{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/deserialization/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["fabric-sdk-java"],"_cs_severities":["critical"],"_cs_tags":["deserialization","rce","java"],"_cs_type":"advisory","_cs_vendors":["Hyperledger"],"content_html":"\u003cp\u003eThe \u003ccode\u003efabric-sdk-java\u003c/code\u003e client SDK, a deprecated component of Hyperledger Fabric, contains a critical vulnerability related to insecure deserialization. Specifically, the \u003ccode\u003eChannel.java\u003c/code\u003e file implements \u003ccode\u003ereadObject()\u003c/code\u003e and exposes \u003ccode\u003edeSerializeChannel()\u003c/code\u003e methods that call \u003ccode\u003eObjectInputStream.readObject()\u003c/code\u003e on untrusted byte arrays without configuring an \u003ccode\u003eObjectInputFilter\u003c/code\u003e. This omission allows an attacker to inject malicious serialized Java objects, leading to remote code execution (RCE). While \u003ccode\u003efabric-sdk-java\u003c/code\u003e has been deprecated since Hyperledger Fabric v2.5 and replaced by \u003ccode\u003eorg.hyperledger.fabric:fabric-gateway\u003c/code\u003e, organizations that have not yet migrated are still vulnerable. This issue highlights the risks associated with using deprecated software and the importance of migrating to supported versions. The vulnerability exists in versions 1.0.0 through 2.2.26.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a malicious serialized Java object using a tool like \u003ccode\u003eysoserial\u003c/code\u003e. For example, \u003ccode\u003ejava -jar ysoserial.jar CommonsCollections6 \u0026quot;touch /tmp/pwned\u0026quot; \u0026gt; malicious_channel.ser\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker gains the ability to supply crafted serialized Channel bytes to the client application. This could involve compromising a local channel file.\u003c/li\u003e\n\u003cli\u003eThe attacker injects the malicious serialized data through an application that accepts Channel bytes from external sources.\u003c/li\u003e\n\u003cli\u003eThe vulnerable \u003ccode\u003edeSerializeChannel()\u003c/code\u003e method in \u003ccode\u003eChannel.java\u003c/code\u003e is called with the attacker-controlled byte array.\u003c/li\u003e\n\u003cli\u003eInside \u003ccode\u003edeSerializeChannel()\u003c/code\u003e, an \u003ccode\u003eObjectInputStream\u003c/code\u003e is created from the byte array.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ereadObject()\u003c/code\u003e method of \u003ccode\u003eObjectInputStream\u003c/code\u003e is called without any \u003ccode\u003eObjectInputFilter\u003c/code\u003e, deserializing the malicious object.\u003c/li\u003e\n\u003cli\u003eThe deserialization process triggers the execution of a gadget chain embedded in the malicious object.\u003c/li\u003e\n\u003cli\u003eThe gadget chain executes arbitrary code on the server, achieving RCE.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to execute arbitrary code on the server running the vulnerable \u003ccode\u003efabric-sdk-java\u003c/code\u003e application. This can lead to complete system compromise, data breaches, and other malicious activities. The severity is critical due to the potential for unauthenticated remote code execution. Organizations still using the deprecated \u003ccode\u003efabric-sdk-java\u003c/code\u003e are at high risk until they migrate to the supported \u003ccode\u003efabric-gateway\u003c/code\u003e.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eMigrate to \u003ccode\u003eorg.hyperledger.fabric:fabric-gateway\u003c/code\u003e immediately\u003c/strong\u003e as the primary remediation, as it does not use Java serialization.\u003c/li\u003e\n\u003cli\u003eFor organizations unable to migrate immediately, apply the suggested fix of adding an \u003ccode\u003eObjectInputFilter\u003c/code\u003e to whitelist only expected classes as described in the advisory.\u003c/li\u003e\n\u003cli\u003eImplement runtime monitoring of Java deserialization to detect and prevent exploitation attempts.\u003c/li\u003e\n\u003cli\u003eEnable logging of deserialization events to aid in incident response.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-29T20:41:58Z","date_published":"2026-04-29T20:41:58Z","id":"/briefs/2024-01-26-fabric-deserialization/","summary":"The deprecated fabric-sdk-java client SDK is vulnerable to Java deserialization RCE due to the use of ObjectInputStream.readObject() without an ObjectInputFilter in Channel.java, allowing remote code execution if an attacker can supply crafted serialized Channel bytes to the client application.","title":"Hyperledger Fabric SDK Java Deserialization RCE","url":"https://feed.craftedsignal.io/briefs/2024-01-26-fabric-deserialization/"},{"_cs_actors":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-41635"}],"_cs_exploited":false,"_cs_products":["MINA 2.0","MINA 2.1","MINA 2.2"],"_cs_severities":["critical"],"_cs_tags":["apache-mina","rce","deserialization","cve-2026-41635"],"_cs_type":"advisory","_cs_vendors":["Apache"],"content_html":"\u003cp\u003eA critical arbitrary code execution vulnerability, CVE-2026-41635, has been identified in Apache MINA, an open-source network application framework. The vulnerability affects versions 2.0.0 through 2.0.27, 2.1.0 through 2.1.10, and 2.2.0 through 2.2.5. The flaw lies within the AbstractIoBuffer.resolveClass() method, where a branch lacks class validation, bypassing the classname allowlist. This allows remote attackers with low privileges to execute arbitrary code on systems using Apache MINA when the IoBuffer.getObject() method is called. Successful exploitation can lead to full system compromise, data exfiltration, and further attacks on interconnected systems. It is imperative that organizations using Apache MINA apply the necessary patches immediately to mitigate this critical risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable application using Apache MINA versions 2.0.0-2.0.27, 2.1.0-2.1.10, or 2.2.0-2.2.5.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious payload containing serialized Java objects designed to exploit the class validation bypass in \u003ccode\u003eAbstractIoBuffer.resolveClass()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a network request to the vulnerable application that triggers the \u003ccode\u003eIoBuffer.getObject()\u003c/code\u003e method.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eIoBuffer.getObject()\u003c/code\u003e method deserializes the attacker-controlled data without proper class validation due to the flaw in \u003ccode\u003eAbstractIoBuffer.resolveClass()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe malicious serialized object executes arbitrary code within the context of the application.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the application server.\u003c/li\u003e\n\u003cli\u003eThe attacker uses their access to move laterally within the network.\u003c/li\u003e\n\u003cli\u003eThe attacker exfiltrates sensitive data or deploys ransomware.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-41635 allows attackers to execute arbitrary code on systems utilizing vulnerable versions of Apache MINA. This can lead to a full compromise of the affected system, including data exfiltration, denial of service, or further attacks on interconnected systems. The vulnerability is remotely exploitable with low privileges, increasing the potential for widespread impact across various sectors relying on Apache MINA for network communication. A successful attack poses a high risk to the confidentiality, integrity, and availability of affected systems and data.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately patch Apache MINA to the latest version to remediate CVE-2026-41635, as recommended by the vendor advisory (\u003ca href=\"https://lists.apache.org/thread/1l91w1mqsb3lwfd504fs045ylxntt2tm)\"\u003ehttps://lists.apache.org/thread/1l91w1mqsb3lwfd504fs045ylxntt2tm)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eImplement network monitoring to detect suspicious activity related to deserialization attempts, as suggested by the CCB\u0026rsquo;s recommendation to upscale monitoring capabilities.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Apache MINA Vulnerable Class Deserialization Attempt\u0026rdquo; to identify potential exploitation attempts based on suspicious class names in network traffic.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-27T16:09:56Z","date_published":"2026-04-27T16:09:56Z","id":"/briefs/2026-04-apache-mina-rce/","summary":"A critical arbitrary code execution vulnerability (CVE-2026-41635) exists in Apache MINA versions 2.0.0 through 2.0.27, 2.1.0 through 2.1.10, and 2.2.0 through 2.2.5 due to missing class validation in the AbstractIoBuffer.resolveClass() method, potentially allowing attackers to execute arbitrary code on applications using Apache MINA.","title":"Apache MINA Arbitrary Code Execution Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-apache-mina-rce/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.1,"id":"CVE-2026-41316"}],"_cs_exploited":false,"_cs_products":["ERB"],"_cs_severities":["critical"],"_cs_tags":["deserialization","rce","ruby","rails"],"_cs_type":"advisory","_cs_vendors":["RubyGems"],"content_html":"\u003cp\u003eRuby versions before ERB 2.2.0 implemented an \u003ccode\u003e@_init\u003c/code\u003e instance variable guard in \u003ccode\u003eERB#result\u003c/code\u003e and \u003ccode\u003eERB#run\u003c/code\u003e to prevent code execution upon deserialization via \u003ccode\u003eMarshal.load\u003c/code\u003e. This guard is intended to block execution when an ERB object is reconstructed from untrusted data. However, the methods \u003ccode\u003eERB#def_method\u003c/code\u003e, \u003ccode\u003eERB#def_module\u003c/code\u003e, and \u003ccode\u003eERB#def_class\u003c/code\u003e were not given the same protection, creating a bypass. An attacker capable of triggering \u003ccode\u003eMarshal.load\u003c/code\u003e on untrusted data in a Ruby application with the \u003ccode\u003eerb\u003c/code\u003e gem loaded can exploit \u003ccode\u003eERB#def_module\u003c/code\u003e (using its zero-argument, default-parameter form) as a code execution sink. This bypass impacts Ruby on Rails applications that import untrusted serialized data, Ruby tools employing \u003ccode\u003eMarshal.load\u003c/code\u003e for caching or IPC, and legacy Rails applications (pre-7.0) utilizing Marshal for cookie session serialization. This bypass renders the \u003ccode\u003e@_init\u003c/code\u003e mitigation ineffective across all ERB versions from 2.2.0 through 6.0.3. Combined with the DeprecatedInstanceVariableProxy gadget (present in all ActiveSupport versions through 7.2.3), this enables a universal RCE gadget chain for Ruby 3.2+ applications using Rails. The vulnerability is identified as CVE-2026-41316.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker crafts a malicious Ruby object containing an \u003ccode\u003eERB\u003c/code\u003e instance and/or an \u003ccode\u003eActiveSupport::Deprecation::DeprecatedInstanceVariableProxy\u003c/code\u003e instance.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eERB\u003c/code\u003e instance has its \u003ccode\u003e@src\u003c/code\u003e instance variable set to a string containing malicious code with the \u0026ldquo;end\\nsystem(\u0026lsquo;id\u0026rsquo;)\\ndef x\u0026rdquo; payload.\u003c/li\u003e\n\u003cli\u003eThe vulnerable application calls \u003ccode\u003eMarshal.load\u003c/code\u003e on the crafted object, triggering deserialization.\u003c/li\u003e\n\u003cli\u003eDuring deserialization, the \u003ccode\u003eDeprecatedInstanceVariableProxy\u003c/code\u003e is instantiated (if used), which then invokes the \u003ccode\u003eERB#def_module\u003c/code\u003e method via \u003ccode\u003emethod_missing\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eERB#def_module\u003c/code\u003e method calls \u003ccode\u003eERB#def_method\u003c/code\u003e without checking the \u003ccode\u003e@_init\u003c/code\u003e guard.\u003c/li\u003e\n\u003cli\u003eInside \u003ccode\u003eERB#def_method\u003c/code\u003e, the malicious code in \u003ccode\u003e@src\u003c/code\u003e is wrapped in a method definition and evaluated via \u003ccode\u003emodule_eval\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u0026ldquo;end\\nsystem(\u0026lsquo;id\u0026rsquo;)\\ndef x\u0026rdquo; payload causes the \u003ccode\u003esystem('id')\u003c/code\u003e command to execute during the \u003ccode\u003emodule_eval\u003c/code\u003e call, bypassing the intended deserialization protection.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves arbitrary code execution on the target system, gaining the ability to perform malicious actions.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation allows an attacker to execute arbitrary code on the target system. This affects Ruby applications, including Ruby on Rails, which use \u003ccode\u003eMarshal.load\u003c/code\u003e on untrusted data. Specific impact includes potential compromise of web servers and the ability to read sensitive files, modify data, or install malware. Vulnerable applications include those using \u003ccode\u003eMarshal.load\u003c/code\u003e for caching, data import, or IPC, and legacy Rails applications (pre-7.0) using Marshal for cookie session serialization. This bypass renders the @_init mitigation ineffective across all ERB versions from 2.2.0 through 6.0.3.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade your erb gem to version 4.0.3.1, 4.0.4.1, 6.0.1.1, or 6.0.4 to patch the vulnerability as described in the \u0026ldquo;Patches\u0026rdquo; section.\u003c/li\u003e\n\u003cli\u003eAvoid using \u003ccode\u003eMarshal.load\u003c/code\u003e on untrusted data, as it is inherently unsafe. Consider using alternative serialization formats like JSON or YAML.\u003c/li\u003e\n\u003cli\u003eDeploy the \u0026ldquo;Detect ERB def_module Code Execution via Deserialization\u0026rdquo; Sigma rule to detect exploitation attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-25T12:00:00Z","date_published":"2026-04-25T12:00:00Z","id":"/briefs/2026-04-erb-deserialization/","summary":"A deserialization vulnerability exists in Ruby ERB versions before 4.0.3.1, version 4.0.4, ERB versions 5.0.0 before 6.0.1.1, and ERB versions 6.0.2 before 6.0.4. The `@_init` instance variable guard in `ERB#result` and `ERB#run` can be bypassed via `ERB#def_module`, `ERB#def_method`, and `ERB#def_class`, allowing arbitrary code execution when an ERB object is reconstructed via `Marshal.load` on untrusted data.","title":"ERB Deserialization Bypass via def_module/def_method/def_class","url":"https://feed.craftedsignal.io/briefs/2026-04-erb-deserialization/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["Ray Data"],"_cs_severities":["critical"],"_cs_tags":["remote-code-execution","parquet","deserialization","cloudpickle","ray"],"_cs_type":"advisory","_cs_vendors":["Ray"],"content_html":"\u003cp\u003eRay Data, a component of the Ray distributed computing framework, is susceptible to remote code execution (RCE) due to unsafe deserialization of Parquet file metadata. The vulnerability stems from Ray\u0026rsquo;s registration of custom Arrow extension types (\u003ccode\u003eray.data.arrow_tensor\u003c/code\u003e, \u003ccode\u003eray.data.arrow_tensor_v2\u003c/code\u003e, \u003ccode\u003eray.data.arrow_variable_shaped_tensor\u003c/code\u003e) within PyArrow. When a Parquet file containing these extension types is processed, the \u003ccode\u003e__arrow_ext_deserialize__\u003c/code\u003e function is invoked, leading to the execution of arbitrary code through \u003ccode\u003ecloudpickle.loads()\u003c/code\u003e on the field\u0026rsquo;s metadata, prior to any data being read.  This issue affects Ray versions 2.49.0 through 2.54.0, introduced in July 2025 via commit \u003ccode\u003ef6d21db1a4\u003c/code\u003e. Successful exploitation does not require authentication or network access to a Ray cluster. Instead, it hinges on the framework reading a maliciously crafted Parquet file, which can originate from various sources like cloud storage, HuggingFace datasets, or shared file systems.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a Parquet file containing a column with a \u003ccode\u003eray.data.arrow_tensor\u003c/code\u003e, \u003ccode\u003eray.data.arrow_tensor_v2\u003c/code\u003e, or \u003ccode\u003eray.data.arrow_variable_shaped_tensor\u003c/code\u003e extension type.\u003c/li\u003e\n\u003cli\u003eThe attacker injects a malicious payload in the \u003ccode\u003eARROW:extension:metadata\u003c/code\u003e field of the Parquet file, serialized using \u003ccode\u003ecloudpickle\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker places the crafted Parquet file in a location accessible to a Ray Data pipeline, such as a HuggingFace dataset, a shared filesystem, or a cloud storage bucket.\u003c/li\u003e\n\u003cli\u003eA Ray Data pipeline, using functions like \u003ccode\u003eray.data.read_parquet()\u003c/code\u003e, \u003ccode\u003epyarrow.parquet.read_table()\u003c/code\u003e, or \u003ccode\u003epandas.read_parquet()\u003c/code\u003e, attempts to read the Parquet file.\u003c/li\u003e\n\u003cli\u003eDuring schema parsing, PyArrow encounters the custom Arrow extension type and automatically calls the \u003ccode\u003e__arrow_ext_deserialize__\u003c/code\u003e method.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003e__arrow_ext_deserialize__\u003c/code\u003e method invokes \u003ccode\u003e_deserialize_with_fallback()\u003c/code\u003e, which attempts to deserialize the metadata using \u003ccode\u003ecloudpickle.loads()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ecloudpickle.loads()\u003c/code\u003e function executes the attacker\u0026rsquo;s arbitrary code from the crafted Parquet metadata.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves arbitrary command execution as the user running the Ray worker process, potentially leading to full server compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThis vulnerability affects Ray versions 2.49.0 through 2.54.0, impacting any process utilizing Ray Data that reads Parquet files. The global registration of extension types in PyArrow means that all Parquet reads within the affected process are vulnerable. An attacker can achieve arbitrary command execution as the Ray worker process user, leading to full server compromise, without requiring authentication or cluster access. Successful exploitation allows attackers to compromise systems by simply placing a malicious Parquet file in a location that a Ray Data pipeline processes.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Ray to a patched version beyond 2.54.0 to remediate the vulnerability, ensuring the fix addresses the \u003ccode\u003ecloudpickle.loads()\u003c/code\u003e call in the deserialization path.\u003c/li\u003e\n\u003cli\u003eImplement strict input validation and sanitization for Parquet files before processing them with Ray Data to prevent the execution of malicious payloads embedded in the \u003ccode\u003eARROW:extension:metadata\u003c/code\u003e field.\u003c/li\u003e\n\u003cli\u003eMonitor for suspicious process execution originating from \u003ccode\u003epython\u003c/code\u003e processes using \u003ccode\u003ecloudpickle.loads()\u003c/code\u003e with the intent of arbitrary code execution.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Ray Data Parquet Deserialization RCE\u003c/code\u003e to detect exploitation attempts by monitoring for specific metadata within Parquet files.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-24T16:15:00Z","date_published":"2026-04-24T16:15:00Z","id":"/briefs/2026-04-ray-parquet-rce/","summary":"Ray Data is vulnerable to remote code execution via Parquet Arrow Extension Type Deserialization; specifically, a maliciously crafted Parquet file can trigger arbitrary code execution due to the unsafe deserialization of Arrow extension metadata, affecting Ray versions 2.49.0 through 2.54.0.","title":"Ray Data Remote Code Execution via Parquet Arrow Extension Type Deserialization","url":"https://feed.craftedsignal.io/briefs/2026-04-ray-parquet-rce/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.1,"id":"CVE-2026-6023"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2026-6023","telerik","deserialization","rce","webserver"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-6023 exposes a critical vulnerability within the RadFilter control of Progress Telerik UI for AJAX. Affecting versions 2024.4.1114 to 2026.1.421, this flaw stems from insecure deserialization practices. The vulnerability arises when the filter state is exposed to the client, enabling malicious actors to manipulate this state. Successful exploitation grants attackers the ability to execute arbitrary code on the server. This vulnerability poses a significant risk to organizations utilizing the affected Telerik UI for AJAX versions, potentially leading to complete system compromise and data breaches. Defenders must promptly address this issue through patching or mitigation strategies.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a web application utilizing a vulnerable version of Progress Telerik UI for AJAX (2024.4.1114 - 2026.1.421) with the RadFilter control enabled.\u003c/li\u003e\n\u003cli\u003eThe attacker observes the RadFilter control\u0026rsquo;s behavior, specifically how filter states are serialized and exposed to the client-side, typically within the HTTP request or response.\u003c/li\u003e\n\u003cli\u003eThe attacker intercepts the serialized filter state data, often Base64 encoded or similar, transmitted between the client and server.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious serialized payload containing instructions to execute arbitrary code on the server. This involves exploiting the insecure deserialization process.\u003c/li\u003e\n\u003cli\u003eThe attacker replaces the original, legitimate serialized filter state with the malicious payload.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the modified request containing the malicious serialized data to the server.\u003c/li\u003e\n\u003cli\u003eThe Telerik UI for AJAX application on the server attempts to deserialize the tampered data using the RadFilter control.\u003c/li\u003e\n\u003cli\u003eDue to the insecure deserialization vulnerability, the malicious payload is executed, granting the attacker remote code execution on the server. The attacker can then perform actions such as installing malware, exfiltrating sensitive data, or disrupting services.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-6023 can lead to complete compromise of the affected server. An attacker can gain remote code execution, enabling them to install malware, steal sensitive data, or disrupt critical business operations. Given the widespread use of Telerik UI in enterprise applications, this vulnerability could potentially impact a large number of organizations across various sectors. Unpatched systems are at high risk of being exploited, leading to significant financial and reputational damage.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately upgrade Progress Telerik UI for AJAX to a patched version outside the range of 2024.4.1114 through 2026.1.421 to remediate CVE-2026-6023.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious Telerik RadFilter Deserialization Attempt\u003c/code\u003e to identify attempts to exploit the deserialization vulnerability by monitoring for suspicious HTTP requests targeting the RadFilter control (Log source: webserver).\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization on the server-side to prevent malicious data from being deserialized.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for unusual activity related to the RadFilter control, such as requests with abnormally large or malformed serialized data (Log source: webserver).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-22T08:16:13Z","date_published":"2026-04-22T08:16:13Z","id":"/briefs/2026-04-telerik-rce/","summary":"An insecure deserialization vulnerability exists in Progress Telerik UI for AJAX's RadFilter control (versions 2024.4.1114 through 2026.1.421) allowing remote code execution via tampering with the filter state exposed to the client.","title":"Insecure Deserialization Vulnerability in Telerik UI for AJAX RadFilter Control (CVE-2026-6023)","url":"https://feed.craftedsignal.io/briefs/2026-04-telerik-rce/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.2,"id":"CVE-2026-39467"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["wordpress","object-injection","deserialization","cve-2026-39467"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-39467 is a critical vulnerability affecting the MetaSlider Responsive Slider plugin for WordPress. Specifically, it is a Deserialization of Untrusted Data vulnerability that can lead to Object Injection. The vulnerability exists in versions up to and including 3.106.0. An attacker can exploit this vulnerability to inject arbitrary PHP objects into the application, potentially leading to remote code execution. This is possible because the plugin deserializes data without proper validation, allowing malicious actors to manipulate serialized data and inject harmful objects. The vulnerability was reported by Patchstack. Given the widespread use of WordPress and the MetaSlider plugin, this vulnerability poses a significant risk to a large number of websites.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker sends a crafted HTTP request to a WordPress endpoint that processes MetaSlider plugin data.\u003c/li\u003e\n\u003cli\u003eThe request contains a serialized PHP object designed for malicious purposes.\u003c/li\u003e\n\u003cli\u003eThe MetaSlider plugin deserializes the untrusted data without proper sanitization or validation using \u003ccode\u003eunserialize()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe deserialization process instantiates the malicious PHP object.\u003c/li\u003e\n\u003cli\u003eThe injected object executes its malicious payload, potentially writing files to the server.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the file write capability to plant a PHP webshell in the WordPress uploads directory.\u003c/li\u003e\n\u003cli\u003eThe attacker accesses the webshell via a direct HTTP request.\u003c/li\u003e\n\u003cli\u003eThe attacker executes arbitrary commands on the server via the webshell, gaining full control.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-39467 allows an unauthenticated attacker to inject arbitrary PHP objects, leading to remote code execution on the target WordPress server. This could result in complete compromise of the website, including data theft, defacement, or further attacks on internal networks. Given the popularity of MetaSlider, potentially thousands of websites are vulnerable.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the MetaSlider Responsive Slider plugin to the latest version to patch CVE-2026-39467.\u003c/li\u003e\n\u003cli\u003eImplement the Sigma rule \u003ccode\u003eDetect MetaSlider Object Injection Attempt\u003c/code\u003e to detect exploitation attempts in web server logs.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious POST requests containing serialized PHP objects to WordPress endpoints.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-21T10:16:29Z","date_published":"2026-04-21T10:16:29Z","id":"/briefs/2026-04-metaslider-deserialization/","summary":"A deserialization of untrusted data vulnerability in the MetaSlider Responsive Slider plugin for WordPress (versions up to 3.106.0) allows for unauthenticated object injection, potentially leading to remote code execution.","title":"MetaSlider Responsive Slider Plugin Deserialization Vulnerability (CVE-2026-39467)","url":"https://feed.craftedsignal.io/briefs/2026-04-metaslider-deserialization/"},{"_cs_actors":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-6264"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["rce","deserialization","talend"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA critical remote code execution vulnerability, CVE-2026-6264, has been identified in Talend JobServer and Talend Runtime, core components of the Talend data integration platform. Versions affected include Talend JobServer 7.3 (before TPS-6018) and 8.0 (before TPS-6017), as well as Talend Runtime 7.3 (before 7.3.1-R2026-01) and 8.0 (before 8.0.1.R2026-01-RT). The vulnerability stems from insecure deserialization of untrusted data through the JMX monitoring port. Successful exploitation allows an unauthenticated attacker to execute arbitrary code remotely, gain full control over affected systems, access, modify, or delete sensitive data, and disrupt services and data processing workflows. Given the wide deployment of Talend in enterprise settings, this vulnerability poses a significant risk to critical data pipelines.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a vulnerable Talend JobServer or Runtime instance with an exposed JMX monitoring port.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious serialized Java object containing arbitrary code.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the malicious serialized object to the JMX monitoring port of the target system.\u003c/li\u003e\n\u003cli\u003eThe Talend JobServer or Runtime instance deserializes the malicious object without proper validation.\u003c/li\u003e\n\u003cli\u003eThe deserialization process triggers the execution of the embedded malicious code within the Java Runtime Environment (JRE).\u003c/li\u003e\n\u003cli\u003eThe attacker gains remote code execution on the compromised system.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages their initial access to escalate privileges, potentially gaining root or SYSTEM access.\u003c/li\u003e\n\u003cli\u003eThe attacker can then access, modify, or exfiltrate sensitive data, install backdoors, or disrupt critical services.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-6264 can lead to complete system compromise, allowing attackers to execute arbitrary code, access sensitive data, and disrupt critical business processes. Given that Talend is often deployed in enterprise environments as part of critical data pipelines, a successful attack could result in widespread compromise across the enterprise, potentially impacting hundreds or thousands of systems and causing significant financial and reputational damage. The CCB has rated this as a critical vulnerability with a CVSS score of 9.8.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately patch Talend JobServer to the latest version (TPS-6018 for 7.3, TPS-6017 for 8.0) to fully mitigate the vulnerability, as described in the advisory.\u003c/li\u003e\n\u003cli\u003eFor Talend Runtime, disable the JobServer JMX monitoring port, particularly on versions prior to R2024-07-RT, as recommended in the advisory.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided below to detect suspicious JMX traffic indicative of CVE-2026-6264 exploitation.\u003c/li\u003e\n\u003cli\u003eIncrease monitoring and detection capabilities to identify any related suspicious activity, as recommended by the CCB.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-15T12:00:00Z","date_published":"2026-04-15T12:00:00Z","id":"/briefs/2026-04-talend-rce/","summary":"CVE-2026-6264, a critical deserialization vulnerability in Talend JobServer and Runtime, allows unauthenticated remote code execution via the JMX monitoring port, leading to complete system compromise.","title":"Critical Remote Code Execution Vulnerability in Talend JobServer and Talend Runtime","url":"https://feed.craftedsignal.io/briefs/2026-04-talend-rce/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-32192"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-32192","azure","monitor agent","privilege escalation","deserialization"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-32192 is a critical vulnerability affecting the Azure Monitor Agent, a component used for collecting monitoring data in Azure environments. This vulnerability stems from the insecure deserialization of untrusted data, allowing an attacker with local access and authorization to escalate their privileges on the affected system. The vulnerability was published on April 14, 2026. An attacker could potentially leverage this to gain higher-level access to the system, potentially leading to further lateral movement or data compromise. Defenders should prioritize patching this vulnerability to prevent exploitation and privilege escalation within their Azure environments. This vulnerability matters because successful exploitation could lead to unauthorized access to sensitive data, system configuration changes, or other malicious activities.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains initial access to a system with the Azure Monitor Agent installed and has local user privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts malicious serialized data designed to exploit the deserialization vulnerability in the Azure Monitor Agent.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages an authorized channel to inject the malicious serialized data into the Azure Monitor Agent\u0026rsquo;s processing pipeline.\u003c/li\u003e\n\u003cli\u003eThe Azure Monitor Agent attempts to deserialize the crafted data without proper validation.\u003c/li\u003e\n\u003cli\u003eDuring deserialization, the malicious data triggers the execution of attacker-controlled code.\u003c/li\u003e\n\u003cli\u003eThe attacker-controlled code elevates the attacker\u0026rsquo;s privileges to a higher level, such as SYSTEM or root.\u003c/li\u003e\n\u003cli\u003eThe attacker uses their elevated privileges to perform unauthorized actions, such as installing malware, accessing sensitive data, or modifying system configurations.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-32192 allows a local attacker with low privileges to escalate their privileges to SYSTEM or root on the affected machine. This could lead to complete system compromise, including data theft, malware installation, and disruption of services. The impact is significant due to the widespread use of Azure Monitor Agent in Azure environments, making numerous systems potentially vulnerable.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch released by Microsoft to address CVE-2026-32192 on all systems running the Azure Monitor Agent as soon as possible, as referenced in the vulnerability advisory \u003ca href=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32192\"\u003ehttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32192\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eImplement the Sigma rule \u0026ldquo;Detect Suspicious Azure Monitor Agent Process Creation\u0026rdquo; to detect potential exploitation attempts by monitoring for unusual process executions initiated by the Azure Monitor Agent.\u003c/li\u003e\n\u003cli\u003eEnable process creation logging to facilitate the detection of malicious activity stemming from the Azure Monitor Agent based on the rules provided.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-15T12:00:00Z","date_published":"2026-04-15T12:00:00Z","id":"/briefs/2026-04-azure-monitor-agent-privilege-escalation/","summary":"CVE-2026-32192 allows a locally authorized attacker to escalate privileges on a host running the Azure Monitor Agent via deserialization of untrusted data.","title":"Azure Monitor Agent Deserialization Vulnerability (CVE-2026-32192) Allows Local Privilege Escalation","url":"https://feed.craftedsignal.io/briefs/2026-04-azure-monitor-agent-privilege-escalation/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.1,"id":"CVE-2026-32590"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2026-32590","redhat-quay","deserialization","rce"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eRed Hat Quay is vulnerable to a critical deserialization flaw, identified as CVE-2026-32590. This vulnerability resides in the handling of resumable container image layer uploads. Specifically, the way Quay stores intermediate data in its database during the upload process is susceptible to tampering. An attacker with the ability to manipulate this stored data can leverage this vulnerability to inject malicious serialized objects. When Quay attempts to deserialize this tampered data, it leads to arbitrary code execution within the Quay server\u0026rsquo;s context. This poses a significant risk to the integrity and confidentiality of the container registry. The vulnerability was reported on April 8, 2026, and affects deployments of Red Hat Quay that have not been patched. Successful exploitation allows attackers to gain full control over the Quay server, potentially leading to data breaches, service disruption, and supply chain compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker gains access to the Quay server\u0026rsquo;s database or the mechanism used to store intermediate data during resumable uploads, potentially through SQL injection or other database vulnerabilities.\u003c/li\u003e\n\u003cli\u003eThe attacker intercepts a container image layer upload request to the Quay server.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious payload containing a serialized object designed to execute arbitrary code upon deserialization.\u003c/li\u003e\n\u003cli\u003eThe attacker injects the malicious payload into the intermediate data stored in the database associated with the targeted resumable upload.\u003c/li\u003e\n\u003cli\u003eThe Quay server, during the process of resuming the upload, retrieves the tampered intermediate data from the database.\u003c/li\u003e\n\u003cli\u003eThe Quay server attempts to deserialize the data, triggering the execution of the malicious code embedded within the crafted serialized object.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves arbitrary code execution on the Quay server with the privileges of the Quay application.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the gained access to compromise the entire Quay registry, potentially exfiltrating sensitive data, injecting malicious images, or disrupting the service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-32590 allows for arbitrary code execution on the Red Hat Quay server. This can lead to a complete compromise of the container registry, potentially affecting all container images stored within. Depending on the Quay server\u0026rsquo;s configuration and connected systems, this could lead to further lateral movement within the network and compromise of other critical infrastructure. The severity is rated as HIGH with a CVSS score of 7.1, indicating a significant risk. If exploited, organizations could face data breaches, supply chain attacks through compromised container images, and prolonged service outages.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch or upgrade to a fixed version of Red Hat Quay as recommended by Red Hat to address CVE-2026-32590.\u003c/li\u003e\n\u003cli\u003eImplement database access controls to restrict unauthorized access and modification of the Quay database to prevent tampering with intermediate data.\u003c/li\u003e\n\u003cli\u003eDeploy a Web Application Firewall (WAF) to inspect and filter potentially malicious payloads in container image layer upload requests to mitigate exploitation attempts.\u003c/li\u003e\n\u003cli\u003eEnable robust logging and monitoring of database access and deserialization operations within the Quay server to detect suspicious activities related to this vulnerability.\u003c/li\u003e\n\u003cli\u003eImplement the provided Sigma rule \u003ccode\u003eDetect Quay Deserialization Attempt\u003c/code\u003e to identify potential exploitation attempts based on process execution and network connections.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-08T18:25:59Z","date_published":"2026-04-08T18:25:59Z","id":"/briefs/2026-04-redhat-quay-rce/","summary":"CVE-2026-32590 describes a deserialization vulnerability in Red Hat Quay's handling of resumable container image layer uploads, potentially allowing an attacker to execute arbitrary code on the Quay server by tampering with intermediate data stored in the database.","title":"Red Hat Quay Deserialization Vulnerability Leads to Remote Code Execution (CVE-2026-32590)","url":"https://feed.craftedsignal.io/briefs/2026-04-redhat-quay-rce/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-3357"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2026-3357","deserialization","rce","langflow"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eIBM Langflow Desktop, a low-code platform designed to build custom LLM applications, is susceptible to a critical vulnerability (CVE-2026-3357) affecting versions 1.6.0 through 1.8.2. The flaw stems from an insecure default setting within the FAISS (Facebook AI Similarity Search) component, which permits the deserialization of untrusted data. This vulnerability allows an authenticated user to execute arbitrary code on the host system. Successful exploitation grants the attacker full control over the Langflow Desktop instance and potentially the underlying system. Due to the ease of exploitation, especially for authenticated users, defenders must prioritize patching or mitigating this issue to prevent potential breaches.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn authenticated user logs into the vulnerable IBM Langflow Desktop application (versions 1.6.0 through 1.8.2).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts malicious serialized data designed to exploit the insecure deserialization vulnerability in the FAISS component.\u003c/li\u003e\n\u003cli\u003eThe attacker injects the malicious serialized data into the Langflow application, potentially through a manipulated API request or a crafted workflow file.\u003c/li\u003e\n\u003cli\u003eLangflow Desktop processes the malicious data using the vulnerable FAISS component.\u003c/li\u003e\n\u003cli\u003eThe FAISS component deserializes the untrusted data without proper validation.\u003c/li\u003e\n\u003cli\u003eDuring deserialization, the malicious payload is executed, leading to arbitrary code execution within the context of the Langflow Desktop application.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the Langflow Desktop application.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the code execution to escalate privileges, install malware, or exfiltrate sensitive data from the affected system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-3357 allows an attacker to execute arbitrary code on the system running IBM Langflow Desktop. This could lead to complete system compromise, including data theft, malware installation, and denial of service. Given the low complexity and the ability to exploit it with authentication, this vulnerability poses a significant risk to organizations using the affected versions of Langflow Desktop. The impact is amplified if the Langflow Desktop instance has access to sensitive data or critical infrastructure.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade IBM Langflow Desktop to a patched version that addresses CVE-2026-3357. Refer to IBM\u0026rsquo;s security advisory (\u003ca href=\"https://www.ibm.com/support/pages/node/7268428\"\u003ehttps://www.ibm.com/support/pages/node/7268428\u003c/a\u003e) for specific upgrade instructions.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization measures to prevent the deserialization of untrusted data.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious activity related to Langflow Desktop, such as unexpected API calls or data transfers.\u003c/li\u003e\n\u003cli\u003eEnable logging for Langflow Desktop and related components, and analyze logs for signs of exploitation.\u003c/li\u003e\n\u003cli\u003eDeploy a web application firewall (WAF) with rules to detect and block attempts to exploit deserialization vulnerabilities in web applications.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-08T01:16:41Z","date_published":"2026-04-08T01:16:41Z","id":"/briefs/2026-04-langflow-rce/","summary":"IBM Langflow Desktop versions 1.6.0 through 1.8.2 is vulnerable to arbitrary code execution due to insecure deserialization of untrusted data, allowing an authenticated user to execute code on the system.","title":"IBM Langflow Desktop Deserialization RCE (CVE-2026-3357)","url":"https://feed.craftedsignal.io/briefs/2026-04-langflow-rce/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-24156"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-24156","deserialization","nvidia","dali"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-24156 describes a deserialization of untrusted data vulnerability within NVIDIA DALI. This vulnerability could allow an attacker to execute arbitrary code on a vulnerable system. According to NVIDIA\u0026rsquo;s advisory, a successful exploit requires local access, a low level of privileges, and user interaction. The CVSS v3.1 score is rated as 7.3 (HIGH). The vulnerability was reported on April 7, 2026. Successful exploitation could allow an attacker to compromise the confidentiality, integrity, and availability of the system. This is a critical vulnerability for systems utilizing NVIDIA DALI, especially those processing external or untrusted data.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains local access to a system running NVIDIA DALI, possibly through social engineering or physical access.\u003c/li\u003e\n\u003cli\u003eThe attacker prepares a malicious serialized data object designed to exploit the deserialization vulnerability in DALI.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages user interaction to trigger the deserialization process within DALI, potentially through a crafted input file or command-line argument.\u003c/li\u003e\n\u003cli\u003eDuring deserialization, the malicious object executes arbitrary code due to the vulnerability.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the DALI process, potentially escalating privileges within the application context.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the compromised DALI process to execute commands on the host operating system.\u003c/li\u003e\n\u003cli\u003eThe attacker compromises the system, potentially installing malware, exfiltrating sensitive data, or causing denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-24156 can lead to arbitrary code execution on systems running NVIDIA DALI. This could result in complete system compromise, including data theft, system corruption, and denial of service. Given the CVSS score of 7.3, the impact is considered high, as successful exploitation can severely impact confidentiality, integrity, and availability.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch or upgrade to the version of NVIDIA DALI that addresses CVE-2026-24156, as described in NVIDIA\u0026rsquo;s advisory.\u003c/li\u003e\n\u003cli\u003eImplement least privilege principles to limit the impact of potential code execution.\u003c/li\u003e\n\u003cli\u003eMonitor systems for suspicious process execution originating from DALI processes to detect potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules in this brief to your SIEM and tune for your environment.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-07T18:16:39Z","date_published":"2026-04-07T18:16:39Z","id":"/briefs/2026-04-nvidia-dali-deserialization/","summary":"NVIDIA DALI contains a deserialization of untrusted data vulnerability, identified as CVE-2026-24156, which may lead to arbitrary code execution.","title":"NVIDIA DALI Deserialization Vulnerability (CVE-2026-24156)","url":"https://feed.craftedsignal.io/briefs/2026-04-nvidia-dali-deserialization/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2019-25685"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["phpBB","file-upload","deserialization","CVE-2019-25685"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2019-25685 is an arbitrary file upload vulnerability affecting phpBB. An authenticated attacker can exploit this vulnerability to upload malicious files by leveraging the plupload functionality and the phar:// stream wrapper. This allows them to upload a crafted ZIP archive that includes serialized PHP objects, leading to arbitrary code execution when these objects are deserialized via the imagick parameter within the attachment settings. Successful exploitation can result in complete server compromise, allowing the attacker to execute arbitrary commands, potentially leading to data theft, website defacement, or denial of service.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker authenticates to the phpBB application.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious ZIP archive containing serialized PHP objects designed for remote code execution. This archive is designed to be processed by the \u003ccode\u003ephar://\u003c/code\u003e stream wrapper.\u003c/li\u003e\n\u003cli\u003eThe attacker uploads the crafted ZIP archive through the plupload functionality, potentially disguised as a legitimate attachment type.\u003c/li\u003e\n\u003cli\u003eThe phpBB application processes the uploaded file. The application uses the phar:// stream wrapper to extract the contents of the uploaded ZIP file.\u003c/li\u003e\n\u003cli\u003eThe application deserializes the malicious PHP objects, triggered by the imagick parameter in attachment settings.\u003c/li\u003e\n\u003cli\u003eDeserialization of the crafted PHP objects leads to arbitrary code execution on the server.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the web server, potentially escalating privileges.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2019-25685 allows an attacker to execute arbitrary code on the phpBB server. The attacker could gain complete control of the web server, potentially leading to data theft, website defacement, or denial of service. The impact is significant due to the potential for full system compromise. The number of victims is dependent on the number of phpBB installations exposed and targeted.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInspect web server logs for POST requests to attachment upload endpoints containing ZIP archives and the \u0026ldquo;phar://\u0026rdquo; wrapper in request parameters to detect potential exploit attempts. (Log Source: webserver, Rule: phpbb_phar_upload)\u003c/li\u003e\n\u003cli\u003eMonitor phpBB file upload directories for the creation of unexpected files, particularly PHP scripts or other executable files. (Log Source: file_event, Rule: phpbb_suspicious_file_creation)\u003c/li\u003e\n\u003cli\u003eApply available patches or updates for phpBB to address CVE-2019-25685 as soon as possible.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-05T21:16:47Z","date_published":"2026-04-05T21:16:47Z","id":"/briefs/2026-04-phpbb-file-upload/","summary":"phpBB is vulnerable to arbitrary file upload (CVE-2019-25685) by exploiting the plupload functionality and phar:// stream wrapper, allowing authenticated attackers to upload crafted zip files containing serialized PHP objects that execute arbitrary code via the imagick parameter.","title":"phpBB Arbitrary File Upload Vulnerability (CVE-2019-25685)","url":"https://feed.craftedsignal.io/briefs/2026-04-phpbb-file-upload/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-33509"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["pyLoad","rce","pickle","deserialization","webserver"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003epyLoad, a download manager, is susceptible to arbitrary code execution due to an insecure configuration option related to the storage folder. This vulnerability arises from the incomplete fix for CVE-2026-33509. Specifically, the \u003ccode\u003estorage_folder\u003c/code\u003e option is not included in the \u003ccode\u003eADMIN_ONLY_OPTIONS\u003c/code\u003e set, which allows users with \u003ccode\u003eSETTINGS\u003c/code\u003e and \u003ccode\u003eADD\u003c/code\u003e permissions to modify it. By redirecting downloads to the Flask filesystem session store, an attacker can plant a malicious pickle payload as a predictable session file. Subsequently, any HTTP request containing the corresponding crafted session cookie will trigger the deserialization of the payload, resulting in arbitrary code execution. This issue affects pyLoad versions up to and including 0.5.0b3. The observed exploitation involves manipulating the download directory to write malicious files into the Flask session store, ultimately leading to code execution on the host.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains a non-admin user account with both \u003ccode\u003eSETTINGS\u003c/code\u003e and \u003ccode\u003eADD\u003c/code\u003e permissions in pyLoad.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the \u003ccode\u003e/api/set_config_value\u003c/code\u003e endpoint to modify the \u003ccode\u003estorage_folder\u003c/code\u003e option, setting its value to the Flask session store directory: \u003ccode\u003e/tmp/pyLoad/flask\u003c/code\u003e. This bypasses existing path restrictions.\u003c/li\u003e\n\u003cli\u003eThe attacker calculates the target session filename by computing the MD5 hash of the string \u0026ldquo;session:ATTACKER_SESSION_ID\u0026rdquo;.\u003c/li\u003e\n\u003cli\u003eThe attacker hosts a malicious pickle payload (e.g., \u003ccode\u003e92912f771df217fb6fbfded6705dd47c\u003c/code\u003e) on a remote server.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the \u003ccode\u003e/api/add_package\u003c/code\u003e endpoint to add a download package. The download link points to the hosted malicious pickle payload on the attacker\u0026rsquo;s server: \u003ccode\u003ehttp://attacker.com/92912f771df217fb6fbfded6705dd47c\u003c/code\u003e. The \u003ccode\u003edest\u003c/code\u003e parameter specifies where to store the downloaded file.\u003c/li\u003e\n\u003cli\u003epyLoad downloads the malicious pickle payload and saves it to the Flask session store directory, naming it according to the MD5 hash calculated earlier.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts an HTTP request to the pyLoad server, including a cookie named \u003ccode\u003epyload_session_{port}\u003c/code\u003e with the value \u003ccode\u003eATTACKER_SESSION_ID\u003c/code\u003e.  The port number is derived from the pyLoad configuration.\u003c/li\u003e\n\u003cli\u003eUpon receiving the request with the crafted cookie, Flask attempts to load the session data from the corresponding file. The \u003ccode\u003ecachelib\u003c/code\u003e library deserializes the malicious pickle payload using \u003ccode\u003epickle.load()\u003c/code\u003e, triggering arbitrary code execution.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation allows a non-admin user with SETTINGS and ADD permissions to achieve arbitrary code execution as the pyload service user. This grants the attacker the ability to execute arbitrary commands, read environment variables (potentially exposing API keys and credentials), access the filesystem (including download history and user databases), and potentially pivot to other network resources. The vulnerability requires no authentication to trigger the final stage of exploitation, increasing its severity and potential impact.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the following Sigma rule to detect attempts to modify the \u003ccode\u003estorage_folder\u003c/code\u003e configuration option to point to the Flask session directory (\u003ccode\u003e/tmp/pyLoad/flask\u003c/code\u003e): \u003ccode\u003eSuspicious pyLoad Storage Folder Modification\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eApply the suggested fix by adding \u003ccode\u003estorage_folder\u003c/code\u003e to the \u003ccode\u003eADMIN_ONLY_OPTIONS\u003c/code\u003e set in the pyLoad configuration to prevent non-admin users from modifying it.\u003c/li\u003e\n\u003cli\u003eBlock the malicious URLs used to deliver the pickle payload, specifically \u003ccode\u003ehttp://attacker.com/92912f771df217fb6fbfded6705dd47c\u003c/code\u003e, at your network perimeter.\u003c/li\u003e\n\u003cli\u003eMonitor for HTTP requests containing the crafted session cookie (\u003ccode\u003epyload_session_{port}=ATTACKER_SESSION_ID\u003c/code\u003e), using a webserver or proxy log source, as it triggers the final stage of the attack.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-04T06:43:37Z","date_published":"2026-04-04T06:43:37Z","id":"/briefs/2026-04-pyload-rce/","summary":"pyLoad is vulnerable to arbitrary code execution via an unprotected `storage_folder` configuration option, allowing an attacker with `SETTINGS` and `ADD` permissions to write a malicious pickle payload to the Flask session store and execute arbitrary code upon subsequent HTTP requests.","title":"pyLoad Arbitrary Code Execution via Malicious Session Deserialization","url":"https://feed.craftedsignal.io/briefs/2026-04-pyload-rce/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-24164"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve","deserialization","nvidia"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA deserialization of untrusted data vulnerability has been identified in NVIDIA BioNeMo (CVE-2026-24164). This vulnerability allows a malicious actor to potentially inject arbitrary code, trigger a denial-of-service condition, expose sensitive information, or tamper with data within the BioNeMo environment. The vulnerability stems from BioNeMo\u0026rsquo;s processing of serialized data, which, if crafted maliciously, can lead to unintended code execution or system compromise. The reported CVSS v3.1 score is 8.8, indicating a high severity. The vendor, NVIDIA, has acknowledged the vulnerability, but specific exploitation details and affected versions are not available in the provided source.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies an endpoint or functionality within NVIDIA BioNeMo that accepts serialized data as input.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious serialized object designed to exploit the deserialization vulnerability. This object could contain instructions to execute arbitrary code, read sensitive files, or modify application data.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the malicious serialized object to the vulnerable BioNeMo endpoint. This could be done via a web request, API call, or other data submission mechanism.\u003c/li\u003e\n\u003cli\u003eBioNeMo attempts to deserialize the received data.\u003c/li\u003e\n\u003cli\u003eDuring the deserialization process, the malicious object triggers the execution of attacker-controlled code due to the vulnerability.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the BioNeMo application process or underlying server.\u003c/li\u003e\n\u003cli\u003eThe attacker performs malicious actions such as exfiltrating sensitive data, installing malware, or disrupting services.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves their objective, which could include data breach, system compromise, or denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-24164 can have severe consequences. It could lead to the execution of arbitrary code on the BioNeMo server, allowing attackers to gain unauthorized access and control. Sensitive data processed by BioNeMo could be exposed, leading to a data breach. The vulnerability could also be exploited to cause a denial of service, disrupting BioNeMo\u0026rsquo;s functionality. Data tampering is also a potential consequence, leading to data integrity issues and potentially impacting downstream processes that rely on BioNeMo. The number of potential victims and targeted sectors are unknown.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor web server logs for suspicious POST requests containing serialized data being sent to NVIDIA BioNeMo endpoints, and deploy the Sigma rule \u003ccode\u003eDetect Suspicious BioNeMo Deserialization Attempts\u003c/code\u003e to detect potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eInspect network traffic for unusual data patterns related to serialization protocols and correlate with BioNeMo activity, to aid in identifying potential exploitation attempts targeting CVE-2026-24164.\u003c/li\u003e\n\u003cli\u003eMonitor process creation events on servers hosting NVIDIA BioNeMo for unexpected processes being spawned by the BioNeMo application, using the \u003ccode\u003eDetect BioNeMo Child Process\u003c/code\u003e Sigma rule to catch unexpected child processes.\u003c/li\u003e\n\u003cli\u003eApply any available patches or updates released by NVIDIA to address CVE-2026-24164 as soon as they become available. Refer to NVIDIA\u0026rsquo;s security advisory for remediation guidance.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-31T17:17:41Z","date_published":"2026-03-31T17:17:41Z","id":"/briefs/2026-04-nvidia-bionemo-deserialization/","summary":"NVIDIA BioNeMo is vulnerable to deserialization of untrusted data (CVE-2026-24164), potentially leading to code execution, denial of service, information disclosure, and data tampering.","title":"NVIDIA BioNeMo Deserialization Vulnerability (CVE-2026-24164)","url":"https://feed.craftedsignal.io/briefs/2026-04-nvidia-bionemo-deserialization/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["CVE-2026-20963","sharepoint","deserialization","cisa-kev"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eOn March 18, 2026, CISA added CVE-2026-20963, a SharePoint deserialization vulnerability, to its Known Exploited Vulnerabilities catalog, signaling active exploitation in the wild. This vulnerability allows attackers to execute arbitrary code on affected SharePoint servers through the deserialization of untrusted data. Organizations utilizing SharePoint are urged to apply the necessary patches promptly. Beyond patching, it\u0026rsquo;s crucial to conduct a thorough audit of SharePoint assets, particularly…\u003c/p\u003e\n","date_modified":"2026-03-20T12:00:00Z","date_published":"2026-03-20T12:00:00Z","id":"/briefs/2026-03-sharepoint-deserialization/","summary":"CVE-2026-20963, a SharePoint deserialization vulnerability, is under active exploitation and has been added to the CISA Known Exploited Vulnerabilities (KEV) catalog, requiring immediate patching and auditing of potentially compromised data.","title":"Active Exploitation of SharePoint Deserialization Vulnerability (CVE-2026-20963)","url":"https://feed.craftedsignal.io/briefs/2026-03-sharepoint-deserialization/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["PhpSpreadsheet"],"_cs_severities":["critical"],"_cs_tags":["phpspreadsheet","ssrf","rce","php","deserialization"],"_cs_type":"advisory","_cs_vendors":["PhpOffice"],"content_html":"\u003cp\u003ePhpSpreadsheet, a widely used PHP library for reading and writing spreadsheet files, is susceptible to a critical vulnerability that can lead to both Server-Side Request Forgery (SSRF) and Remote Code Execution (RCE). The vulnerability stems from insufficient validation of the \u003ccode\u003e$filename\u003c/code\u003e parameter passed to the \u003ccode\u003eIOFactory::load\u003c/code\u003e function. When this parameter is user-controlled, attackers can leverage PHP wrappers such as \u003ccode\u003eftp://\u003c/code\u003e, \u003ccode\u003ephar://\u003c/code\u003e, and \u003ccode\u003essh2.sftp://\u003c/code\u003e to bypass the \u003ccode\u003eis_file\u003c/code\u003e check, leading to malicious file inclusion or arbitrary code execution. This flaw affects versions up to and including 1.30.2, as well as versions 2.0.0 through 5.5.0. Exploitation can occur even if the specified file inside the phar archive does not exist or is not a supported file type, potentially masking the attack. Due to PhpSpreadsheet\u0026rsquo;s widespread use in other popular libraries like \u003ccode\u003emaatwebsite/excel\u003c/code\u003e and \u003ccode\u003esonata-project/exporter\u003c/code\u003e, the impact of this vulnerability is significant.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious phar archive (\u003ccode\u003eexploit.xlsx\u003c/code\u003e) containing a PHP object with a \u003ccode\u003e__destruct\u003c/code\u003e method that executes arbitrary code via \u003ccode\u003eshell_exec\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker hosts the malicious phar archive on a web server or makes it accessible through other means.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a request to a vulnerable web application using PhpSpreadsheet, providing a \u003ccode\u003ephar://\u003c/code\u003e URL (e.g., \u003ccode\u003ephar://exploit.xlsx/whatever\u003c/code\u003e) as the \u003ccode\u003e$filename\u003c/code\u003e parameter to \u003ccode\u003eIOFactory::load\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eIOFactory::load\u003c/code\u003e attempts to load the file specified in the \u003ccode\u003e$filename\u003c/code\u003e parameter, which passes through the vulnerable \u003ccode\u003eis_file\u003c/code\u003e check.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ephar://\u003c/code\u003e wrapper triggers PHP\u0026rsquo;s phar extension, which deserializes the metadata within the \u003ccode\u003eexploit.xlsx\u003c/code\u003e archive.\u003c/li\u003e\n\u003cli\u003eDeserialization of the malicious PHP object triggers the \u003ccode\u003e__destruct\u003c/code\u003e method, executing the attacker\u0026rsquo;s arbitrary code via \u003ccode\u003eshell_exec\u003c/code\u003e, achieving RCE. The code creates \u003ccode\u003e/tmp/poc.txt\u003c/code\u003e in the example.\u003c/li\u003e\n\u003cli\u003eAlternatively, the attacker provides an \u003ccode\u003eftp://\u003c/code\u003e URL to \u003ccode\u003eIOFactory::load\u003c/code\u003e, pointing to an attacker-controlled FTP server.\u003c/li\u003e\n\u003cli\u003eThe vulnerable \u003ccode\u003eis_file\u003c/code\u003e check allows the \u003ccode\u003eftp://\u003c/code\u003e connection, leading to an SSRF vulnerability where the server running PhpSpreadsheet connects to the attacker\u0026rsquo;s specified FTP server.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability can lead to a range of severe consequences. Remote Code Execution (RCE) allows an attacker to execute arbitrary commands on the server, potentially leading to complete system compromise. The SSRF vulnerability enables an attacker to probe internal network resources, potentially exposing sensitive information or allowing further attacks on internal systems. Given PhpSpreadsheet\u0026rsquo;s use in numerous web applications and frameworks, a successful attack could impact a large number of users and organizations. Example impact includes attackers gaining initial access to internal applications.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the suggested mitigations by either checking for PHP wrappers in the filename before calling \u003ccode\u003eis_file\u003c/code\u003e or by using \u003ccode\u003erealpath\u003c/code\u003e to ensure a clean absolute path (see code snippets in the advisory).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect_PhpSpreadsheet_Phar_Wrapper\u003c/code\u003e to detect attempts to exploit the RCE vulnerability by monitoring process creation events with command lines containing \u0026ldquo;phar://\u0026rdquo; and \u003ccode\u003ephp\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect_PhpSpreadsheet_Ftp_Wrapper\u003c/code\u003e to detect attempts to exploit the SSRF vulnerability by monitoring network connections with destination ports on FTP protocol (21) and file paths contain ftp.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for requests containing the \u003ccode\u003ephar://\u003c/code\u003e or \u003ccode\u003eftp://\u003c/code\u003e schemes in the filename parameter to \u003ccode\u003eIOFactory::load\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-30T12:00:00Z","date_published":"2024-01-30T12:00:00Z","id":"/briefs/2024-01-30-phpspreadsheet-rce-ssrf/","summary":"PhpSpreadsheet is vulnerable to Server-Side Request Forgery (SSRF) and Remote Code Execution (RCE) due to improper validation of filenames in the IOFactory::load function, exploitable via PHP wrappers like `phar://` and `ftp://`.","title":"PhpSpreadsheet SSRF and RCE Vulnerability via IOFactory::load","url":"https://feed.craftedsignal.io/briefs/2024-01-30-phpspreadsheet-rce-ssrf/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["xmldom"],"_cs_severities":["high"],"_cs_tags":["xml","injection","deserialization","vulnerability"],"_cs_type":"advisory","_cs_vendors":["xmldom"],"content_html":"\u003cp\u003eThe xmldom library is susceptible to XML node injection due to a lack of validation when serializing comment nodes. Versions prior to 0.8.13 and versions between 0.9.0 and 0.9.10 are vulnerable. An attacker can inject arbitrary XML nodes into the serialized output by including comment-breaking sequences (e.g., \u003ccode\u003e--\u0026gt;\u003c/code\u003e) in the comment data. This allows them to alter the structure of the XML document. Exploitation involves crafting malicious input that leverages the library\u0026rsquo;s DOM construction and serialization flow. It matters because applications using xmldom to process potentially untrusted XML data could be coerced into generating malicious XML structures. The fix requires an opt-in \u003ccode\u003erequireWellFormed\u003c/code\u003e flag to be enabled when calling \u003ccode\u003eserializeToString()\u003c/code\u003e.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn application receives untrusted data intended for use in XML comment content.\u003c/li\u003e\n\u003cli\u003eThe application calls \u003ccode\u003ecreateComment(data)\u003c/code\u003e in xmldom, passing the untrusted data. The library stores the data without proper validation.\u003c/li\u003e\n\u003cli\u003eThe application constructs an XML document, including the comment node created in the previous step.\u003c/li\u003e\n\u003cli\u003eThe application calls \u003ccode\u003eserializeToString()\u003c/code\u003e on the XML document to serialize it.\u003c/li\u003e\n\u003cli\u003eIf the untrusted data contains comment-breaking sequences, such as \u003ccode\u003e--\u0026gt;\u003c/code\u003e, the serializer prematurely terminates the comment.\u003c/li\u003e\n\u003cli\u003eThe serializer injects any subsequent content in the untrusted data as live XML markup.\u003c/li\u003e\n\u003cli\u003eThe application stores, forwards, signs, or hands the serialized XML to another parser.\u003c/li\u003e\n\u003cli\u003eThe downstream consumer trusts the altered XML structure, leading to unintended consequences, such as misconfiguration or security bypass.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation allows attackers to inject arbitrary XML nodes, potentially altering the structure and meaning of generated XML documents. This could lead to misconfiguration, policy bypass, or other security vulnerabilities in applications that rely on the integrity of the XML structure. The vulnerability affects applications that use xmldom to build XML from untrusted input. The number of victims depends on the usage of the vulnerable library and the exposure of applications to untrusted XML data.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to \u003ccode\u003e@xmldom/xmldom\u003c/code\u003e version 0.8.13 or 0.9.10 or later to gain access to the fix.\u003c/li\u003e\n\u003cli\u003eAudit all calls to \u003ccode\u003eserializeToString()\u003c/code\u003e and add the \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e option when serializing comments containing potentially untrusted data.\u003c/li\u003e\n\u003cli\u003eImplement server-side input validation to sanitize comment data by removing comment-breaking sequences like \u003ccode\u003e--\u0026gt;\u003c/code\u003e before passing it to \u003ccode\u003ecreateComment()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule to detect comment injections.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-26T12:00:00Z","date_published":"2024-01-26T12:00:00Z","id":"/briefs/2024-01-26-xmldom-injection/","summary":"The xmldom library is vulnerable to XML node injection, allowing attackers to inject arbitrary XML nodes into serialized output by manipulating comment content; this is mitigated by using the `requireWellFormed` option in `serializeToString` after upgrading to version 0.8.13 or 0.9.10.","title":"xmldom XML Node Injection via Comment Serialization","url":"https://feed.craftedsignal.io/briefs/2024-01-26-xmldom-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2025-62373"}],"_cs_exploited":false,"_cs_products":["pipecat-ai"],"_cs_severities":["critical"],"_cs_tags":["remote code execution","deserialization","pipecat"],"_cs_type":"advisory","_cs_vendors":["pip"],"content_html":"\u003cp\u003eA critical vulnerability (CVE-2025-62373) exists in Pipecat\u0026rsquo;s \u003ccode\u003eLivekitFrameSerializer\u003c/code\u003e, an optional, non-default, and now deprecated frame serializer class intended for LiveKit integration. The \u003ccode\u003edeserialize()\u003c/code\u003e method in \u003ccode\u003esrc/pipecat/serializers/livekit.py\u003c/code\u003e uses Python\u0026rsquo;s \u003ccode\u003epickle.loads()\u003c/code\u003e on data received from WebSocket clients without validation or sanitization. This allows a malicious WebSocket client to send a crafted pickle payload to execute arbitrary code on the Pipecat server. While \u003ccode\u003eLivekitFrameSerializer\u003c/code\u003e is not enabled by default and was deprecated in version 0.0.90 in favor of the safer \u003ccode\u003eLiveKitTransport\u003c/code\u003e method, it remains in the codebase and could be inadvertently used, posing a severe risk if a Pipecat server is configured to use it and is listening on an external interface.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a Pipecat server with an exposed WebSocket endpoint (e.g., listening on 0.0.0.0:8765) using the vulnerable \u003ccode\u003eLivekitFrameSerializer\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious Python pickle payload. This payload contains instructions to execute arbitrary code on the server, using techniques like defining a class with a \u003ccode\u003e__reduce__\u003c/code\u003e method that calls \u003ccode\u003eos.system()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAttacker establishes a WebSocket connection to the Pipecat server.\u003c/li\u003e\n\u003cli\u003eAttacker sends the crafted pickle payload as a WebSocket message to the server.\u003c/li\u003e\n\u003cli\u003eThe Pipecat server receives the message and passes the data to the \u003ccode\u003eLivekitFrameSerializer.deserialize()\u003c/code\u003e method.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003edeserialize()\u003c/code\u003e method calls \u003ccode\u003epickle.loads()\u003c/code\u003e on the attacker-controlled data without proper validation.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003epickle.loads()\u003c/code\u003e deserializes the malicious pickle object, triggering the execution of the attacker\u0026rsquo;s code on the server with the privileges of the Pipecat process.\u003c/li\u003e\n\u003cli\u003eAttacker achieves remote code execution, potentially leading to full compromise of the server, including data exfiltration, malware installation, or pivoting to other systems.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability, CVE-2025-62373, allows an attacker to achieve remote code execution on the Pipecat server. If an application uses \u003ccode\u003eLivekitFrameSerializer\u003c/code\u003e and exposes the Pipecat WebSocket server to untrusted networks, an attacker can completely compromise the server. This could lead to the execution of operating system commands, data modification, malware installation, or pivoting to other systems. The vulnerability is critical because any code execution flaw in a real-time communications server context poses a high risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately stop using the \u003ccode\u003eLivekitFrameSerializer\u003c/code\u003e due to its use of unsafe pickle deserialization. Migrate to the recommended \u003ccode\u003eLiveKitTransport\u003c/code\u003e or other secure methods provided by the Pipecat framework (see Overview).\u003c/li\u003e\n\u003cli\u003eUpdate Pipecat to a version \u0026gt;= 0.0.94 to receive the deprecation warning.\u003c/li\u003e\n\u003cli\u003eIf you must support LiveKit integration or binary frame serialization, use safer alternatives like JSON, Protocol Buffers, or MessagePack.\u003c/li\u003e\n\u003cli\u003eBind the Pipecat service to localhost (127.0.0.1) whenever possible to prevent external network access as mentioned in the Overview.\u003c/li\u003e\n\u003cli\u003eImplement authentication and authorization on the WebSocket connection to restrict who can send data to the server, as described in the Mitigation section.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-02T10:00:00Z","date_published":"2024-01-02T10:00:00Z","id":"/briefs/2024-01-pipecat-rce/","summary":"A critical vulnerability, CVE-2025-62373, exists in Pipecat's LivekitFrameSerializer where the deserialize() method uses Python's pickle.loads() on WebSocket data without validation, allowing a malicious WebSocket client to execute arbitrary code on the Pipecat server if LivekitFrameSerializer is explicitly enabled.","title":"Pipecat Remote Code Execution via Pickle Deserialization in LivekitFrameSerializer","url":"https://feed.craftedsignal.io/briefs/2024-01-pipecat-rce/"}],"language":"en","title":"CraftedSignal Threat Feed — Deserialization","version":"https://jsonfeed.org/version/1.1"}