacker authenticates to the Argo Server using any valid or even a \u0026ldquo;fake\u0026rdquo; Bearer token (e.g., \u003ccode\u003efake-token\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eAttacker crafts a POST request to the \u003ccode\u003e/api/v1/sync/default\u003c/code\u003e endpoint to create a new Sync Limit ConfigMap with specified parameters like namespace, ConfigMap name, key, and limit.\u003c/li\u003e\n\u003cli\u003eThe Argo Server\u0026rsquo;s \u003ccode\u003econfigMapSyncProvider.createSyncLimit\u003c/code\u003e function executes without performing any authorization checks.\u003c/li\u003e\n\u003cli\u003eThe function uses the Kubernetes client to create a ConfigMap in the specified namespace based on the attacker\u0026rsquo;s input.\u003c/li\u003e\n\u003cli\u003eAttacker can subsequently send GET, PUT, or DELETE requests to \u003ccode\u003e/api/v1/sync/default/{key}\u003c/code\u003e to read, update, or delete existing Sync Limit ConfigMaps without authorization.\u003c/li\u003e\n\u003cli\u003eThe Argo Server processes these requests, modifying the ConfigMaps accordingly, due to the missing \u003ccode\u003eauth.CanI\u003c/code\u003e checks.\u003c/li\u003e\n\u003cli\u003eThe attacker disrupts workflow execution, gains access to sensitive configuration data, or manipulates ConfigMaps, leading to denial of service or other malicious outcomes.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker with network access to the Argo Server and valid or fake authentication credentials to perform several malicious actions. They can cause a denial of service by setting sync limits to zero or a very low number, effectively blocking parallel workflow execution. Attackers can also disrupt running workflows by modifying existing sync limits. Furthermore, they can gain access to sensitive information by reading ConfigMap data or manipulate ConfigMaps in any namespace accessible to the server\u0026rsquo;s service account. This could lead to complete compromise of the Argo Workflows environment.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Argo Workflows version 4.0.5 or later to patch CVE-2026-42297 and mitigate the missing authorization checks.\u003c/li\u003e\n\u003cli\u003eMonitor access logs on the Argo Server for unexpected API calls to the \u003ccode\u003e/api/v1/sync\u003c/code\u003e endpoints, especially POST, PUT, and DELETE requests, which could indicate unauthorized ConfigMap manipulation. Use the rule \u003ccode\u003eArgo Workflows ConfigMap Sync Service Modification\u003c/code\u003e to detect unauthorized modifications.\u003c/li\u003e\n\u003cli\u003eImplement network segmentation and access controls to limit network access to the Argo Server, reducing the attack surface.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-05-03T16:23:00Z","date_published":"2024-05-03T16:23:00Z","id":"/briefs/2024-05-argo-configmap-auth-bypass/","summary":"The Sync Service's ConfigMap-backed provider in Argo Workflows performs zero authorization checks on all CRUD operations, allowing any authenticated user to create, read, update, and delete Kubernetes ConfigMaps containing synchronization limits, potentially leading to denial of service, workflow disruption, information disclosure, or arbitrary ConfigMap manipulation in Argo Workflows versions v4.0.0 to v4.0.4.","title":"Argo Workflows ConfigMap Sync Service Missing Authorization Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-05-argo-configmap-auth-bypass/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["cms (\u003c= 4.8.0)","cms (\u003e= 5.0.0, \u003c= 5.3.3)"],"_cs_severities":["high"],"_cs_tags":["authorization","privilege-escalation","web-application"],"_cs_type":"advisory","_cs_vendors":["Kirby"],"content_html":"\u003cp\u003eKirby CMS, a file-based content management system, has a missing authorization flaw that allows authenticated users to access sensitive site, user, and role information without the necessary permissions. This vulnerability affects installations where there are potentially untrusted authenticated users. The issue stems from the lack of permission settings controlling access to the site model, users, and user roles. Specifically, the permissions \u003ccode\u003esite.access\u003c/code\u003e, \u003ccode\u003euser.access\u003c/code\u003e, \u003ccode\u003eusers.access\u003c/code\u003e, \u003ccode\u003euser.list\u003c/code\u003e, and \u003ccode\u003eusers.list\u003c/code\u003e were missing. This vulnerability was reported by @HuajiHD and patched in Kirby versions 4.9.0 and 5.4.0. Sites that explicitly intend all authenticated users to have read access to all site, user, and role information are not affected.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker obtains valid credentials for a user account with access to the Kirby Panel.\u003c/li\u003e\n\u003cli\u003eThe attacker authenticates to the Kirby Panel using their credentials.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a request to access the site model data. This could involve accessing specific API endpoints related to site configuration.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a request to list all users within the Kirby CMS.\u003c/li\u003e\n\u003cli\u003eThe system, lacking proper authorization checks, returns the requested site model and user list data to the attacker.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a request to list existing roles, their names, descriptions, and configured permissions.\u003c/li\u003e\n\u003cli\u003eThe system returns the requested role information, again bypassing intended permission restrictions.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized knowledge of the site structure, user accounts, and role permissions, which can be used to escalate privileges or further compromise the system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker with low-privilege Panel access to enumerate users, roles, and site configurations. This information can be used to identify privileged accounts, understand the site\u0026rsquo;s structure, and potentially escalate privileges by exploiting other vulnerabilities or misconfigurations. This impacts all Kirby sites using versions \u0026lt;= 4.8.0 and versions \u0026gt;= 5.0.0 and \u0026lt;= 5.3.3 where authenticated users are not fully trusted.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Kirby version 4.9.0 or 5.4.0 or later to patch the vulnerability as described in the advisory.\u003c/li\u003e\n\u003cli\u003eReview user roles and permissions after upgrading to ensure appropriate access controls are in place.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests targeting user and role enumeration endpoints after deploying the below rules.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"/briefs/2024-01-kirby-auth-bypass/","summary":"Kirby CMS versions before 4.9.0 and between 5.0.0 and 5.3.3 contain a missing authorization vulnerability, allowing authenticated Panel users to access site model, user, and role information without proper permission checks, potentially leading to unauthorized information disclosure.","title":"Kirby CMS Missing Authorization Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-01-kirby-auth-bypass/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7644"}],"_cs_exploited":false,"_cs_products":["NextChat (\u003c= 2.16.1)"],"_cs_severities":["medium"],"_cs_tags":["authorization","cve-2026-7644","web-application"],"_cs_type":"advisory","_cs_vendors":["ChatGPTNextWeb"],"content_html":"\u003cp\u003eA vulnerability, CVE-2026-7644, affects ChatGPTNextWeb NextChat up to version 2.16.1. The flaw exists within the \u003ccode\u003eaddMcpServer\u003c/code\u003e function located in the \u003ccode\u003eapp/mcp/actions.ts\u003c/code\u003e file. This vulnerability allows for improper authorization, potentially enabling unauthorized actions. The exploit has been publicly disclosed, increasing the risk of exploitation. The vendor was notified, but there has been no response as of the time of this writing. This vulnerability allows for remote exploitation, meaning an attacker does not need local access to the system to exploit it. Defenders should prioritize patching or mitigating this vulnerability to prevent unauthorized access and potential data breaches.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a ChatGPTNextWeb NextChat instance running version 2.16.1 or earlier.\u003c/li\u003e\n\u003cli\u003eAttacker sends a crafted request to the \u003ccode\u003eaddMcpServer\u003c/code\u003e function in \u003ccode\u003eapp/mcp/actions.ts\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe application fails to properly authorize the request due to the vulnerability in \u003ccode\u003eaddMcpServer\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker bypasses authorization checks.\u003c/li\u003e\n\u003cli\u003eThe attacker successfully adds a malicious MCP server configuration.\u003c/li\u003e\n\u003cli\u003eThe application uses the malicious MCP server configuration, potentially leading to further unauthorized actions.\u003c/li\u003e\n\u003cli\u003eAttacker gains unauthorized access to sensitive data or functionality.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-7644 could lead to unauthorized access to a NextChat instance. An attacker could potentially manipulate MCP server configurations, leading to further compromise of the application and associated data. Since the exploit is publicly available, the risk of exploitation is significantly elevated, potentially affecting all unpatched instances of NextChat version 2.16.1 or earlier.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade ChatGPTNextWeb NextChat to a version higher than 2.16.1 to patch CVE-2026-7644.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests targeting the \u003ccode\u003eaddMcpServer\u003c/code\u003e function in \u003ccode\u003eapp/mcp/actions.ts\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule to detect unauthorized calls to the \u003ccode\u003eaddMcpServer\u003c/code\u003e function.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"/briefs/2024-01-nextchat-auth-bypass/","summary":"CVE-2026-7644 is an improper authorization vulnerability in the addMcpServer function of ChatGPTNextWeb NextChat version 2.16.1 and earlier, allowing for potential remote exploitation following public disclosure of the exploit.","title":"ChatGPTNextWeb NextChat Improper Authorization Vulnerability (CVE-2026-7644)","url":"https://feed.craftedsignal.io/briefs/2024-01-nextchat-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Authorization","version":"https://jsonfeed.org/version/1.1"}