{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/code-injection/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["AzuraCast (\u003c= 0.23.5)"],"_cs_severities":["high"],"_cs_tags":["azuracast","code-injection","liquidsoap","ghsa"],"_cs_type":"advisory","_cs_vendors":["AzuraCast"],"content_html":"\u003cp\u003eAzuraCast versions 0.23.5 and earlier are vulnerable to a Liquidsoap code injection vulnerability in the remote relay password field. This flaw stems from an incomplete migration of user-controlled fields from the vulnerable \u003ccode\u003ecleanUpString()\u003c/code\u003e method to the safe \u003ccode\u003etoRawString()\u003c/code\u003e method. Specifically, while commit \u003ccode\u003eff49ef4\u003c/code\u003e (dated 2026-03-06) addressed most fields, the remote relay password field continues to use \u003ccode\u003ecleanUpString()\u003c/code\u003e, which can be bypassed via nested Liquidsoap interpolation syntax (\u003ccode\u003e#{#{EXPR}}\u003c/code\u003e). An attacker with the \u003ccode\u003eRemoteRelays\u003c/code\u003e station permission can exploit this to inject arbitrary Liquidsoap code, potentially achieving remote code execution, disclosing internal API keys, reading and writing files within the Liquidsoap container, and disrupting station operation. This vulnerability allows attackers with minimal privileges to escalate their access within the AzuraCast environment.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker with \u003ccode\u003eRemoteRelays\u003c/code\u003e station permission crafts a malicious payload containing nested Liquidsoap interpolation syntax (\u003ccode\u003e#{#{EXPR}}\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe attacker sends a \u003ccode\u003ePUT\u003c/code\u003e request to \u003ccode\u003e/api/station/{station_id}/remote/{id}\u003c/code\u003e to update the remote relay\u0026rsquo;s password, including the crafted payload in the \u003ccode\u003esource_password\u003c/code\u003e field.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003emb_substr\u003c/code\u003e function truncates the password to 100 characters, but the payload remains within this limit.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eConfigWriter::getOutputString()\u003c/code\u003e function calls the vulnerable \u003ccode\u003ecleanUpString()\u003c/code\u003e method on the password during station configuration regeneration.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ecleanUpString()\u003c/code\u003e method\u0026rsquo;s ungreedy regex fails to properly sanitize the nested interpolation, resulting in a bypass.\u003c/li\u003e\n\u003cli\u003eThe bypassed payload is embedded within a double-quoted string in the Liquidsoap configuration file.\u003c/li\u003e\n\u003cli\u003eThe Liquidsoap process loads the updated configuration file, triggering the evaluation of the injected Liquidsoap code.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves arbitrary code execution within the Liquidsoap process container or gains access to sensitive information, such as the internal API key.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability can lead to severe consequences, including arbitrary code execution within the Liquidsoap process container, potentially compromising the entire AzuraCast installation. The disclosure of the internal API key grants the attacker full control over the station\u0026rsquo;s API. Furthermore, the ability to read and write files within the Liquidsoap container allows for further exploitation and persistence. The attacker can also disrupt station operation by injecting malicious configurations that crash the Liquidsoap process. The low privilege requirement (only \u003ccode\u003eRemoteRelays\u003c/code\u003e permission) makes this vulnerability highly accessible to malicious actors.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately replace the \u003ccode\u003ecleanUpString()\u003c/code\u003e method with \u003ccode\u003etoRawString()\u003c/code\u003e for the remote relay password field in \u003ccode\u003eConfigWriter.php\u003c/code\u003e, as described in the provided fix, to prevent Liquidsoap code injection.\u003c/li\u003e\n\u003cli\u003eAdjust the Shoutcast suffix append logic to ensure compatibility with raw strings after applying the \u003ccode\u003etoRawString()\u003c/code\u003e fix in \u003ccode\u003eConfigWriter.php\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect AzuraCast Liquidsoap Code Injection via API\u0026rdquo; to detect attempts to exploit this vulnerability through malicious API requests targeting the remote relay password field.\u003c/li\u003e\n\u003cli\u003eMonitor webserver logs for PUT requests to \u003ccode\u003e/api/station/*/remote/*\u003c/code\u003e containing the string \u003ccode\u003e#{#{\u003c/code\u003e in the request body, indicating a potential injection attempt, as shown in the PoC.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-04T21:19:55Z","date_published":"2026-05-04T21:19:55Z","id":"/briefs/2024-01-azuracast-liquidsoap-injection/","summary":"AzuraCast is vulnerable to a Liquidsoap code injection vulnerability due to the incomplete migration from `cleanUpString()` to `toRawString()` in the remote relay password field, allowing a user with the `RemoteRelays` station permission to inject arbitrary Liquidsoap code by exploiting nested interpolation syntax, leading to arbitrary code execution, API key disclosure, and station disruption.","title":"AzuraCast Liquidsoap Code Injection in Remote Relay Password","url":"https://feed.craftedsignal.io/briefs/2024-01-azuracast-liquidsoap-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.2,"id":"CVE-2026-3120"}],"_cs_exploited":false,"_cs_products":["SambaBox (\u003e= 5.1, \u003c 5.3)"],"_cs_severities":["critical"],"_cs_tags":["code-injection","os-command-injection","cve-2026-3120"],"_cs_type":"advisory","_cs_vendors":["Profelis Information and Consulting Trade and Industry Limited Company"],"content_html":"\u003cp\u003eCVE-2026-3120 is a critical vulnerability affecting SambaBox, a product by Profelis Information and Consulting Trade and Industry Limited Company. This vulnerability, categorized as an Improper Control of Generation of Code (\u0026lsquo;Code Injection\u0026rsquo;), allows for OS Command Injection. Specifically, SambaBox versions 5.1 up to (but not including) version 5.3 are affected. An attacker with high privileges can exploit this vulnerability to execute arbitrary commands on the underlying operating system, potentially leading to full system compromise. This vulnerability was reported by the Computer Emergency Response Team of the Republic of Turkey (USOM). Defenders should patch affected systems immediately or apply mitigations to prevent exploitation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker with high privileges gains access to the SambaBox management interface.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request containing an OS command within a vulnerable input field.\u003c/li\u003e\n\u003cli\u003eThe SambaBox application fails to properly sanitize or validate the input.\u003c/li\u003e\n\u003cli\u003eThe application generates code incorporating the unsanitized input.\u003c/li\u003e\n\u003cli\u003eThe generated code is executed by the underlying operating system.\u003c/li\u003e\n\u003cli\u003eThe injected OS command is executed with the privileges of the SambaBox application.\u003c/li\u003e\n\u003cli\u003eThe attacker gains the ability to execute arbitrary commands on the server.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the command execution to achieve persistence, escalate privileges further, or exfiltrate sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-3120 allows an attacker to execute arbitrary commands on the SambaBox server. This could lead to complete system compromise, including data theft, modification, or destruction. The vulnerability affects SambaBox installations from version 5.1 before 5.3, potentially impacting all organizations using these versions. Given the high CVSS score of 7.2, this vulnerability poses a significant risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade SambaBox to version 5.3 or later to patch CVE-2026-3120.\u003c/li\u003e\n\u003cli\u003eApply the following Sigma rule to detect potential exploitation attempts by monitoring for suspicious process execution: \u0026ldquo;Detect SambaBox Command Injection\u0026rdquo;.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for unusual requests targeting SambaBox applications, specifically looking for attempts to inject OS commands.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-04T12:16:29Z","date_published":"2026-05-04T12:16:29Z","id":"/briefs/2026-05-sambabox-code-injection/","summary":"SambaBox versions 5.1 to before 5.3 are vulnerable to OS command injection via improper control of code generation (CVE-2026-3120), potentially allowing attackers with high privileges to execute arbitrary commands on the underlying system.","title":"SambaBox OS Command Injection Vulnerability (CVE-2026-3120)","url":"https://feed.craftedsignal.io/briefs/2026-05-sambabox-code-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7703"}],"_cs_exploited":false,"_cs_products":["Pixera Two Media Server (\u003c= 25.2 R2)"],"_cs_severities":["high"],"_cs_tags":["code-injection","websocket","cve-2026-7703"],"_cs_type":"advisory","_cs_vendors":["AV Stumpfl"],"content_html":"\u003cp\u003eA code injection vulnerability, tracked as CVE-2026-7703, has been identified in AV Stumpfl Pixera Two Media Server impacting versions up to 25.2 R2. The vulnerability resides within an unspecified function of the Websocket API component. Successful exploitation allows a remote attacker to inject and execute arbitrary code on the affected system. Given that an exploit has been published, the risk of exploitation is elevated. Organizations using the Pixera Two Media Server should upgrade to version 25.2 R3 or later to mitigate the risk. This vulnerability poses a significant threat to media production environments relying on the affected software.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable AV Stumpfl Pixera Two Media Server instance running a version prior to 25.2 R3.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious payload designed to exploit the code injection vulnerability within the Websocket API.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the malicious payload to the Pixera Two Media Server instance via a Websocket connection.\u003c/li\u003e\n\u003cli\u003eThe vulnerable function within the Websocket API fails to properly sanitize or validate the input.\u003c/li\u003e\n\u003cli\u003eThe malicious payload is processed, resulting in the injection of attacker-controlled code into the server\u0026rsquo;s process.\u003c/li\u003e\n\u003cli\u003eThe injected code executes with the privileges of the Pixera Two Media Server process.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution on the server, potentially leading to complete system compromise.\u003c/li\u003e\n\u003cli\u003eThe attacker can then install malware, exfiltrate sensitive data, or disrupt media server operations.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-7703 can result in arbitrary code execution on the AV Stumpfl Pixera Two Media Server. This could allow an attacker to gain complete control over the server, potentially disrupting media presentations, stealing sensitive data, or using the compromised server as a launchpad for further attacks within the network. The impact is significant due to the critical role media servers play in various entertainment and presentation environments.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade AV Stumpfl Pixera Two Media Server to version 25.2 R3 or later to patch CVE-2026-7703 (reference: AV Stumpfl advisory).\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious Websocket connections originating from or targeting AV Stumpfl Pixera Two Media Servers using the \u0026ldquo;Detect Suspicious Pixera Websocket Activity\u0026rdquo; Sigma rule.\u003c/li\u003e\n\u003cli\u003eImplement network segmentation to limit the blast radius of a potential compromise of the Pixera Two Media Server.\u003c/li\u003e\n\u003cli\u003eReview and harden the configuration of the Pixera Two Media Server to minimize the attack surface.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-03T17:16:13Z","date_published":"2026-05-03T17:16:13Z","id":"/briefs/2026-05-pixera-code-injection/","summary":"A remote code injection vulnerability exists in AV Stumpfl Pixera Two Media Server versions up to 25.2 R2 due to improper handling within the Websocket API, potentially allowing unauthenticated attackers to execute arbitrary code.","title":"AV Stumpfl Pixera Two Media Server Code Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-pixera-code-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-6543"}],"_cs_exploited":false,"_cs_products":["Langflow Desktop (1.0.0 - 1.8.4)"],"_cs_severities":["critical"],"_cs_tags":["cve-2026-6543","command execution","code injection","ibm langflow"],"_cs_type":"threat","_cs_vendors":["IBM"],"content_html":"\u003cp\u003eIBM Langflow Desktop, a tool designed to build and experiment with language models, versions 1.0.0 through 1.8.4, contains a remote command execution vulnerability (CVE-2026-6543). An attacker with the ability to influence Langflow\u0026rsquo;s execution can inject and execute arbitrary commands with the same privileges as the Langflow process. This flaw can be exploited to read sensitive environment variables containing API keys and database credentials, modify critical files, and propagate further attacks within the internal network. The vulnerability poses a significant risk to organizations utilizing affected versions of Langflow Desktop, potentially leading to data breaches and system compromise. Defenders should prioritize patching or implementing mitigations to prevent exploitation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains initial access to a system with Langflow Desktop installed (versions 1.0.0 - 1.8.4). This could be achieved through social engineering or by compromising a user account with access to the system.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious input or payload designed to exploit the command execution vulnerability within Langflow.\u003c/li\u003e\n\u003cli\u003eThe attacker triggers Langflow to process the malicious payload, leveraging the vulnerability to inject and execute arbitrary commands.\u003c/li\u003e\n\u003cli\u003eThe injected command executes with the privileges of the Langflow process, allowing the attacker to interact with the underlying operating system.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages command execution to read sensitive environment variables, potentially obtaining API keys, database credentials, or other sensitive information.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the acquired credentials to access sensitive data or systems within the internal network, escalating their privileges and expanding their reach.\u003c/li\u003e\n\u003cli\u003eThe attacker modifies critical files or installs malicious software, establishing persistence and compromising the integrity of the system.\u003c/li\u003e\n\u003cli\u003eThe attacker launches further attacks on the internal network, leveraging the compromised system as a pivot point to compromise additional systems and data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-6543 allows attackers to execute arbitrary commands on systems running vulnerable versions of IBM Langflow Desktop. This can lead to the exposure of sensitive environment variables containing API keys and database credentials, the modification of critical files, and the launching of further attacks on the internal network. The impact can range from data breaches and system compromise to complete control over affected systems and networks. Given the nature of Langflow, targeted sectors likely include organizations involved in AI/ML development and related fields.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade IBM Langflow Desktop to a patched version beyond 1.8.4 to remediate CVE-2026-6543, as recommended by IBM.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Langflow Process Spawning Suspicious Processes\u0026rdquo; to identify potential exploitation attempts based on unusual child processes spawned by Langflow.\u003c/li\u003e\n\u003cli\u003eMonitor network connections from Langflow Desktop instances for suspicious outbound traffic, indicating potential data exfiltration or command-and-control activity.\u003c/li\u003e\n\u003cli\u003eImplement least privilege principles to limit the impact of successful exploitation by restricting the permissions of the Langflow process.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-30T22:16:26Z","date_published":"2026-04-30T22:16:26Z","id":"/briefs/2026-04-ibm-langflow-rce/","summary":"IBM Langflow Desktop versions 1.0.0 through 1.8.4 are vulnerable to remote command execution, allowing an attacker to execute arbitrary commands with the privileges of the Langflow process, potentially leading to sensitive data exposure and lateral movement.","title":"IBM Langflow Desktop Vulnerable to Remote Command Execution (CVE-2026-6543)","url":"https://feed.craftedsignal.io/briefs/2026-04-ibm-langflow-rce/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-34965"}],"_cs_exploited":false,"_cs_products":["Cockpit CMS"],"_cs_severities":["critical"],"_cs_tags":["rce","code-injection","cockpit-cms"],"_cs_type":"advisory","_cs_vendors":["agentejo"],"content_html":"\u003cp\u003eCockpit CMS is vulnerable to remote code execution due to insufficient input validation in the \u003ccode\u003e/cockpit/collections/save_collection\u003c/code\u003e endpoint. An authenticated attacker with collection management privileges can inject arbitrary PHP code into collection rules parameters. This vulnerability, identified as CVE-2026-34965, allows attackers to inject malicious PHP code through rule parameters. The injected code is then written directly to server-side PHP files and executed via the \u003ccode\u003einclude()\u003c/code\u003e function, leading to arbitrary command execution on the underlying server. This poses a significant risk to organizations using Cockpit CMS, potentially leading to complete system compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker authenticates to the Cockpit CMS application with valid collection management credentials.\u003c/li\u003e\n\u003cli\u003eAttacker navigates to the \u003ccode\u003e/cockpit/collections/save_collection\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious request to the \u003ccode\u003e/cockpit/collections/save_collection\u003c/code\u003e endpoint containing PHP code within collection rules parameters.\u003c/li\u003e\n\u003cli\u003eThe application saves the attacker-supplied PHP code into a PHP file on the server.\u003c/li\u003e\n\u003cli\u003eThe application uses the \u003ccode\u003einclude()\u003c/code\u003e function to execute the PHP file.\u003c/li\u003e\n\u003cli\u003eThe injected PHP code executes arbitrary commands on the underlying server, granting the attacker control of the system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to execute arbitrary commands on the underlying server. This can lead to complete system compromise, including data theft, modification, or deletion. Given the high CVSS score (8.8), this vulnerability poses a critical risk, especially for internet-facing Cockpit CMS installations. Organizations in any sector using Cockpit CMS are potentially affected.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch or upgrade to a version of Cockpit CMS that addresses CVE-2026-34965 to remediate the vulnerability.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious Cockpit CMS Save Collection Activity\u003c/code\u003e to identify potential exploitation attempts in web server logs.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for POST requests to \u003ccode\u003e/cockpit/collections/save_collection\u003c/code\u003e with suspicious characters or PHP code in the request body, as detected by the Sigma rule \u003ccode\u003eDetect PHP Code Injection in Cockpit CMS Collections\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-29T20:16:29Z","date_published":"2026-04-29T20:16:29Z","id":"/briefs/2026-04-cockpit-rce/","summary":"Cockpit CMS is vulnerable to authenticated remote code execution via PHP code injection in the /cockpit/collections/save_collection endpoint, enabling attackers with collection management privileges to execute arbitrary commands on the server.","title":"Cockpit CMS Authenticated Remote Code Execution via Code Injection","url":"https://feed.craftedsignal.io/briefs/2026-04-cockpit-rce/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-7466"}],"_cs_exploited":false,"_cs_products":["AgentFlow"],"_cs_severities":["critical"],"_cs_tags":["cve-2026-7466","rce","code-injection"],"_cs_type":"advisory","_cs_vendors":["berabuddies"],"content_html":"\u003cp\u003eAgentFlow is susceptible to an arbitrary code execution vulnerability identified as CVE-2026-7466. This flaw stems from insufficient validation of the \u003ccode\u003epipeline_path\u003c/code\u003e parameter within the \u003ccode\u003e/api/runs\u003c/code\u003e and \u003ccode\u003e/api/runs/validate\u003c/code\u003e endpoints. By crafting malicious POST requests and supplying a user-controlled \u003ccode\u003epipeline_path\u003c/code\u003e, an attacker can induce the AgentFlow API to load and execute arbitrary Python pipeline files present on the server\u0026rsquo;s filesystem. Successful exploitation leads to code execution within the security context of the user running AgentFlow, potentially granting the attacker full control over the affected system. This vulnerability poses a significant threat to organizations utilizing AgentFlow, as it can lead to data breaches, system compromise, and other malicious activities.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies an AgentFlow instance running a vulnerable version.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a POST request to the \u003ccode\u003e/api/runs\u003c/code\u003e endpoint, including a \u003ccode\u003epipeline_path\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003epipeline_path\u003c/code\u003e parameter is set to the path of a malicious Python file already existing on the AgentFlow server (or uploaded previously through other means).\u003c/li\u003e\n\u003cli\u003eThe attacker sends the malicious POST request to the \u003ccode\u003e/api/runs\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eAgentFlow processes the request without properly validating the \u003ccode\u003epipeline_path\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAgentFlow loads and executes the Python file specified in the \u003ccode\u003epipeline_path\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker-controlled Python code executes with the privileges of the AgentFlow process.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves arbitrary code execution, potentially leading to complete system compromise, data exfiltration, or denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-7466 allows an attacker to execute arbitrary code on the AgentFlow server. This can lead to a complete compromise of the system, including the theft of sensitive data, modification of critical system files, or the installation of backdoors for persistent access. The severity of the impact depends on the privileges of the user account running AgentFlow, but in many cases, it can lead to full system administrator access.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement input validation and sanitization on the \u003ccode\u003epipeline_path\u003c/code\u003e parameter within the \u003ccode\u003e/api/runs\u003c/code\u003e and \u003ccode\u003e/api/runs/validate\u003c/code\u003e endpoints to prevent arbitrary file loading and execution.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for POST requests to \u003ccode\u003e/api/runs\u003c/code\u003e and \u003ccode\u003e/api/runs/validate\u003c/code\u003e containing suspicious \u003ccode\u003epipeline_path\u003c/code\u003e values (see example Sigma rule below).\u003c/li\u003e\n\u003cli\u003eRestrict file system permissions to limit the ability of the AgentFlow user to read and execute arbitrary Python files.\u003c/li\u003e\n\u003cli\u003eApply available patches or updates for AgentFlow as soon as they are released to address this vulnerability.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-29T19:16:27Z","date_published":"2026-04-29T19:16:27Z","id":"/briefs/2026-04-agentflow-rce/","summary":"AgentFlow is vulnerable to arbitrary code execution (CVE-2026-7466) by manipulating the `pipeline_path` parameter in POST requests to `/api/runs` and `/api/runs/validate`, allowing attackers to execute arbitrary Python code.","title":"AgentFlow Arbitrary Code Execution via Pipeline Path Manipulation (CVE-2026-7466)","url":"https://feed.craftedsignal.io/briefs/2026-04-agentflow-rce/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["ci4-cms-erp/ci4ms"],"_cs_severities":["critical"],"_cs_tags":["zip-slip","rce","code-injection","vulnerability"],"_cs_type":"advisory","_cs_vendors":["composer"],"content_html":"\u003cp\u003eA Zip Slip vulnerability exists in the CI4MS backup restore functionality. Authenticated users with backup creation permissions can exploit this by uploading a specially crafted ZIP archive. The vulnerability lies in the \u003ccode\u003eBackup::restore\u003c/code\u003e function (modules/Backup/Controllers/Backup.php), where the application extracts the uploaded ZIP without proper validation of the entry names. This allows an attacker to write files to arbitrary locations, including the public web root, leading to remote code execution (RCE). This vulnerability affects CI4MS versions prior to 0.31.5.0. By crafting a ZIP file with malicious paths, attackers can bypass intended directory restrictions.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn authenticated user with \u003ccode\u003ecreate\u003c/code\u003e role accesses the vulnerable \u003ccode\u003e/backend/backup/restore\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious ZIP archive containing a PHP file (e.g., \u003ccode\u003eshell.php\u003c/code\u003e) with a path traversing outside the intended extraction directory (e.g., \u003ccode\u003e../../public/shell.php\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe attacker uploads the malicious ZIP archive via the \u003ccode\u003ebackup_file\u003c/code\u003e parameter in a POST request.\u003c/li\u003e\n\u003cli\u003eThe server moves the uploaded ZIP file to \u003ccode\u003eWRITEPATH . 'uploads/'\u003c/code\u003e without sanitizing or validating the ZIP entry names.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eZipArchive::extractTo()\u003c/code\u003e function is called on the uploaded ZIP, extracting the malicious file to the specified path \u003ccode\u003e../../public/shell.php\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe PHP file is written to the web root, allowing for remote code execution.\u003c/li\u003e\n\u003cli\u003eThe attacker triggers the injected PHP code by sending a request to \u003ccode\u003e/shell.php?c=id\u003c/code\u003e, executing arbitrary commands on the server.\u003c/li\u003e\n\u003cli\u003eThe attacker gains complete control over the compromised server, including access to sensitive data and the ability to further compromise the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to achieve remote code execution (RCE) on the CI4MS server. This can lead to full compromise of the installation, including the database credentials stored in \u003ccode\u003e.env\u003c/code\u003e and any other sensitive data handled by the site. Because the affected route is in the \u003ccode\u003ecsrfExcept\u003c/code\u003e list, this vulnerability can be triggered cross-site against a logged-in administrator, potentially leading to drive-by RCE against site operators. The vulnerability affects versions of \u003ccode\u003ecomposer/ci4-cms-erp/ci4ms\u003c/code\u003e prior to \u003ccode\u003e0.31.5.0\u003c/code\u003e.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ccode\u003ecomposer/ci4-cms-erp/ci4ms\u003c/code\u003e to version 0.31.5.0 or later to patch the vulnerability as described in GHSA-xp9f-pvvc-57p4.\u003c/li\u003e\n\u003cli\u003eImplement server-side validation of uploaded ZIP archive entry names to prevent path traversal vulnerabilities. Specifically, validate the file paths extracted from the ZIP archive before calling \u003ccode\u003eextractTo()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect CI4MS Zip Slip via Web Request\u003c/code\u003e to identify potential exploitation attempts by monitoring HTTP requests to the vulnerable endpoint.\u003c/li\u003e\n\u003cli\u003eEnable web server logging and monitor for suspicious file creations, especially in web-accessible directories, after ZIP archive uploads, based on the attack chain described above.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-22T17:28:39Z","date_published":"2026-04-22T17:28:39Z","id":"/briefs/2024-01-09-ci4ms-zip-slip/","summary":"The CI4MS Backup restore function is vulnerable to Zip Slip, allowing remote code execution by uploading a malicious ZIP archive that writes PHP files to the public web root due to missing validation of entry names during extraction, affecting versions prior to 0.31.5.0.","title":"CI4MS Backup Restore Zip Slip Vulnerability Leads to RCE","url":"https://feed.craftedsignal.io/briefs/2024-01-09-ci4ms-zip-slip/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["code-injection","remote-code-execution","agentscope"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA critical code injection vulnerability, identified as CVE-2026-6603, affects modelscope agentscope versions up to 1.0.18. The vulnerability resides within the \u003ccode\u003eexecute_python_code\u003c/code\u003e and \u003ccode\u003eexecute_shell_command\u003c/code\u003e functions in the \u003ccode\u003esrc/AgentScope/tool/_coding/_python.py\u003c/code\u003e file. This flaw allows an attacker to inject arbitrary code, leading to potential remote code execution on the affected system. A public exploit is available, increasing the risk of widespread exploitation. The vendor was contacted but has not responded to the disclosure. This vulnerability poses a significant threat to systems running vulnerable versions of agentscope, potentially leading to compromise and unauthorized access.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable instance of modelscope agentscope running a version up to 1.0.18.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request targeting the \u003ccode\u003eexecute_python_code\u003c/code\u003e or \u003ccode\u003eexecute_shell_command\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe malicious request injects arbitrary code into the vulnerable function\u0026rsquo;s input.\u003c/li\u003e\n\u003cli\u003eThe application processes the injected code without proper sanitization or validation.\u003c/li\u003e\n\u003cli\u003eThe injected code is executed by the system, potentially allowing the attacker to execute arbitrary commands.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the executed code to gain further access to the system or network.\u003c/li\u003e\n\u003cli\u003eThe attacker installs malware, establishes persistence, or exfiltrates sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-6603 can result in arbitrary code execution on the affected system. This can lead to complete system compromise, data breaches, and unauthorized access to sensitive information. While the exact number of victims is currently unknown, the availability of a public exploit makes widespread exploitation highly probable. Organizations using modelscope agentscope are at risk and should take immediate action to mitigate this vulnerability.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade modelscope agentscope to a patched version beyond 1.0.18 to remediate the vulnerability (CVE-2026-6603).\u003c/li\u003e\n\u003cli\u003eImplement the provided Sigma rule to detect suspicious process execution originating from the agentscope application server.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for unusual requests targeting the \u003ccode\u003eexecute_python_code\u003c/code\u003e or \u003ccode\u003eexecute_shell_command\u003c/code\u003e endpoints (webserver log source).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-20T05:16:15Z","date_published":"2026-04-20T05:16:15Z","id":"/briefs/2026-04-agentscope-code-injection/","summary":"A code injection vulnerability exists in modelscope agentscope up to version 1.0.18, specifically affecting the execute_python_code/execute_shell_command functions, allowing for remote code execution.","title":"Modelscope Agentscope Code Injection Vulnerability (CVE-2026-6603)","url":"https://feed.craftedsignal.io/briefs/2026-04-agentscope-code-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-6594"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["prototype-pollution","javascript","code-injection","cve-2026-6594"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA prototype pollution vulnerability, identified as CVE-2026-6594, affects brikcss merge versions up to 1.3.0. This vulnerability allows a remote attacker to manipulate the \u003cstrong\u003eproto\u003c/strong\u003e/constructor.prototype/prototype argument, leading to the modification of object prototype attributes. The vendor was notified, but did not respond. Successful exploitation can lead to denial of service, code injection, or other unintended behaviors in applications using the affected library. Prototype pollution vulnerabilities are particularly concerning as they can have widespread effects, potentially impacting multiple parts of an application or even other applications sharing the same JavaScript runtime.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable endpoint in an application using brikcss merge \u0026lt;= 1.3.0.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious payload containing a \u003ccode\u003e__proto__\u003c/code\u003e, \u003ccode\u003econstructor.prototype\u003c/code\u003e, or \u003ccode\u003eprototype\u003c/code\u003e property.\u003c/li\u003e\n\u003cli\u003eThe malicious payload is sent to the vulnerable endpoint, often as part of a JSON object within a POST request.\u003c/li\u003e\n\u003cli\u003eThe brikcss merge function processes the payload without proper sanitization or input validation.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003e__proto__\u003c/code\u003e property is used to modify the prototype of JavaScript objects.\u003c/li\u003e\n\u003cli\u003eThe prototype modification injects malicious properties or methods into all objects inheriting from the modified prototype.\u003c/li\u003e\n\u003cli\u003eThe application executes code that relies on the now-polluted prototype.\u003c/li\u003e\n\u003cli\u003eThis leads to unexpected behavior, such as arbitrary code execution, denial-of-service, or information disclosure.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-6594 can lead to a variety of impacts, including denial of service, arbitrary code execution, and information disclosure. Since the vulnerability allows for modification of object prototypes, the impact can be widespread, affecting multiple parts of an application and potentially other applications. The number of affected applications is currently unknown, but any application using a vulnerable version of brikcss merge is potentially at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade brikcss merge to a patched version or remove the library entirely from your project to remediate CVE-2026-6594.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Prototype Pollution via HTTP Request\u0026rdquo; to detect exploitation attempts targeting web applications that use brikcss merge.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization on all user-supplied data processed by brikcss merge to prevent malicious payloads from being processed.\u003c/li\u003e\n\u003cli\u003eReview and audit code that uses brikcss merge to identify potential vulnerable code paths.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for requests containing \u003ccode\u003e__proto__\u003c/code\u003e, \u003ccode\u003econstructor.prototype\u003c/code\u003e, or \u003ccode\u003eprototype\u003c/code\u003e parameters in the request body as described in the attack chain.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-20T02:16:15Z","date_published":"2026-04-20T02:16:15Z","id":"/briefs/2026-04-brikcss-prototype-pollution/","summary":"A prototype pollution vulnerability (CVE-2026-6594) in brikcss merge up to version 1.3.0 allows remote attackers to modify object prototype attributes by manipulating the __proto__/constructor.prototype/prototype argument.","title":"brikcss merge Prototype Pollution Vulnerability (CVE-2026-6594)","url":"https://feed.craftedsignal.io/briefs/2026-04-brikcss-prototype-pollution/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-5970"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["code-injection","metagpt","cve-2026-5970"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-5970 is a critical vulnerability affecting FoundationAgents MetaGPT, a framework for multi-agent systems, up to version 0.8.1. The vulnerability resides within the \u003ccode\u003echeck_solution\u003c/code\u003e function of the \u003ccode\u003eHumanEvalBenchmark/MBPPBenchmark\u003c/code\u003e component. This flaw enables a remote attacker to inject and execute arbitrary code by manipulating input parameters. The vulnerability has been publicly disclosed and exploits are readily available. The maintainers of the MetaGPT project were notified via pull request but have not yet addressed the issue, increasing the risk to users of affected versions. Successful exploitation could lead to complete system compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable MetaGPT instance running a version \u0026lt;= 0.8.1.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious input designed to exploit the \u003ccode\u003echeck_solution\u003c/code\u003e function within the \u003ccode\u003eHumanEvalBenchmark/MBPPBenchmark\u003c/code\u003e component.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted input to the MetaGPT instance, potentially via a network request or other remote interface.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003echeck_solution\u003c/code\u003e function processes the malicious input without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe lack of input sanitization allows the attacker to inject arbitrary code.\u003c/li\u003e\n\u003cli\u003eThe injected code is then executed within the context of the MetaGPT application.\u003c/li\u003e\n\u003cli\u003eDepending on the privileges of the MetaGPT process, the attacker can gain control of the system or access sensitive data.\u003c/li\u003e\n\u003cli\u003eThe attacker may use this initial access to pivot to other systems within the network, install malware, or exfiltrate data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-5970 allows remote attackers to execute arbitrary code on systems running vulnerable versions of FoundationAgents MetaGPT. This can lead to complete system compromise, data breaches, and further malicious activities within the compromised environment. Given the nature of MetaGPT, this could potentially affect development environments, CI/CD pipelines, or even production systems where the framework is utilized, leading to significant financial and reputational damage.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to a patched version of MetaGPT as soon as one becomes available.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious activity targeting MetaGPT instances, using network connection logs.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization measures within the \u003ccode\u003echeck_solution\u003c/code\u003e function (if possible as a temporary mitigation) to prevent code injection.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule below to detect attempts to exploit this vulnerability based on suspicious process creation related to MetaGPT.\u003c/li\u003e\n\u003cli\u003eReview and restrict network access to MetaGPT instances to minimize the attack surface.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-09T18:17:04Z","date_published":"2026-04-09T18:17:04Z","id":"/briefs/2026-04-metagpt-code-injection/","summary":"A code injection vulnerability, CVE-2026-5970, exists in FoundationAgents MetaGPT up to version 0.8.1, allowing remote attackers to execute arbitrary code via manipulation of the `check_solution` function in the HumanEvalBenchmark/MBPPBenchmark component.","title":"MetaGPT Code Injection Vulnerability (CVE-2026-5970)","url":"https://feed.craftedsignal.io/briefs/2026-04-metagpt-code-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-5971"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["code-injection","vulnerability","metagpt","CVE-2026-5971"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA code injection vulnerability, identified as CVE-2026-5971, has been discovered in FoundationAgents MetaGPT versions up to 0.8.1. The vulnerability resides in the \u003ccode\u003eActionNode.xml_fill\u003c/code\u003e function within the \u003ccode\u003emetagpt/actions/action_node.py\u003c/code\u003e file, specifically related to the XML Handler component. This flaw allows a remote attacker to inject malicious code by exploiting improper neutralization of directives in dynamically evaluated code. A proof-of-concept exploit is publicly available, increasing the likelihood of exploitation. The project maintainers were notified of the vulnerability via a pull request but have not yet addressed the issue. This poses a significant risk to systems using vulnerable versions of MetaGPT, especially those exposed to untrusted input.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a MetaGPT instance running a vulnerable version (\u0026lt;= 0.8.1).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts malicious XML input designed to exploit the \u003ccode\u003eActionNode.xml_fill\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the malicious XML to the MetaGPT instance through a network request, likely via an API endpoint.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eActionNode.xml_fill\u003c/code\u003e function processes the malicious XML, failing to properly neutralize directives.\u003c/li\u003e\n\u003cli\u003eThe injected code is dynamically evaluated within the MetaGPT environment.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution within the MetaGPT process, potentially escalating privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the code execution to compromise the system, potentially gaining access to sensitive data.\u003c/li\u003e\n\u003cli\u003eThe attacker exfiltrates sensitive data or causes other damage based on their objectives.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-5971 can lead to arbitrary code execution on systems running vulnerable versions of FoundationAgents MetaGPT (\u0026lt;= 0.8.1). This could allow attackers to steal sensitive information, modify system configurations, install malware, or disrupt services. The availability of a public exploit increases the likelihood of widespread attacks targeting vulnerable systems. The specific number of potential victims and targeted sectors are currently unknown, but any system running MetaGPT and processing potentially malicious XML input is at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply any available patches or updates for FoundationAgents MetaGPT to address CVE-2026-5971 as soon as they are released.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization measures to prevent malicious XML from being processed by the \u003ccode\u003eActionNode.xml_fill\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious activity related to XML processing, such as unusual requests or errors. Deploy the Sigma rule \u003ccode\u003eDetect MetaGPT XML Injection Attempt\u003c/code\u003e to identify potential exploit attempts based on HTTP request characteristics.\u003c/li\u003e\n\u003cli\u003eEnable process monitoring to detect suspicious processes spawned by MetaGPT, especially those with network connections. Deploy the Sigma rule \u003ccode\u003eDetect MetaGPT Suspicious Child Processes\u003c/code\u003e to identify potential post-exploitation activity.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-09T18:17:04Z","date_published":"2026-04-09T18:17:04Z","id":"/briefs/2024-01-29-metagpt-code-injection/","summary":"A code injection vulnerability exists in FoundationAgents MetaGPT \u003c= 0.8.1 within the ActionNode.xml_fill function, allowing remote attackers to inject code due to improper neutralization of directives in dynamically evaluated code.","title":"FoundationAgents MetaGPT Code Injection Vulnerability (CVE-2026-5971)","url":"https://feed.craftedsignal.io/briefs/2024-01-29-metagpt-code-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.2,"id":"CVE-2024-1490"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2024-1490","wago-plc","openvpn","rce","code-injection"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2024-1490 describes a critical vulnerability affecting WAGO Programmable Logic Controllers (PLCs). A remote attacker with existing high-privilege access to the PLC\u0026rsquo;s web-based management interface can exploit the OpenVPN configuration. The vulnerability stems from insufficient input validation within the OpenVPN configuration settings. If the PLC\u0026rsquo;s OpenVPN setup permits user-defined scripts, a malicious actor can inject arbitrary shell commands. Successful exploitation allows the attacker to execute arbitrary code on the underlying operating system of the WAGO PLC, potentially leading to full device compromise. This vulnerability was reported by CERT VDE and impacts WAGO PLCs that utilize a vulnerable web-based management interface and permit user-defined scripts in their OpenVPN configuration.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker gains initial high-privilege access to the WAGO PLC\u0026rsquo;s web-based management interface.\u003c/li\u003e\n\u003cli\u003eThe attacker navigates to the OpenVPN configuration section within the management interface.\u003c/li\u003e\n\u003cli\u003eThe attacker identifies that the OpenVPN configuration allows for user-defined scripts.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious OpenVPN configuration file or injects malicious commands via existing configuration options. This configuration contains embedded shell commands designed for execution on the PLC.\u003c/li\u003e\n\u003cli\u003eThe attacker uploads or applies the modified OpenVPN configuration to the WAGO PLC through the web interface.\u003c/li\u003e\n\u003cli\u003eThe WAGO PLC processes the OpenVPN configuration, leading to the execution of the attacker-supplied shell commands.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves arbitrary code execution on the underlying operating system of the WAGO PLC.\u003c/li\u003e\n\u003cli\u003eThe attacker can then use this initial foothold to perform further actions, such as deploying malware, exfiltrating sensitive information, or disrupting industrial processes.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2024-1490 allows an attacker to execute arbitrary code on a WAGO PLC. This can lead to complete compromise of the device, potentially affecting the industrial processes it controls. An attacker could disrupt operations, manipulate data, or use the compromised PLC as a pivot point for further attacks within the industrial network. The severity of the impact depends on the role of the compromised PLC within the industrial environment, potentially leading to significant financial losses, safety incidents, or reputational damage.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestrict access to the WAGO PLC\u0026rsquo;s web-based management interface by enforcing strong authentication and authorization mechanisms to prevent unauthorized access (refer to CVE-2024-1490).\u003c/li\u003e\n\u003cli\u003eDisable or restrict the use of user-defined scripts within the OpenVPN configuration to mitigate the risk of command injection (refer to CVE-2024-1490).\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious activity related to OpenVPN configuration changes, looking for unusual POST requests or configuration parameters (see \u0026ldquo;rules\u0026rdquo; section below).\u003c/li\u003e\n\u003cli\u003eImplement regular security audits of WAGO PLC configurations, focusing on OpenVPN settings and user-defined scripts (refer to CVE-2024-1490).\u003c/li\u003e\n\u003cli\u003eReview and apply the security recommendations provided by CERT VDE in their advisory, available at \u003ca href=\"https://certvde.com/de/advisories/VDE-2024-008\"\u003ehttps://certvde.com/de/advisories/VDE-2024-008\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-09T11:16:19Z","date_published":"2026-04-09T11:16:19Z","id":"/briefs/2026-04-wago-plc-openvpn-rce/","summary":"An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC to achieve arbitrary command execution on the device.","title":"WAGO PLC OpenVPN Configuration Vulnerability (CVE-2024-1490)","url":"https://feed.craftedsignal.io/briefs/2026-04-wago-plc-openvpn-rce/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-5739"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["code-injection","powerjob","cve-2026-5739"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA critical code injection vulnerability, identified as CVE-2026-5739, has been discovered in PowerJob, an open-source distributed job scheduling and management platform. This vulnerability affects versions 5.1.0, 5.1.1, and 5.1.2. The vulnerability resides in the \u003ccode\u003eGroovyEvaluator.evaluate\u003c/code\u003e function of the \u003ccode\u003e/openApi/addWorkflowNode\u003c/code\u003e endpoint within the OpenAPI component. By manipulating the \u003ccode\u003enodeParams\u003c/code\u003e argument, a remote attacker can inject and execute arbitrary code on the server. This vulnerability can be exploited without authentication, posing a significant threat to systems running vulnerable PowerJob instances. The vendor has been notified, but has not yet responded.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable PowerJob instance running versions 5.1.0, 5.1.1, or 5.1.2.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u003ccode\u003e/openApi/addWorkflowNode\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eWithin the HTTP request, the attacker injects malicious code into the \u003ccode\u003enodeParams\u003c/code\u003e argument, leveraging the \u003ccode\u003eGroovyEvaluator.evaluate\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe PowerJob server receives the request and passes the attacker-controlled \u003ccode\u003enodeParams\u003c/code\u003e argument to the vulnerable function.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eGroovyEvaluator.evaluate\u003c/code\u003e function processes the malicious code, leading to arbitrary code execution on the server.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the PowerJob server with the privileges of the PowerJob process.\u003c/li\u003e\n\u003cli\u003eThe attacker can then use this access to move laterally within the network, exfiltrate sensitive data, or cause a denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-5739 allows unauthenticated remote attackers to execute arbitrary code on the PowerJob server. This could lead to complete system compromise, data breaches, or disruption of critical job scheduling processes. Given the nature of job scheduling platforms, compromised servers could be used to compromise other systems in the network.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade PowerJob instances to a patched version that addresses CVE-2026-5739 as soon as a patch is released by the vendor.\u003c/li\u003e\n\u003cli\u003eImplement network segmentation to limit the impact of a potential compromise of the PowerJob server.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests targeting the \u003ccode\u003e/openApi/addWorkflowNode\u003c/code\u003e endpoint, looking for unusual characters or patterns in the \u003ccode\u003enodeParams\u003c/code\u003e argument.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect PowerJob Groovy Code Injection Attempt\u003c/code\u003e to detect exploitation attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-07T20:16:34Z","date_published":"2026-04-07T20:16:34Z","id":"/briefs/2026-04-powerjob-code-injection/","summary":"A code injection vulnerability exists in PowerJob versions 5.1.0, 5.1.1, and 5.1.2, allowing remote attackers to execute arbitrary code via the GroovyEvaluator.evaluate function in the OpenAPI Endpoint component by manipulating the nodeParams argument.","title":"PowerJob OpenAPI Endpoint Code Injection Vulnerability (CVE-2026-5739)","url":"https://feed.craftedsignal.io/briefs/2026-04-powerjob-code-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-5631"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["code-injection","vulnerability","gpt-researcher"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA code injection vulnerability, identified as CVE-2026-5631, affects assafelovic gpt-researcher up to version 3.4.3. The vulnerability resides in the \u003ccode\u003eextract_command_data\u003c/code\u003e function within the \u003ccode\u003ebackend/server/server_utils.py\u003c/code\u003e file, specifically in the \u003ccode\u003ews Endpoint\u003c/code\u003e component. By manipulating the \u003ccode\u003eargs\u003c/code\u003e argument, a remote attacker can inject and execute arbitrary code on the affected system. Public exploit code is available, increasing the risk of exploitation. The maintainers of the \u003ccode\u003egpt-researcher\u003c/code\u003e project have been notified of this vulnerability through an issue report, but have yet to respond. This vulnerability allows for unauthenticated remote code execution, severely impacting the confidentiality, integrity, and availability of the system.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable instance of \u003ccode\u003egpt-researcher\u003c/code\u003e running version 3.4.3 or earlier.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious payload designed to exploit the \u003ccode\u003eextract_command_data\u003c/code\u003e function within \u003ccode\u003ebackend/server/server_utils.py\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a specially crafted request containing the malicious payload to the \u003ccode\u003ews Endpoint\u003c/code\u003e via a remote connection.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eextract_command_data\u003c/code\u003e function processes the attacker-supplied \u003ccode\u003eargs\u003c/code\u003e without proper sanitization or validation.\u003c/li\u003e\n\u003cli\u003eDue to the missing input validation, the malicious payload is interpreted as code.\u003c/li\u003e\n\u003cli\u003eThe injected code is executed within the context of the \u003ccode\u003egpt-researcher\u003c/code\u003e application, potentially granting the attacker elevated privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker establishes a reverse shell to gain persistent access to the server.\u003c/li\u003e\n\u003cli\u003eThe attacker compromises sensitive data or pivots to other systems on the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-5631 allows a remote, unauthenticated attacker to execute arbitrary code on the server running the vulnerable \u003ccode\u003egpt-researcher\u003c/code\u003e instance. The attacker can gain complete control of the affected system, potentially leading to data breaches, service disruption, or further lateral movement within the network. Given that \u003ccode\u003egpt-researcher\u003c/code\u003e is often used in research or development environments, the compromise could result in the theft of sensitive intellectual property or research data. The ease of exploitation due to the availability of public exploits increases the likelihood of widespread attacks.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to a patched version of \u003ccode\u003egpt-researcher\u003c/code\u003e as soon as one becomes available to remediate CVE-2026-5631.\u003c/li\u003e\n\u003cli\u003eDeploy the following Sigma rule to detect potential exploitation attempts targeting the \u003ccode\u003eextract_command_data\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious requests to the \u003ccode\u003ews Endpoint\u003c/code\u003e associated with \u003ccode\u003egpt-researcher\u003c/code\u003e to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization measures within the \u003ccode\u003eextract_command_data\u003c/code\u003e function to prevent code injection, as suggested by CVE-2026-5631.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-06T07:16:01Z","date_published":"2026-04-06T07:16:01Z","id":"/briefs/2026-04-gpt-researcher-code-injection/","summary":"A remote code injection vulnerability exists in assafelovic gpt-researcher versions up to 3.4.3 due to improper handling of the 'args' argument in the extract_command_data function, potentially allowing attackers to execute arbitrary code.","title":"GPT Researcher Code Injection Vulnerability (CVE-2026-5631)","url":"https://feed.craftedsignal.io/briefs/2026-04-gpt-researcher-code-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-5584"}],"_cs_exploited":true,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["code-injection","vulnerability","fosowl","cve-2026-5584"],"_cs_type":"threat","_cs_vendors":[],"content_html":"\u003cp\u003eFosowl agenticSeek version 0.1.0 is vulnerable to code injection (CVE-2026-5584). The vulnerability lies within the \u003ccode\u003ePyInterpreter.execute\u003c/code\u003e function in the \u003ccode\u003esources/tools/PyInterpreter.py\u003c/code\u003e file, specifically related to the query endpoint. An unauthenticated attacker can exploit this flaw to inject and execute arbitrary code remotely. The vulnerability was reported to the vendor, but they did not respond, and a public exploit is available, increasing the risk of active exploitation. This poses a significant threat because successful exploitation allows for complete system compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable instance of Fosowl agenticSeek 0.1.0.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request targeting the query endpoint.\u003c/li\u003e\n\u003cli\u003eThe crafted request includes a payload designed to exploit the \u003ccode\u003ePyInterpreter.execute\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ePyInterpreter.execute\u003c/code\u003e function processes the malicious payload without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe unsanitized payload is executed as code by the Python interpreter.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution on the server hosting Fosowl agenticSeek.\u003c/li\u003e\n\u003cli\u003eThe attacker escalates privileges, potentially gaining root access.\u003c/li\u003e\n\u003cli\u003eThe attacker installs malware, exfiltrates data, or performs other malicious actions.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-5584 allows a remote attacker to execute arbitrary code on the affected system. This can lead to complete system compromise, data theft, or denial-of-service. Given the availability of a public exploit, unpatched systems are at high risk of being targeted. The specific number of potential victims and targeted sectors are currently unknown.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Fosowl agenticSeek to a patched version if available.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization on the query endpoint to prevent code injection.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Fosowl agenticSeek Code Injection Attempt\u003c/code\u003e to identify exploitation attempts.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests targeting the query endpoint (\u003ccode\u003ewebserver\u003c/code\u003e log source).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-05T17:16:57Z","date_published":"2026-04-05T17:16:57Z","id":"/briefs/2026-04-fosowl-code-injection/","summary":"A code injection vulnerability (CVE-2026-5584) exists in Fosowl agenticSeek 0.1.0, allowing remote attackers to execute arbitrary code by manipulating the query endpoint through the PyInterpreter.execute function.","title":"Fosowl agenticSeek 0.1.0 Code Injection Vulnerability (CVE-2026-5584)","url":"https://feed.craftedsignal.io/briefs/2026-04-fosowl-code-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-5562"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["code-injection","kafka-ui","vulnerability"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA code injection vulnerability, identified as CVE-2026-5562, affects provectus kafka-ui versions up to 0.7.2. The vulnerability resides within the \u003ccode\u003evalidateAccess\u003c/code\u003e function of the \u003ccode\u003e/api/smartfilters/testexecutions\u003c/code\u003e endpoint, potentially allowing remote attackers to inject arbitrary code. This vulnerability allows for remote code execution, potentially leading to complete system compromise. The vendor was notified but did not respond. A public exploit is reportedly available, increasing the risk of exploitation. This poses a significant risk to organizations utilizing vulnerable versions of Kafka UI.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable Kafka UI instance running a version prior to 0.7.3.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u003ccode\u003e/api/smartfilters/testexecutions\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eWithin the crafted request, the attacker injects malicious code into the \u003ccode\u003evalidateAccess\u003c/code\u003e function parameters.\u003c/li\u003e\n\u003cli\u003eThe Kafka UI application processes the request without proper sanitization of the injected code.\u003c/li\u003e\n\u003cli\u003eThe injected code is executed within the context of the application server.\u003c/li\u003e\n\u003cli\u003eThe attacker gains the ability to execute arbitrary commands on the server.\u003c/li\u003e\n\u003cli\u003eThe attacker establishes a persistent connection to the compromised system, potentially via a reverse shell.\u003c/li\u003e\n\u003cli\u003eThe attacker pivots to other systems or resources within the network, potentially leading to data exfiltration or other malicious activities.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-5562 can lead to arbitrary code execution on the server hosting the Provectus Kafka UI. This could allow attackers to gain complete control of the affected system, potentially leading to data breaches, service disruption, or further lateral movement within the network. Due to the public availability of a reported exploit, organizations running vulnerable versions of Kafka UI are at increased risk of attack. The lack of vendor response also raises concerns about future patches or mitigations.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Provectus Kafka UI to a version greater than 0.7.2 to remediate CVE-2026-5562.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization on the \u003ccode\u003e/api/smartfilters/testexecutions\u003c/code\u003e endpoint to prevent code injection attacks.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Kafka UI Code Injection Attempt\u003c/code\u003e to identify potential exploitation attempts targeting CVE-2026-5562.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious POST requests to \u003ccode\u003e/api/smartfilters/testexecutions\u003c/code\u003e containing potentially malicious code.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-05T11:16:56Z","date_published":"2026-04-05T11:16:56Z","id":"/briefs/2026-04-kafka-ui-code-injection/","summary":"A code injection vulnerability exists in provectus kafka-ui up to version 0.7.2, specifically affecting the validateAccess function within the /api/smartfilters/testexecutions endpoint, allowing remote attackers to inject code.","title":"Provectus Kafka UI Code Injection Vulnerability (CVE-2026-5562)","url":"https://feed.craftedsignal.io/briefs/2026-04-kafka-ui-code-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-30643"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["dedecms","code-injection","cve-2026-30643"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eDedeCMS version 5.7.118 is susceptible to a critical code injection vulnerability (CVE-2026-30643) that allows unauthenticated attackers to execute arbitrary code on the server. The vulnerability stems from improper handling of setup tag values during module uploads. Successful exploitation of this flaw enables threat actors to compromise the web server, potentially leading to data breaches, system takeover, and further malicious activities. This vulnerability requires immediate attention from organizations using DedeCMS 5.7.118. The vulnerability was reported to MITRE on April 1, 2026.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a DedeCMS 5.7.118 instance accessible over the internet.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious module package containing a specially crafted setup tag within its configuration files.\u003c/li\u003e\n\u003cli\u003eThe attacker uploads the malicious module package to the DedeCMS instance.\u003c/li\u003e\n\u003cli\u003eDuring the module installation process, the DedeCMS application parses the module\u0026rsquo;s configuration files, including the malicious setup tag.\u003c/li\u003e\n\u003cli\u003eDue to insufficient input validation, the crafted setup tag injects arbitrary code into the application\u0026rsquo;s execution context.\u003c/li\u003e\n\u003cli\u003eThe injected code is executed by the web server, granting the attacker control over the system.\u003c/li\u003e\n\u003cli\u003eThe attacker can then use this initial foothold to execute system commands.\u003c/li\u003e\n\u003cli\u003eThe attacker establishes persistence and moves laterally within the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-30643 allows unauthenticated attackers to execute arbitrary code on the target system. This could lead to complete system compromise, data theft, defacement of the website, or further propagation of malware within the network. Given the severity and ease of exploitation, any DedeCMS 5.7.118 instance exposed to the internet is at high risk. Unpatched systems are vulnerable to complete takeover.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade DedeCMS to a patched version that addresses CVE-2026-30643.\u003c/li\u003e\n\u003cli\u003eImplement strict input validation on all user-supplied data, especially during module uploads, to prevent code injection.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule \u003ccode\u003eDetect DedeCMS Module Upload Code Injection\u003c/code\u003e to identify exploitation attempts.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs (category: webserver) for suspicious activity related to module installation and unusual requests.\u003c/li\u003e\n\u003cli\u003eApply the CWE-94 mitigations to prevent code injection at the application level.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-01T17:28:39Z","date_published":"2026-04-01T17:28:39Z","id":"/briefs/2026-04-dedecms-code-injection/","summary":"DedeCMS 5.7.118 is vulnerable to remote code execution via crafted setup tag values during a module upload, as exploited by an unauthenticated attacker (CVE-2026-30643).","title":"DedeCMS 5.7.118 Code Injection Vulnerability via Crafted Module Upload (CVE-2026-30643)","url":"https://feed.craftedsignal.io/briefs/2026-04-dedecms-code-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-35093"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["libinput","code-injection","lua","cve-2026-35093"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-35093 describes a code injection vulnerability within the libinput library. This flaw allows a local attacker with the ability to write files to specific system or user configuration directories to bypass security restrictions. By placing a maliciously crafted Lua bytecode file in these directories, an attacker can inject and execute arbitrary code. The injected code runs with the same privileges as the application using libinput, often a graphical compositor. This vulnerability was reported on April 1, 2026, and impacts systems where libinput is used to handle input devices. Successful exploitation can lead to significant compromise of the affected system, allowing attackers to perform actions such as keylogging or further escalating privileges.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker gains initial access to the target system with the ability to write files to the filesystem.\u003c/li\u003e\n\u003cli\u003eThe attacker identifies a system or user configuration directory that libinput reads Lua bytecode files from.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious Lua bytecode file designed to execute arbitrary code. This file exploits the vulnerability in libinput\u0026rsquo;s bytecode parsing.\u003c/li\u003e\n\u003cli\u003eThe attacker places the malicious Lua bytecode file into the identified configuration directory.\u003c/li\u003e\n\u003cli\u003eThe graphical compositor or other application using libinput loads and parses the malicious Lua bytecode file.\u003c/li\u003e\n\u003cli\u003eThe vulnerability in libinput is triggered, causing the malicious code within the bytecode file to be executed.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s code executes with the same privileges as the application using libinput, gaining control over the compositor.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the elevated privileges to monitor keyboard input, potentially stealing credentials or other sensitive information, and exfiltrates data to an external server.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-35093 allows a local attacker to execute arbitrary code with elevated privileges. This can lead to the compromise of sensitive data, such as keystrokes and credentials, as well as the potential for further system compromise. Given that libinput is used by many graphical compositors and other applications that handle input devices, a successful attack could impact a large number of systems. The impact includes data theft, privilege escalation, and the installation of persistent backdoors.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious Lua Bytecode File Creation\u003c/code\u003e to identify the creation of suspicious Lua bytecode files in configuration directories (logsource: \u003ccode\u003efile_event\u003c/code\u003e, rule title: \u003ccode\u003eDetect Suspicious Lua Bytecode File Creation\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eMonitor file creation events in libinput configuration directories for files with the \u003ccode\u003e.lua\u003c/code\u003e extension using file integrity monitoring tools.\u003c/li\u003e\n\u003cli\u003eApply any available patches for libinput to address CVE-2026-35093 as soon as they are released.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-01T14:16:57Z","date_published":"2026-04-01T14:16:57Z","id":"/briefs/2026-04-libinput-code-injection/","summary":"A local attacker can exploit CVE-2026-35093 in libinput by placing a specially crafted Lua bytecode file in configuration directories, allowing arbitrary code execution with the privileges of the application using libinput.","title":"Libinput Code Injection Vulnerability via Malicious Lua Bytecode (CVE-2026-35093)","url":"https://feed.craftedsignal.io/briefs/2026-04-libinput-code-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-35056"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["rce","xenforo","cve-2026-35056","code-injection"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-35056 describes a remote code execution vulnerability in XenForo versions prior to 2.3.9 and 2.2.18. This vulnerability allows an authenticated attacker with administrative privileges to execute arbitrary code on the server. The attacker must have valid administrator panel access to exploit this flaw. Successful exploitation leads to complete control over the affected XenForo instance and potentially the underlying server. Organizations using vulnerable XenForo versions are at high risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker gains valid administrative credentials to the XenForo panel, likely through credential theft or brute-force attack.\u003c/li\u003e\n\u003cli\u003eThe attacker logs into the XenForo admin panel.\u003c/li\u003e\n\u003cli\u003eThe attacker identifies an administrative function that allows for the injection of malicious code (e.g., template modification, plugin installation, or similar).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a payload containing malicious code (e.g., PHP code) designed to execute arbitrary commands on the server.\u003c/li\u003e\n\u003cli\u003eThe attacker injects the malicious payload into the vulnerable administrative function.\u003c/li\u003e\n\u003cli\u003eThe attacker triggers the execution of the injected payload by accessing the modified function or by some other user interaction.\u003c/li\u003e\n\u003cli\u003eThe malicious code executes on the server, granting the attacker initial access.\u003c/li\u003e\n\u003cli\u003eThe attacker can then leverage this access to install a web shell, escalate privileges, move laterally, or achieve other objectives.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-35056 allows a malicious administrator to execute arbitrary code on the XenForo server. This could lead to complete system compromise, data theft, defacement of the XenForo forum, or use of the server as a launching point for further attacks. Given the potentially sensitive data stored in forum databases, this vulnerability poses a significant risk to confidentiality, integrity, and availability.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately upgrade XenForo to version 2.3.9 or 2.2.18 or later to patch CVE-2026-35056.\u003c/li\u003e\n\u003cli\u003eImplement strong password policies and multi-factor authentication to prevent unauthorized access to administrator accounts.\u003c/li\u003e\n\u003cli\u003eMonitor XenForo admin panel activity for suspicious behavior, such as unexpected template modifications or plugin installations.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule to detect command execution from the web server process.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-01T01:16:41Z","date_published":"2026-04-01T01:16:41Z","id":"/briefs/2026-04-xenforo-rce/","summary":"XenForo before 2.3.9 and 2.2.18 allows remote code execution by authenticated, malicious admin users with admin panel access.","title":"XenForo RCE via Authenticated Admin User (CVE-2026-35056)","url":"https://feed.craftedsignal.io/briefs/2026-04-xenforo-rce/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2025-71281"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["xenforo","code-injection","cve-2025-71281"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eXenForo, a popular forum software, is susceptible to a code injection vulnerability identified as CVE-2025-71281. This flaw exists in versions prior to 2.3.7 and stems from insufficient restrictions on methods callable from within templates. Specifically, a loose prefix match is used instead of a stricter first-word match when determining the accessibility of methods through callbacks and variable method calls in templates. This can allow attackers with sufficient privileges to invoke unintended methods, potentially leading to arbitrary code execution. Successful exploitation requires that an attacker has the ability to modify templates, which typically necessitates having administrative or moderator privileges. The vulnerability was reported and patched in version 2.3.7 of XenForo.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains access to the XenForo admin panel, typically through stolen credentials or by exploiting a separate authentication vulnerability.\u003c/li\u003e\n\u003cli\u003eThe attacker navigates to the template management section of the admin panel.\u003c/li\u003e\n\u003cli\u003eThe attacker identifies a template that is frequently rendered or creates a new template.\u003c/li\u003e\n\u003cli\u003eThe attacker injects malicious code into the template that leverages the loose prefix matching vulnerability to call restricted PHP methods. The malicious code is crafted to exploit CVE-2025-71281.\u003c/li\u003e\n\u003cli\u003eWhen the template is rendered by XenForo, the injected code is processed. Due to the loose prefix matching, the malicious payload successfully calls a restricted function.\u003c/li\u003e\n\u003cli\u003eThe invoked method executes arbitrary code on the server, potentially leading to the installation of a web shell or other malicious software.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the web shell to further compromise the server, potentially gaining access to sensitive data or escalating privileges.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2025-71281 could allow an attacker with administrative or moderator privileges to execute arbitrary PHP code on the XenForo server. This can result in complete server compromise, data theft, defacement of the forum, or denial of service. The impact is significant because XenForo forums often host sensitive user data and are critical components of online communities. The severity is rated as High (CVSS 8.8) due to the potential for high confidentiality, integrity, and availability impact.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade XenForo to version 2.3.7 or later to patch CVE-2025-71281 as recommended by the vendor.\u003c/li\u003e\n\u003cli\u003eImplement strict access controls and regularly review the privileges assigned to administrators and moderators.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious Template Modification\u003c/code\u003e to monitor for unauthorized modifications to XenForo templates.\u003c/li\u003e\n\u003cli\u003eMonitor XenForo logs for any unusual activity related to template rendering or method calls, and investigate any suspicious patterns.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-01T01:16:40Z","date_published":"2026-04-01T01:16:40Z","id":"/briefs/2026-04-xenforo-code-injection/","summary":"XenForo before 2.3.7 is vulnerable to code injection due to a loose prefix match for methods accessible within templates, potentially allowing unauthorized method invocations.","title":"XenForo Template Code Injection Vulnerability (CVE-2025-71281)","url":"https://feed.craftedsignal.io/briefs/2026-04-xenforo-code-injection/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["CVE-2026-4965","code-injection","letta-ai"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eletta-ai letta version 0.16.4 is vulnerable to remote code injection due to improper neutralization of directives in dynamically evaluated code within the \u003ccode\u003eresolve_type\u003c/code\u003e function of \u003ccode\u003eletta/functions/ast_parsers.py\u003c/code\u003e. This vulnerability, identified as CVE-2026-4965, is a consequence of an incomplete fix for CVE-2025-6101. An unauthenticated, remote attacker can exploit this flaw by manipulating input to inject arbitrary code. The exploit is publicly available, increasing the risk of widespread…\u003c/p\u003e\n","date_modified":"2026-03-27T18:16:06Z","date_published":"2026-03-27T18:16:06Z","id":"/briefs/2026-03-letta-ai-code-injection/","summary":"letta-ai letta version 0.16.4 contains a remote code injection vulnerability (CVE-2026-4965) in the resolve_type function of ast_parsers.py, stemming from improper neutralization of directives in dynamically evaluated code, allowing unauthenticated remote attackers to execute arbitrary code.","title":"letta-ai letta 0.16.4 Remote Code Injection Vulnerability (CVE-2026-4965)","url":"https://feed.craftedsignal.io/briefs/2026-03-letta-ai-code-injection/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["n8n","vulnerability","rce","sqli","code-injection"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eMultiple critical vulnerabilities have been discovered in n8n, an extendable, node-based workflow automation tool used for connecting SaaS applications and automating complex business logic. These vulnerabilities, identified as CVE-2026-33696, CVE-2026-33660, and CVE-2026-33713, can be exploited by authenticated users. Successful exploitation allows for remote code execution on the host system, reading sensitive local files, and performing unauthorized database operations. The vulnerabilities affect the XML, GSuiteAdmin, and Merge nodes, as well as the Data Table Get node. These flaws represent a critical threat to the confidentiality and integrity of n8n deployments. The Centre for Cybersecurity Belgium (CCB) strongly recommends immediate patching.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker authenticates to an n8n instance.\u003c/li\u003e\n\u003cli\u003eFor CVE-2026-33696, the attacker crafts a malicious request targeting the XML or GSuiteAdmin node to write values to Object.prototype.\u003c/li\u003e\n\u003cli\u003eFor CVE-2026-33660, the attacker uses the Merge node with the \u0026ldquo;Combine by SQL\u0026rdquo; mode and exploits the AlaSQL sandbox escape to inject arbitrary code.\u003c/li\u003e\n\u003cli\u003eFor CVE-2026-33713, the attacker crafts a malicious SQL query via the Data Table Get node.\u003c/li\u003e\n\u003cli\u003eThe injected code or SQL commands are executed by the n8n server.\u003c/li\u003e\n\u003cli\u003eThe attacker gains the ability to read sensitive files from the host system.\u003c/li\u003e\n\u003cli\u003eThe attacker executes arbitrary commands on the host, leading to full remote code execution.\u003c/li\u003e\n\u003cli\u003eThe attacker performs unauthorized operations in the database, potentially modifying or deleting data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities allows an attacker to gain full remote code execution on the n8n host system, potentially compromising the entire server infrastructure. The attacker can also read sensitive local files, potentially exposing credentials and configuration data. In PostgreSQL deployments, the attacker can modify and delete data due to multi-statement execution capabilities via SQL injection (CVE-2026-33713). This can lead to significant data loss and disruption of services relying on the n8n platform.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately patch n8n instances to the latest version to address CVE-2026-33696, CVE-2026-33660, and CVE-2026-33713 (reference: CCB advisory).\u003c/li\u003e\n\u003cli\u003eImplement the provided Sigma rules to detect potential exploitation attempts in your n8n environment.\u003c/li\u003e\n\u003cli\u003eMonitor n8n logs for suspicious SQL queries and code execution patterns, focusing on the Data Table Get and Merge nodes (reference: CVE-2026-33713 and CVE-2026-33660 descriptions).\u003c/li\u003e\n\u003cli\u003eReview n8n access controls and ensure the principle of least privilege to minimize the impact of potential exploitation.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-27T09:40:27Z","date_published":"2026-03-27T09:40:27Z","id":"/briefs/2026-03-n8n-vulns/","summary":"Multiple critical vulnerabilities in n8n, including prototype pollution, code injection, and SQL injection, allow authenticated users to achieve remote code execution, read sensitive files, and perform unauthorized database operations.","title":"Critical Vulnerabilities in n8n Workflow Automation Tool","url":"https://feed.craftedsignal.io/briefs/2026-03-n8n-vulns/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["n8n","code-injection","sql-injection","vulnerability"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe Centre for Cybersecurity Belgium (CCB) has issued a warning regarding critical vulnerabilities affecting n8n, a workflow automation platform. These vulnerabilities, identified as CVE-2026-27495, CVE-2026-27577, and CVE-2026-27497, impact n8n versions prior to 2.10.1, 2.9.3, and 1.123.22. Exploitation of these vulnerabilities allows authenticated users with permissions to create or modify workflows to execute arbitrary code or system commands on the host. N8n\u0026rsquo;s role in automating system workflows and its integration with AI capabilities make vulnerable instances prime targets for attackers aiming to gain control over interconnected systems. Successful exploitation can lead to complete system compromise, unauthorized actions, and significant impact on confidentiality, integrity, and availability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains authenticated access to an n8n instance. This requires valid user credentials.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages their permissions to create or modify workflows.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCVE-2026-27495:\u003c/strong\u003e The attacker crafts a malicious workflow that exploits a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside of the sandbox boundary, if the instance uses the internal Task Runner.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCVE-2026-27577:\u003c/strong\u003e The attacker crafts malicious expressions within workflow parameters to trigger unintended system command execution on the host.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCVE-2026-27497:\u003c/strong\u003e The attacker uses the Merge node\u0026rsquo;s SQL query mode with a malicious SQL query to execute arbitrary code and write arbitrary files on the host.\u003c/li\u003e\n\u003cli\u003eThe injected code or commands execute with the privileges of the n8n process.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the n8n instance, potentially compromising sensitive data and system configurations.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the compromised n8n instance to target interconnected systems and automate malicious workflows, potentially leading to further compromise and data exfiltration.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities can lead to full compromise of the n8n instance. This allows attackers to execute arbitrary code, potentially leading to data breaches, system downtime, and unauthorized access to interconnected systems. Given n8n\u0026rsquo;s role in automating workflows across various platforms and services, a successful attack can have far-reaching consequences for organizations relying on the platform. The vulnerabilities affect the confidentiality, integrity, and availability of the system and associated data.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately patch all n8n instances to versions 2.10.1, 2.9.3, or 1.123.22 or later to remediate CVE-2026-27495, CVE-2026-27577, and CVE-2026-27497 (Affected software).\u003c/li\u003e\n\u003cli\u003eUpscale monitoring and detection capabilities to identify any suspicious activity related to n8n workflows and system command execution, as recommended by the CCB (Recommended Actions).\u003c/li\u003e\n\u003cli\u003eImplement strict access controls and regularly review user permissions to limit the ability of potentially compromised accounts to create or modify workflows (Description).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-02-27T14:41:53Z","date_published":"2026-02-27T14:41:53Z","id":"/briefs/2026-02-n8n-vulns/","summary":"Multiple critical vulnerabilities in n8n versions prior to 2.10.1, 2.9.3, and 1.123.22 enable authenticated users to execute arbitrary code and system commands, potentially leading to full system compromise.","title":"Critical Vulnerabilities in n8n Workflow Automation Platform","url":"https://feed.craftedsignal.io/briefs/2026-02-n8n-vulns/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["Contour"],"_cs_severities":["high"],"_cs_tags":["contour","lua","code-injection","httpproxy","cve-2026-41246"],"_cs_type":"advisory","_cs_vendors":["Project Contour"],"content_html":"\u003cp\u003eProject Contour is susceptible to Lua code injection within its cookie rewriting functionality. The vulnerability arises from insufficient sanitization when user-controlled values are interpolated into Lua source code using Go\u0026rsquo;s \u003ccode\u003etext/template\u003c/code\u003e. This affects Contour versions 1.19.0 through 1.33.3. An attacker with the ability to create or modify \u003ccode\u003eHTTPProxy\u003c/code\u003e resources can inject arbitrary Lua code by crafting malicious values in \u003ccode\u003espec.routes[].cookieRewritePolicies[].pathRewrite.value\u003c/code\u003e or \u003ccode\u003espec.routes[].services[].cookieRewritePolicies[].pathRewrite.value\u003c/code\u003e. While the injected code executes within the attacker\u0026rsquo;s own route, the shared nature of the Envoy proxy allows for potential escalation of privileges, including reading Envoy\u0026rsquo;s xDS client credentials and causing denial of service for other tenants. This vulnerability is resolved in Contour versions v1.33.4, v1.32.5, and v1.31.6.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains RBAC permissions to create or modify \u003ccode\u003eHTTPProxy\u003c/code\u003e resources within the Contour environment.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious \u003ccode\u003eHTTPProxy\u003c/code\u003e resource containing a \u003ccode\u003ecookieRewritePolicies\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eWithin the \u003ccode\u003ecookieRewritePolicies\u003c/code\u003e, the attacker injects Lua code into the \u003ccode\u003epathRewrite.value\u003c/code\u003e field.\u003c/li\u003e\n\u003cli\u003eThe attacker applies the crafted \u003ccode\u003eHTTPProxy\u003c/code\u003e resource, deploying the malicious configuration to Contour.\u003c/li\u003e\n\u003cli\u003eContour, using the Envoy proxy, processes the \u003ccode\u003eHTTPProxy\u003c/code\u003e resource, interpolating the attacker-controlled value into the Lua filter.\u003c/li\u003e\n\u003cli\u003eWhen traffic is processed on the attacker\u0026rsquo;s route, the injected Lua code executes within the Envoy proxy.\u003c/li\u003e\n\u003cli\u003eThe injected Lua code attempts to read Envoy\u0026rsquo;s xDS client credentials from the filesystem.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the obtained xDS client credentials to read all Contour xDS configuration, including TLS certificates and private keys of other tenants, or to cause a denial of service for other tenants sharing the Envoy instance.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eA successful exploit allows attackers to execute arbitrary code within the Envoy proxy, potentially leading to credential theft and denial of service. Specifically, an attacker can steal TLS certificates and private keys of other tenants within the Contour environment. This could compromise sensitive data and disrupt services. If xDS credentials can be obtained, an attacker can then modify/exfiltrate service mesh configuration details.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Contour to version v1.33.4, v1.32.5, or v1.31.6 to remediate the Lua code injection vulnerability as described in the overview.\u003c/li\u003e\n\u003cli\u003eMonitor HTTPProxy resource creation and modification events for suspicious patterns or unexpected values in the \u003ccode\u003espec.routes[].cookieRewritePolicies[].pathRewrite.value\u003c/code\u003e and \u003ccode\u003espec.routes[].services[].cookieRewritePolicies[].pathRewrite.value\u003c/code\u003e fields.\u003c/li\u003e\n\u003cli\u003eImplement RBAC least privilege principles to restrict access to creating and modifying \u003ccode\u003eHTTPProxy\u003c/code\u003e resources, mitigating the initial access vector required to exploit this vulnerability.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-09T12:00:00Z","date_published":"2024-01-09T12:00:00Z","id":"/briefs/2024-01-09-contour-lua-injection/","summary":"Contour's Cookie Rewriting feature is vulnerable to Lua code injection; an attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malicious value in the `spec.routes[].cookieRewritePolicies[].pathRewrite.value` or `spec.routes[].services[].cookieRewritePolicies[].pathRewrite.value` fields, resulting in arbitrary code execution in the Envoy proxy.","title":"Contour HTTPProxy Lua Code Injection via Cookie Path Rewrite","url":"https://feed.craftedsignal.io/briefs/2024-01-09-contour-lua-injection/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["pyp2spec (\u003c 0.14.1)"],"_cs_severities":["high"],"_cs_tags":["code-injection","supply-chain","rpm","linux"],"_cs_type":"advisory","_cs_vendors":["pip","Fedora"],"content_html":"\u003cp\u003epyp2spec, a tool for generating RPM spec files from PyPI packages, contains a code injection vulnerability affecting versions prior to 0.14.1. The vulnerability stems from the tool\u0026rsquo;s failure to properly escape RPM macro directives when writing PyPI package metadata (such as the summary field) into the generated spec file. This allows a malicious PyPI package to inject arbitrary commands into the spec file, which are then executed when an RPM tool processes the file. This poses a significant risk to package maintainers and build systems, particularly within the Fedora ecosystem where compromised credentials can lead to widespread supply chain attacks. The realistic attack vector involves typosquatting or targeting packages known to be under review.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious PyPI package containing specially formatted metadata, including an RPM macro directive (e.g., within the package summary).\u003c/li\u003e\n\u003cli\u003eA Fedora packager, intending to package a legitimate Python package, uses \u003ccode\u003epyp2spec\u003c/code\u003e to generate an RPM spec file from the malicious PyPI package.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003epyp2spec\u003c/code\u003e writes the attacker-controlled metadata, including the unescaped RPM macro directive, into the generated spec file.\u003c/li\u003e\n\u003cli\u003eThe packager, or an automated system, uses an RPM tool like \u003ccode\u003erpmbuild -bs\u003c/code\u003e, \u003ccode\u003erpmbuild --nobuild\u003c/code\u003e, or \u003ccode\u003erpm -q --specfile\u003c/code\u003e to inspect or build the package from the spec file.\u003c/li\u003e\n\u003cli\u003eThe RPM tool parses the spec file and, upon encountering the RPM macro directive, executes the embedded command.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s command executes on the build machine, potentially granting the attacker access to the packager\u0026rsquo;s credentials (dist-git SSH keys, Koji build credentials, Bodhi update credentials).\u003c/li\u003e\n\u003cli\u003eThe attacker uses the compromised credentials to commit malicious source code to the distribution\u0026rsquo;s Git repository (dist-git).\u003c/li\u003e\n\u003cli\u003eThe malicious code is built and distributed to end users through the normal package update pipeline, resulting in a supply chain attack.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation allows attackers to execute arbitrary commands on the build machine. This can lead to the compromise of sensitive credentials, such as SSH keys and build system credentials. In the Fedora ecosystem, this could enable an attacker to inject malicious code into packages that are distributed to end users, potentially affecting millions of systems. The vulnerability poses a high risk to package maintainers and build systems.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to \u003ccode\u003epyp2spec\u003c/code\u003e version 0.14.1 or later to remediate the code injection vulnerability as described in the advisory (\u003ca href=\"https://github.com/advisories/GHSA-r35x-v8p8-xvhw)\"\u003ehttps://github.com/advisories/GHSA-r35x-v8p8-xvhw)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eImplement file integrity monitoring on RPM spec files, alerting on unexpected modifications, to detect potentially malicious injected code. Use file_event logs with a rule like the one below.\u003c/li\u003e\n\u003cli\u003eMonitor process executions originating from RPM tools (\u003ccode\u003erpmbuild\u003c/code\u003e, \u003ccode\u003erpm\u003c/code\u003e), focusing on unusual or unexpected commands that could indicate exploitation, using process_creation logs and the Sigma rule provided.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"/briefs/2024-01-pyp2spec-code-injection/","summary":"pyp2spec before 0.14.1 is vulnerable to code injection by writing PyPI package metadata into generated spec files without escaping RPM macro directives, allowing malicious packages to execute arbitrary commands on the build machine.","title":"pyp2spec Code Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-01-pyp2spec-code-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.1,"id":"CVE-2026-27760"}],"_cs_exploited":false,"_cs_products":["OpenCATS"],"_cs_severities":["critical"],"_cs_tags":["code-injection","php","opencats","cve-2026-27760"],"_cs_type":"advisory","_cs_vendors":["OpenCATS"],"content_html":"\u003cp\u003eCVE-2026-27760 is a critical PHP code injection vulnerability that affects OpenCATS, a web-based applicant tracking system, in versions prior to commit 3002a29. The vulnerability resides in the installer AJAX endpoint, specifically within the \u003ccode\u003edatabaseConnectivity\u003c/code\u003e action parameter. Unauthenticated attackers can exploit this flaw by injecting arbitrary PHP code into this parameter. This injected code allows attackers to execute arbitrary commands on the server. The vulnerability is triggered during the initial setup phase, when the installation wizard is not yet complete and continues to execute on every subsequent page load. This vulnerability poses a significant risk to organizations using vulnerable versions of OpenCATS, as it can lead to complete system compromise, data theft, or denial of service.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker sends a crafted HTTP POST request to the OpenCATS installer AJAX endpoint (\u003ccode\u003e/install/ajax.php\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe request includes the \u003ccode\u003edatabaseConnectivity\u003c/code\u003e action parameter.\u003c/li\u003e\n\u003cli\u003eThe attacker injects PHP code into the \u003ccode\u003edatabaseConnectivity\u003c/code\u003e parameter, breaking out of the \u003ccode\u003edefine()\u003c/code\u003e string context in \u003ccode\u003econfig.php\u003c/code\u003e with a single quote and statement separator.\u003c/li\u003e\n\u003cli\u003eThe injected code is then processed by the server, leading to arbitrary PHP code execution within the context of the web server user.\u003c/li\u003e\n\u003cli\u003eThe injected code persists because it\u0026rsquo;s written to the \u003ccode\u003econfig.php\u003c/code\u003e file.\u003c/li\u003e\n\u003cli\u003eEvery subsequent page load executes the injected PHP code, even after the initial malicious request.\u003c/li\u003e\n\u003cli\u003eThe attacker can use the code execution to install a web shell for persistent access.\u003c/li\u003e\n\u003cli\u003eWith the web shell, the attacker can perform various malicious activities, including reading sensitive files, modifying the database, or pivoting to other systems on the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-27760 allows unauthenticated attackers to execute arbitrary PHP code on the affected OpenCATS server. This can lead to complete system compromise, including the theft of sensitive applicant data, modification of application settings, and the installation of backdoors for persistent access. Given that OpenCATS handles applicant data, a successful attack could result in a significant data breach and reputational damage. The vulnerability exists in the installer and persists throughout subsequent page loads as long as the installation wizard remains incomplete, making it highly impactful.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade OpenCATS to a version containing commit 3002a29 or later to remediate CVE-2026-27760.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious POST requests to \u003ccode\u003e/install/ajax.php\u003c/code\u003e containing PHP code in the \u003ccode\u003edatabaseConnectivity\u003c/code\u003e parameter to detect exploitation attempts (see rule: \u0026ldquo;Detect OpenCATS installer code injection attempt\u0026rdquo;).\u003c/li\u003e\n\u003cli\u003eImplement a Web Application Firewall (WAF) rule to block requests containing PHP code in the \u003ccode\u003edatabaseConnectivity\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eReview and restrict access to the \u003ccode\u003e/install/\u003c/code\u003e directory after completing the installation process to prevent accidental or malicious access to the installer.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"/briefs/2024-01-opencats-code-injection/","summary":"Unauthenticated attackers can exploit a PHP code injection vulnerability in OpenCATS versions prior to commit 3002a29 by injecting malicious PHP code into the installer's AJAX endpoint, leading to arbitrary code execution.","title":"OpenCATS PHP Code Injection Vulnerability (CVE-2026-27760)","url":"https://feed.craftedsignal.io/briefs/2024-01-opencats-code-injection/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["openlearnx"],"_cs_severities":["critical"],"_cs_tags":["rce","sandbox escape","code injection"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA critical Remote Code Execution (RCE) vulnerability, tracked as CVE-2026-41900, has been identified in the OpenLearnX code execution environment. This vulnerability allows an attacker to escape the Python sandbox and execute arbitrary commands on the underlying system. The vulnerability affects OpenLearnX versions prior to 2.0.3. A patch has been released in version 2.0.3 to address this issue. This vulnerability allows attackers to potentially compromise the entire system hosting the OpenLearnX application, leading to data breaches, service disruption, or complete system takeover.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious payload designed to exploit the Python sandbox environment within OpenLearnX.\u003c/li\u003e\n\u003cli\u003eThis payload is submitted to the OpenLearnX application through a vulnerable code execution endpoint.\u003c/li\u003e\n\u003cli\u003eThe application processes the malicious payload, failing to properly neutralize special elements.\u003c/li\u003e\n\u003cli\u003eThe crafted payload bypasses the sandbox restrictions, gaining unauthorized access to system resources.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages OS Command Injection (CWE-78) and Code Injection (CWE-94) to execute arbitrary commands.\u003c/li\u003e\n\u003cli\u003eThese commands can be used to install malware, modify system configurations, or exfiltrate sensitive data.\u003c/li\u003e\n\u003cli\u003eThe attacker gains elevated privileges due to the Execution with Unnecessary Privileges (CWE-250) vulnerability.\u003c/li\u003e\n\u003cli\u003eThe ultimate objective is to gain complete control over the OpenLearnX server, potentially impacting all hosted applications and data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-41900 allows for complete system compromise, leading to potential data breaches, service disruption, or complete system takeover. While specific victim counts are unavailable, the severity of the vulnerability and ease of exploitation make it a critical concern for any organization using affected versions of OpenLearnX. Successful exploitation could lead to unauthorized access to sensitive data, modification of system configurations, and the installation of malware.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade OpenLearnX to version 2.0.3 or later to patch CVE-2026-41900.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Suspicious OpenLearnX Code Execution\u0026rdquo; to your SIEM to detect potential exploitation attempts (see rule below).\u003c/li\u003e\n\u003cli\u003eImplement strict input validation and sanitization measures to prevent OS command injection and code injection attacks.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-02T18:00:00Z","date_published":"2024-01-02T18:00:00Z","id":"/briefs/2024-01-02-openlearnx-rce/","summary":"A critical RCE vulnerability in OpenLearnX allows for sandbox escape and arbitrary command execution in versions prior to 2.0.3.","title":"OpenLearnX Remote Code Execution via Python Sandbox Escape","url":"https://feed.craftedsignal.io/briefs/2024-01-02-openlearnx-rce/"}],"language":"en","title":"CraftedSignal Threat Feed — Code Injection","version":"https://jsonfeed.org/version/1.1"}