Deserialization — CraftedSignal Threat Feed

Hyperledger Fabric SDK Java Deserialization RCE

hello@craftedsignal.io — Wed, 29 Apr 2026 20:41:58 +0000

The fabric-sdk-java client SDK, a deprecated component of Hyperledger Fabric, contains a critical vulnerability related to insecure deserialization. Specifically, the Channel.java file implements readObject() and exposes deSerializeChannel() methods that call ObjectInputStream.readObject() on untrusted byte arrays without configuring an ObjectInputFilter. This omission allows an attacker to inject malicious serialized Java objects, leading to remote code execution (RCE). While fabric-sdk-java has been deprecated since Hyperledger Fabric v2.5 and replaced by org.hyperledger.fabric:fabric-gateway, organizations that have not yet migrated are still vulnerable. This issue highlights the risks associated with using deprecated software and the importance of migrating to supported versions. The vulnerability exists in versions 1.0.0 through 2.2.26.

Attack Chain

Attacker crafts a malicious serialized Java object using a tool like ysoserial. For example, java -jar ysoserial.jar CommonsCollections6 "touch /tmp/pwned" > malicious_channel.ser.
The attacker gains the ability to supply crafted serialized Channel bytes to the client application. This could involve compromising a local channel file.
The attacker injects the malicious serialized data through an application that accepts Channel bytes from external sources.
The vulnerable deSerializeChannel() method in Channel.java is called with the attacker-controlled byte array.
Inside deSerializeChannel(), an ObjectInputStream is created from the byte array.
The readObject() method of ObjectInputStream is called without any ObjectInputFilter, deserializing the malicious object.
The deserialization process triggers the execution of a gadget chain embedded in the malicious object.
The gadget chain executes arbitrary code on the server, achieving RCE.

Impact

Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the server running the vulnerable fabric-sdk-java application. This can lead to complete system compromise, data breaches, and other malicious activities. The severity is critical due to the potential for unauthenticated remote code execution. Organizations still using the deprecated fabric-sdk-java are at high risk until they migrate to the supported fabric-gateway.

Recommendation

Migrate to org.hyperledger.fabric:fabric-gateway immediately as the primary remediation, as it does not use Java serialization.
For organizations unable to migrate immediately, apply the suggested fix of adding an ObjectInputFilter to whitelist only expected classes as described in the advisory.
Implement runtime monitoring of Java deserialization to detect and prevent exploitation attempts.
Enable logging of deserialization events to aid in incident response.

Apache MINA Arbitrary Code Execution Vulnerability

hello@craftedsignal.io — Mon, 27 Apr 2026 16:09:56 +0000

A critical arbitrary code execution vulnerability, CVE-2026-41635, has been identified in Apache MINA, an open-source network application framework. The vulnerability affects versions 2.0.0 through 2.0.27, 2.1.0 through 2.1.10, and 2.2.0 through 2.2.5. The flaw lies within the AbstractIoBuffer.resolveClass() method, where a branch lacks class validation, bypassing the classname allowlist. This allows remote attackers with low privileges to execute arbitrary code on systems using Apache MINA when the IoBuffer.getObject() method is called. Successful exploitation can lead to full system compromise, data exfiltration, and further attacks on interconnected systems. It is imperative that organizations using Apache MINA apply the necessary patches immediately to mitigate this critical risk.

Attack Chain

The attacker identifies a vulnerable application using Apache MINA versions 2.0.0-2.0.27, 2.1.0-2.1.10, or 2.2.0-2.2.5.
The attacker crafts a malicious payload containing serialized Java objects designed to exploit the class validation bypass in AbstractIoBuffer.resolveClass().
The attacker sends a network request to the vulnerable application that triggers the IoBuffer.getObject() method.
The IoBuffer.getObject() method deserializes the attacker-controlled data without proper class validation due to the flaw in AbstractIoBuffer.resolveClass().
The malicious serialized object executes arbitrary code within the context of the application.
The attacker gains control of the application server.
The attacker uses their access to move laterally within the network.
The attacker exfiltrates sensitive data or deploys ransomware.

Impact

Successful exploitation of CVE-2026-41635 allows attackers to execute arbitrary code on systems utilizing vulnerable versions of Apache MINA. This can lead to a full compromise of the affected system, including data exfiltration, denial of service, or further attacks on interconnected systems. The vulnerability is remotely exploitable with low privileges, increasing the potential for widespread impact across various sectors relying on Apache MINA for network communication. A successful attack poses a high risk to the confidentiality, integrity, and availability of affected systems and data.

Recommendation

Immediately patch Apache MINA to the latest version to remediate CVE-2026-41635, as recommended by the vendor advisory (https://lists.apache.org/thread/1l91w1mqsb3lwfd504fs045ylxntt2tm).
Implement network monitoring to detect suspicious activity related to deserialization attempts, as suggested by the CCB’s recommendation to upscale monitoring capabilities.
Deploy the Sigma rule “Detect Apache MINA Vulnerable Class Deserialization Attempt” to identify potential exploitation attempts based on suspicious class names in network traffic.

ERB Deserialization Bypass via def_module/def_method/def_class

hello@craftedsignal.io — Sat, 25 Apr 2026 12:00:00 +0000

Ruby versions before ERB 2.2.0 implemented an @_init instance variable guard in ERB#result and ERB#run to prevent code execution upon deserialization via Marshal.load. This guard is intended to block execution when an ERB object is reconstructed from untrusted data. However, the methods ERB#def_method, ERB#def_module, and ERB#def_class were not given the same protection, creating a bypass. An attacker capable of triggering Marshal.load on untrusted data in a Ruby application with the erb gem loaded can exploit ERB#def_module (using its zero-argument, default-parameter form) as a code execution sink. This bypass impacts Ruby on Rails applications that import untrusted serialized data, Ruby tools employing Marshal.load for caching or IPC, and legacy Rails applications (pre-7.0) utilizing Marshal for cookie session serialization. This bypass renders the @_init mitigation ineffective across all ERB versions from 2.2.0 through 6.0.3. Combined with the DeprecatedInstanceVariableProxy gadget (present in all ActiveSupport versions through 7.2.3), this enables a universal RCE gadget chain for Ruby 3.2+ applications using Rails. The vulnerability is identified as CVE-2026-41316.

Attack Chain

The attacker crafts a malicious Ruby object containing an ERB instance and/or an ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy instance.
The ERB instance has its @src instance variable set to a string containing malicious code with the “end\nsystem(‘id’)\ndef x” payload.
The vulnerable application calls Marshal.load on the crafted object, triggering deserialization.
During deserialization, the DeprecatedInstanceVariableProxy is instantiated (if used), which then invokes the ERB#def_module method via method_missing.
The ERB#def_module method calls ERB#def_method without checking the @_init guard.
Inside ERB#def_method, the malicious code in @src is wrapped in a method definition and evaluated via module_eval.
The “end\nsystem(‘id’)\ndef x” payload causes the system('id') command to execute during the module_eval call, bypassing the intended deserialization protection.
The attacker achieves arbitrary code execution on the target system, gaining the ability to perform malicious actions.

Impact

Successful exploitation allows an attacker to execute arbitrary code on the target system. This affects Ruby applications, including Ruby on Rails, which use Marshal.load on untrusted data. Specific impact includes potential compromise of web servers and the ability to read sensitive files, modify data, or install malware. Vulnerable applications include those using Marshal.load for caching, data import, or IPC, and legacy Rails applications (pre-7.0) using Marshal for cookie session serialization. This bypass renders the @_init mitigation ineffective across all ERB versions from 2.2.0 through 6.0.3.

Recommendation

Upgrade your erb gem to version 4.0.3.1, 4.0.4.1, 6.0.1.1, or 6.0.4 to patch the vulnerability as described in the “Patches” section.
Avoid using Marshal.load on untrusted data, as it is inherently unsafe. Consider using alternative serialization formats like JSON or YAML.
Deploy the “Detect ERB def_module Code Execution via Deserialization” Sigma rule to detect exploitation attempts.

Ray Data Remote Code Execution via Parquet Arrow Extension Type Deserialization

hello@craftedsignal.io — Fri, 24 Apr 2026 16:15:00 +0000

Ray Data, a component of the Ray distributed computing framework, is susceptible to remote code execution (RCE) due to unsafe deserialization of Parquet file metadata. The vulnerability stems from Ray’s registration of custom Arrow extension types (ray.data.arrow_tensor, ray.data.arrow_tensor_v2, ray.data.arrow_variable_shaped_tensor) within PyArrow. When a Parquet file containing these extension types is processed, the __arrow_ext_deserialize__ function is invoked, leading to the execution of arbitrary code through cloudpickle.loads() on the field’s metadata, prior to any data being read. This issue affects Ray versions 2.49.0 through 2.54.0, introduced in July 2025 via commit f6d21db1a4. Successful exploitation does not require authentication or network access to a Ray cluster. Instead, it hinges on the framework reading a maliciously crafted Parquet file, which can originate from various sources like cloud storage, HuggingFace datasets, or shared file systems.

Attack Chain

An attacker crafts a Parquet file containing a column with a ray.data.arrow_tensor, ray.data.arrow_tensor_v2, or ray.data.arrow_variable_shaped_tensor extension type.
The attacker injects a malicious payload in the ARROW:extension:metadata field of the Parquet file, serialized using cloudpickle.
The attacker places the crafted Parquet file in a location accessible to a Ray Data pipeline, such as a HuggingFace dataset, a shared filesystem, or a cloud storage bucket.
A Ray Data pipeline, using functions like ray.data.read_parquet(), pyarrow.parquet.read_table(), or pandas.read_parquet(), attempts to read the Parquet file.
During schema parsing, PyArrow encounters the custom Arrow extension type and automatically calls the __arrow_ext_deserialize__ method.
The __arrow_ext_deserialize__ method invokes _deserialize_with_fallback(), which attempts to deserialize the metadata using cloudpickle.loads().
The cloudpickle.loads() function executes the attacker’s arbitrary code from the crafted Parquet metadata.
The attacker achieves arbitrary command execution as the user running the Ray worker process, potentially leading to full server compromise.

Impact

This vulnerability affects Ray versions 2.49.0 through 2.54.0, impacting any process utilizing Ray Data that reads Parquet files. The global registration of extension types in PyArrow means that all Parquet reads within the affected process are vulnerable. An attacker can achieve arbitrary command execution as the Ray worker process user, leading to full server compromise, without requiring authentication or cluster access. Successful exploitation allows attackers to compromise systems by simply placing a malicious Parquet file in a location that a Ray Data pipeline processes.

Recommendation

Upgrade Ray to a patched version beyond 2.54.0 to remediate the vulnerability, ensuring the fix addresses the cloudpickle.loads() call in the deserialization path.
Implement strict input validation and sanitization for Parquet files before processing them with Ray Data to prevent the execution of malicious payloads embedded in the ARROW:extension:metadata field.
Monitor for suspicious process execution originating from python processes using cloudpickle.loads() with the intent of arbitrary code execution.
Deploy the Sigma rule Detect Ray Data Parquet Deserialization RCE to detect exploitation attempts by monitoring for specific metadata within Parquet files.

Insecure Deserialization Vulnerability in Telerik UI for AJAX RadFilter Control (CVE-2026-6023)

hello@craftedsignal.io — Wed, 22 Apr 2026 08:16:13 +0000

CVE-2026-6023 exposes a critical vulnerability within the RadFilter control of Progress Telerik UI for AJAX. Affecting versions 2024.4.1114 to 2026.1.421, this flaw stems from insecure deserialization practices. The vulnerability arises when the filter state is exposed to the client, enabling malicious actors to manipulate this state. Successful exploitation grants attackers the ability to execute arbitrary code on the server. This vulnerability poses a significant risk to organizations utilizing the affected Telerik UI for AJAX versions, potentially leading to complete system compromise and data breaches. Defenders must promptly address this issue through patching or mitigation strategies.

Attack Chain

The attacker identifies a web application utilizing a vulnerable version of Progress Telerik UI for AJAX (2024.4.1114 - 2026.1.421) with the RadFilter control enabled.
The attacker observes the RadFilter control’s behavior, specifically how filter states are serialized and exposed to the client-side, typically within the HTTP request or response.
The attacker intercepts the serialized filter state data, often Base64 encoded or similar, transmitted between the client and server.
The attacker crafts a malicious serialized payload containing instructions to execute arbitrary code on the server. This involves exploiting the insecure deserialization process.
The attacker replaces the original, legitimate serialized filter state with the malicious payload.
The attacker sends the modified request containing the malicious serialized data to the server.
The Telerik UI for AJAX application on the server attempts to deserialize the tampered data using the RadFilter control.
Due to the insecure deserialization vulnerability, the malicious payload is executed, granting the attacker remote code execution on the server. The attacker can then perform actions such as installing malware, exfiltrating sensitive data, or disrupting services.

Impact

Successful exploitation of CVE-2026-6023 can lead to complete compromise of the affected server. An attacker can gain remote code execution, enabling them to install malware, steal sensitive data, or disrupt critical business operations. Given the widespread use of Telerik UI in enterprise applications, this vulnerability could potentially impact a large number of organizations across various sectors. Unpatched systems are at high risk of being exploited, leading to significant financial and reputational damage.

Recommendation

Immediately upgrade Progress Telerik UI for AJAX to a patched version outside the range of 2024.4.1114 through 2026.1.421 to remediate CVE-2026-6023.
Deploy the Sigma rule Detect Suspicious Telerik RadFilter Deserialization Attempt to identify attempts to exploit the deserialization vulnerability by monitoring for suspicious HTTP requests targeting the RadFilter control (Log source: webserver).
Implement input validation and sanitization on the server-side to prevent malicious data from being deserialized.
Monitor web server logs for unusual activity related to the RadFilter control, such as requests with abnormally large or malformed serialized data (Log source: webserver).

MetaSlider Responsive Slider Plugin Deserialization Vulnerability (CVE-2026-39467)

hello@craftedsignal.io — Tue, 21 Apr 2026 10:16:29 +0000

CVE-2026-39467 is a critical vulnerability affecting the MetaSlider Responsive Slider plugin for WordPress. Specifically, it is a Deserialization of Untrusted Data vulnerability that can lead to Object Injection. The vulnerability exists in versions up to and including 3.106.0. An attacker can exploit this vulnerability to inject arbitrary PHP objects into the application, potentially leading to remote code execution. This is possible because the plugin deserializes data without proper validation, allowing malicious actors to manipulate serialized data and inject harmful objects. The vulnerability was reported by Patchstack. Given the widespread use of WordPress and the MetaSlider plugin, this vulnerability poses a significant risk to a large number of websites.

Attack Chain

Attacker sends a crafted HTTP request to a WordPress endpoint that processes MetaSlider plugin data.
The request contains a serialized PHP object designed for malicious purposes.
The MetaSlider plugin deserializes the untrusted data without proper sanitization or validation using unserialize().
The deserialization process instantiates the malicious PHP object.
The injected object executes its malicious payload, potentially writing files to the server.
The attacker leverages the file write capability to plant a PHP webshell in the WordPress uploads directory.
The attacker accesses the webshell via a direct HTTP request.
The attacker executes arbitrary commands on the server via the webshell, gaining full control.

Impact

Successful exploitation of CVE-2026-39467 allows an unauthenticated attacker to inject arbitrary PHP objects, leading to remote code execution on the target WordPress server. This could result in complete compromise of the website, including data theft, defacement, or further attacks on internal networks. Given the popularity of MetaSlider, potentially thousands of websites are vulnerable.

Recommendation

Upgrade the MetaSlider Responsive Slider plugin to the latest version to patch CVE-2026-39467.
Implement the Sigma rule Detect MetaSlider Object Injection Attempt to detect exploitation attempts in web server logs.
Monitor web server logs for suspicious POST requests containing serialized PHP objects to WordPress endpoints.

Critical Remote Code Execution Vulnerability in Talend JobServer and Talend Runtime

hello@craftedsignal.io — Wed, 15 Apr 2026 12:00:00 +0000

A critical remote code execution vulnerability, CVE-2026-6264, has been identified in Talend JobServer and Talend Runtime, core components of the Talend data integration platform. Versions affected include Talend JobServer 7.3 (before TPS-6018) and 8.0 (before TPS-6017), as well as Talend Runtime 7.3 (before 7.3.1-R2026-01) and 8.0 (before 8.0.1.R2026-01-RT). The vulnerability stems from insecure deserialization of untrusted data through the JMX monitoring port. Successful exploitation allows an unauthenticated attacker to execute arbitrary code remotely, gain full control over affected systems, access, modify, or delete sensitive data, and disrupt services and data processing workflows. Given the wide deployment of Talend in enterprise settings, this vulnerability poses a significant risk to critical data pipelines.

Attack Chain

An unauthenticated attacker identifies a vulnerable Talend JobServer or Runtime instance with an exposed JMX monitoring port.
The attacker crafts a malicious serialized Java object containing arbitrary code.
The attacker sends the malicious serialized object to the JMX monitoring port of the target system.
The Talend JobServer or Runtime instance deserializes the malicious object without proper validation.
The deserialization process triggers the execution of the embedded malicious code within the Java Runtime Environment (JRE).
The attacker gains remote code execution on the compromised system.
The attacker leverages their initial access to escalate privileges, potentially gaining root or SYSTEM access.
The attacker can then access, modify, or exfiltrate sensitive data, install backdoors, or disrupt critical services.

Impact

Successful exploitation of CVE-2026-6264 can lead to complete system compromise, allowing attackers to execute arbitrary code, access sensitive data, and disrupt critical business processes. Given that Talend is often deployed in enterprise environments as part of critical data pipelines, a successful attack could result in widespread compromise across the enterprise, potentially impacting hundreds or thousands of systems and causing significant financial and reputational damage. The CCB has rated this as a critical vulnerability with a CVSS score of 9.8.

Recommendation

Immediately patch Talend JobServer to the latest version (TPS-6018 for 7.3, TPS-6017 for 8.0) to fully mitigate the vulnerability, as described in the advisory.
For Talend Runtime, disable the JobServer JMX monitoring port, particularly on versions prior to R2024-07-RT, as recommended in the advisory.
Deploy the Sigma rule provided below to detect suspicious JMX traffic indicative of CVE-2026-6264 exploitation.
Increase monitoring and detection capabilities to identify any related suspicious activity, as recommended by the CCB.

Azure Monitor Agent Deserialization Vulnerability (CVE-2026-32192) Allows Local Privilege Escalation

hello@craftedsignal.io — Wed, 15 Apr 2026 12:00:00 +0000

CVE-2026-32192 is a critical vulnerability affecting the Azure Monitor Agent, a component used for collecting monitoring data in Azure environments. This vulnerability stems from the insecure deserialization of untrusted data, allowing an attacker with local access and authorization to escalate their privileges on the affected system. The vulnerability was published on April 14, 2026. An attacker could potentially leverage this to gain higher-level access to the system, potentially leading to further lateral movement or data compromise. Defenders should prioritize patching this vulnerability to prevent exploitation and privilege escalation within their Azure environments. This vulnerability matters because successful exploitation could lead to unauthorized access to sensitive data, system configuration changes, or other malicious activities.

Attack Chain

An attacker gains initial access to a system with the Azure Monitor Agent installed and has local user privileges.
The attacker crafts malicious serialized data designed to exploit the deserialization vulnerability in the Azure Monitor Agent.
The attacker leverages an authorized channel to inject the malicious serialized data into the Azure Monitor Agent’s processing pipeline.
The Azure Monitor Agent attempts to deserialize the crafted data without proper validation.
During deserialization, the malicious data triggers the execution of attacker-controlled code.
The attacker-controlled code elevates the attacker’s privileges to a higher level, such as SYSTEM or root.
The attacker uses their elevated privileges to perform unauthorized actions, such as installing malware, accessing sensitive data, or modifying system configurations.

Impact

Successful exploitation of CVE-2026-32192 allows a local attacker with low privileges to escalate their privileges to SYSTEM or root on the affected machine. This could lead to complete system compromise, including data theft, malware installation, and disruption of services. The impact is significant due to the widespread use of Azure Monitor Agent in Azure environments, making numerous systems potentially vulnerable.

Recommendation

Apply the patch released by Microsoft to address CVE-2026-32192 on all systems running the Azure Monitor Agent as soon as possible, as referenced in the vulnerability advisory https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32192.
Implement the Sigma rule “Detect Suspicious Azure Monitor Agent Process Creation” to detect potential exploitation attempts by monitoring for unusual process executions initiated by the Azure Monitor Agent.
Enable process creation logging to facilitate the detection of malicious activity stemming from the Azure Monitor Agent based on the rules provided.

Red Hat Quay Deserialization Vulnerability Leads to Remote Code Execution (CVE-2026-32590)

hello@craftedsignal.io — Wed, 08 Apr 2026 18:25:59 +0000

Red Hat Quay is vulnerable to a critical deserialization flaw, identified as CVE-2026-32590. This vulnerability resides in the handling of resumable container image layer uploads. Specifically, the way Quay stores intermediate data in its database during the upload process is susceptible to tampering. An attacker with the ability to manipulate this stored data can leverage this vulnerability to inject malicious serialized objects. When Quay attempts to deserialize this tampered data, it leads to arbitrary code execution within the Quay server’s context. This poses a significant risk to the integrity and confidentiality of the container registry. The vulnerability was reported on April 8, 2026, and affects deployments of Red Hat Quay that have not been patched. Successful exploitation allows attackers to gain full control over the Quay server, potentially leading to data breaches, service disruption, and supply chain compromise.

Attack Chain

The attacker gains access to the Quay server’s database or the mechanism used to store intermediate data during resumable uploads, potentially through SQL injection or other database vulnerabilities.
The attacker intercepts a container image layer upload request to the Quay server.
The attacker crafts a malicious payload containing a serialized object designed to execute arbitrary code upon deserialization.
The attacker injects the malicious payload into the intermediate data stored in the database associated with the targeted resumable upload.
The Quay server, during the process of resuming the upload, retrieves the tampered intermediate data from the database.
The Quay server attempts to deserialize the data, triggering the execution of the malicious code embedded within the crafted serialized object.
The attacker achieves arbitrary code execution on the Quay server with the privileges of the Quay application.
The attacker leverages the gained access to compromise the entire Quay registry, potentially exfiltrating sensitive data, injecting malicious images, or disrupting the service.

Impact

Successful exploitation of CVE-2026-32590 allows for arbitrary code execution on the Red Hat Quay server. This can lead to a complete compromise of the container registry, potentially affecting all container images stored within. Depending on the Quay server’s configuration and connected systems, this could lead to further lateral movement within the network and compromise of other critical infrastructure. The severity is rated as HIGH with a CVSS score of 7.1, indicating a significant risk. If exploited, organizations could face data breaches, supply chain attacks through compromised container images, and prolonged service outages.

Recommendation

Apply the patch or upgrade to a fixed version of Red Hat Quay as recommended by Red Hat to address CVE-2026-32590.
Implement database access controls to restrict unauthorized access and modification of the Quay database to prevent tampering with intermediate data.
Deploy a Web Application Firewall (WAF) to inspect and filter potentially malicious payloads in container image layer upload requests to mitigate exploitation attempts.
Enable robust logging and monitoring of database access and deserialization operations within the Quay server to detect suspicious activities related to this vulnerability.
Implement the provided Sigma rule Detect Quay Deserialization Attempt to identify potential exploitation attempts based on process execution and network connections.

IBM Langflow Desktop Deserialization RCE (CVE-2026-3357)

hello@craftedsignal.io — Wed, 08 Apr 2026 01:16:41 +0000

IBM Langflow Desktop, a low-code platform designed to build custom LLM applications, is susceptible to a critical vulnerability (CVE-2026-3357) affecting versions 1.6.0 through 1.8.2. The flaw stems from an insecure default setting within the FAISS (Facebook AI Similarity Search) component, which permits the deserialization of untrusted data. This vulnerability allows an authenticated user to execute arbitrary code on the host system. Successful exploitation grants the attacker full control over the Langflow Desktop instance and potentially the underlying system. Due to the ease of exploitation, especially for authenticated users, defenders must prioritize patching or mitigating this issue to prevent potential breaches.

Attack Chain

An authenticated user logs into the vulnerable IBM Langflow Desktop application (versions 1.6.0 through 1.8.2).
The attacker crafts malicious serialized data designed to exploit the insecure deserialization vulnerability in the FAISS component.
The attacker injects the malicious serialized data into the Langflow application, potentially through a manipulated API request or a crafted workflow file.
Langflow Desktop processes the malicious data using the vulnerable FAISS component.
The FAISS component deserializes the untrusted data without proper validation.
During deserialization, the malicious payload is executed, leading to arbitrary code execution within the context of the Langflow Desktop application.
The attacker gains control of the Langflow Desktop application.
The attacker leverages the code execution to escalate privileges, install malware, or exfiltrate sensitive data from the affected system.

Impact

Successful exploitation of CVE-2026-3357 allows an attacker to execute arbitrary code on the system running IBM Langflow Desktop. This could lead to complete system compromise, including data theft, malware installation, and denial of service. Given the low complexity and the ability to exploit it with authentication, this vulnerability poses a significant risk to organizations using the affected versions of Langflow Desktop. The impact is amplified if the Langflow Desktop instance has access to sensitive data or critical infrastructure.

Recommendation

Upgrade IBM Langflow Desktop to a patched version that addresses CVE-2026-3357. Refer to IBM’s security advisory (https://www.ibm.com/support/pages/node/7268428) for specific upgrade instructions.
Implement input validation and sanitization measures to prevent the deserialization of untrusted data.
Monitor network traffic for suspicious activity related to Langflow Desktop, such as unexpected API calls or data transfers.
Enable logging for Langflow Desktop and related components, and analyze logs for signs of exploitation.
Deploy a web application firewall (WAF) with rules to detect and block attempts to exploit deserialization vulnerabilities in web applications.

NVIDIA DALI Deserialization Vulnerability (CVE-2026-24156)

hello@craftedsignal.io — Tue, 07 Apr 2026 18:16:39 +0000

CVE-2026-24156 describes a deserialization of untrusted data vulnerability within NVIDIA DALI. This vulnerability could allow an attacker to execute arbitrary code on a vulnerable system. According to NVIDIA’s advisory, a successful exploit requires local access, a low level of privileges, and user interaction. The CVSS v3.1 score is rated as 7.3 (HIGH). The vulnerability was reported on April 7, 2026. Successful exploitation could allow an attacker to compromise the confidentiality, integrity, and availability of the system. This is a critical vulnerability for systems utilizing NVIDIA DALI, especially those processing external or untrusted data.

Attack Chain

An attacker gains local access to a system running NVIDIA DALI, possibly through social engineering or physical access.
The attacker prepares a malicious serialized data object designed to exploit the deserialization vulnerability in DALI.
The attacker leverages user interaction to trigger the deserialization process within DALI, potentially through a crafted input file or command-line argument.
During deserialization, the malicious object executes arbitrary code due to the vulnerability.
The attacker gains control of the DALI process, potentially escalating privileges within the application context.
The attacker uses the compromised DALI process to execute commands on the host operating system.
The attacker compromises the system, potentially installing malware, exfiltrating sensitive data, or causing denial of service.

Impact

Successful exploitation of CVE-2026-24156 can lead to arbitrary code execution on systems running NVIDIA DALI. This could result in complete system compromise, including data theft, system corruption, and denial of service. Given the CVSS score of 7.3, the impact is considered high, as successful exploitation can severely impact confidentiality, integrity, and availability.

Recommendation

Apply the patch or upgrade to the version of NVIDIA DALI that addresses CVE-2026-24156, as described in NVIDIA’s advisory.
Implement least privilege principles to limit the impact of potential code execution.
Monitor systems for suspicious process execution originating from DALI processes to detect potential exploitation attempts.
Deploy the Sigma rules in this brief to your SIEM and tune for your environment.

phpBB Arbitrary File Upload Vulnerability (CVE-2019-25685)

hello@craftedsignal.io — Sun, 05 Apr 2026 21:16:47 +0000

CVE-2019-25685 is an arbitrary file upload vulnerability affecting phpBB. An authenticated attacker can exploit this vulnerability to upload malicious files by leveraging the plupload functionality and the phar:// stream wrapper. This allows them to upload a crafted ZIP archive that includes serialized PHP objects, leading to arbitrary code execution when these objects are deserialized via the imagick parameter within the attachment settings. Successful exploitation can result in complete server compromise, allowing the attacker to execute arbitrary commands, potentially leading to data theft, website defacement, or denial of service.

Attack Chain

The attacker authenticates to the phpBB application.
The attacker crafts a malicious ZIP archive containing serialized PHP objects designed for remote code execution. This archive is designed to be processed by the phar:// stream wrapper.
The attacker uploads the crafted ZIP archive through the plupload functionality, potentially disguised as a legitimate attachment type.
The phpBB application processes the uploaded file. The application uses the phar:// stream wrapper to extract the contents of the uploaded ZIP file.
The application deserializes the malicious PHP objects, triggered by the imagick parameter in attachment settings.
Deserialization of the crafted PHP objects leads to arbitrary code execution on the server.
The attacker gains control of the web server, potentially escalating privileges.

Impact

Successful exploitation of CVE-2019-25685 allows an attacker to execute arbitrary code on the phpBB server. The attacker could gain complete control of the web server, potentially leading to data theft, website defacement, or denial of service. The impact is significant due to the potential for full system compromise. The number of victims is dependent on the number of phpBB installations exposed and targeted.

Recommendation

Inspect web server logs for POST requests to attachment upload endpoints containing ZIP archives and the “phar://” wrapper in request parameters to detect potential exploit attempts. (Log Source: webserver, Rule: phpbb_phar_upload)
Monitor phpBB file upload directories for the creation of unexpected files, particularly PHP scripts or other executable files. (Log Source: file_event, Rule: phpbb_suspicious_file_creation)
Apply available patches or updates for phpBB to address CVE-2019-25685 as soon as possible.

pyLoad Arbitrary Code Execution via Malicious Session Deserialization

hello@craftedsignal.io — Sat, 04 Apr 2026 06:43:37 +0000

pyLoad, a download manager, is susceptible to arbitrary code execution due to an insecure configuration option related to the storage folder. This vulnerability arises from the incomplete fix for CVE-2026-33509. Specifically, the storage_folder option is not included in the ADMIN_ONLY_OPTIONS set, which allows users with SETTINGS and ADD permissions to modify it. By redirecting downloads to the Flask filesystem session store, an attacker can plant a malicious pickle payload as a predictable session file. Subsequently, any HTTP request containing the corresponding crafted session cookie will trigger the deserialization of the payload, resulting in arbitrary code execution. This issue affects pyLoad versions up to and including 0.5.0b3. The observed exploitation involves manipulating the download directory to write malicious files into the Flask session store, ultimately leading to code execution on the host.

Attack Chain

An attacker gains a non-admin user account with both SETTINGS and ADD permissions in pyLoad.
The attacker uses the /api/set_config_value endpoint to modify the storage_folder option, setting its value to the Flask session store directory: /tmp/pyLoad/flask. This bypasses existing path restrictions.
The attacker calculates the target session filename by computing the MD5 hash of the string “session:ATTACKER_SESSION_ID”.
The attacker hosts a malicious pickle payload (e.g., 92912f771df217fb6fbfded6705dd47c) on a remote server.
The attacker uses the /api/add_package endpoint to add a download package. The download link points to the hosted malicious pickle payload on the attacker’s server: http://attacker.com/92912f771df217fb6fbfded6705dd47c. The dest parameter specifies where to store the downloaded file.
pyLoad downloads the malicious pickle payload and saves it to the Flask session store directory, naming it according to the MD5 hash calculated earlier.
The attacker crafts an HTTP request to the pyLoad server, including a cookie named pyload_session_{port} with the value ATTACKER_SESSION_ID. The port number is derived from the pyLoad configuration.
Upon receiving the request with the crafted cookie, Flask attempts to load the session data from the corresponding file. The cachelib library deserializes the malicious pickle payload using pickle.load(), triggering arbitrary code execution.

Impact

Successful exploitation allows a non-admin user with SETTINGS and ADD permissions to achieve arbitrary code execution as the pyload service user. This grants the attacker the ability to execute arbitrary commands, read environment variables (potentially exposing API keys and credentials), access the filesystem (including download history and user databases), and potentially pivot to other network resources. The vulnerability requires no authentication to trigger the final stage of exploitation, increasing its severity and potential impact.

Recommendation

Deploy the following Sigma rule to detect attempts to modify the storage_folder configuration option to point to the Flask session directory (/tmp/pyLoad/flask): Suspicious pyLoad Storage Folder Modification.
Apply the suggested fix by adding storage_folder to the ADMIN_ONLY_OPTIONS set in the pyLoad configuration to prevent non-admin users from modifying it.
Block the malicious URLs used to deliver the pickle payload, specifically http://attacker.com/92912f771df217fb6fbfded6705dd47c, at your network perimeter.
Monitor for HTTP requests containing the crafted session cookie (pyload_session_{port}=ATTACKER_SESSION_ID), using a webserver or proxy log source, as it triggers the final stage of the attack.

NVIDIA BioNeMo Deserialization Vulnerability (CVE-2026-24164)

hello@craftedsignal.io — Tue, 31 Mar 2026 17:17:41 +0000

A deserialization of untrusted data vulnerability has been identified in NVIDIA BioNeMo (CVE-2026-24164). This vulnerability allows a malicious actor to potentially inject arbitrary code, trigger a denial-of-service condition, expose sensitive information, or tamper with data within the BioNeMo environment. The vulnerability stems from BioNeMo’s processing of serialized data, which, if crafted maliciously, can lead to unintended code execution or system compromise. The reported CVSS v3.1 score is 8.8, indicating a high severity. The vendor, NVIDIA, has acknowledged the vulnerability, but specific exploitation details and affected versions are not available in the provided source.

Attack Chain

The attacker identifies an endpoint or functionality within NVIDIA BioNeMo that accepts serialized data as input.
The attacker crafts a malicious serialized object designed to exploit the deserialization vulnerability. This object could contain instructions to execute arbitrary code, read sensitive files, or modify application data.
The attacker sends the malicious serialized object to the vulnerable BioNeMo endpoint. This could be done via a web request, API call, or other data submission mechanism.
BioNeMo attempts to deserialize the received data.
During the deserialization process, the malicious object triggers the execution of attacker-controlled code due to the vulnerability.
The attacker gains control of the BioNeMo application process or underlying server.
The attacker performs malicious actions such as exfiltrating sensitive data, installing malware, or disrupting services.
The attacker achieves their objective, which could include data breach, system compromise, or denial of service.

Impact

Successful exploitation of CVE-2026-24164 can have severe consequences. It could lead to the execution of arbitrary code on the BioNeMo server, allowing attackers to gain unauthorized access and control. Sensitive data processed by BioNeMo could be exposed, leading to a data breach. The vulnerability could also be exploited to cause a denial of service, disrupting BioNeMo’s functionality. Data tampering is also a potential consequence, leading to data integrity issues and potentially impacting downstream processes that rely on BioNeMo. The number of potential victims and targeted sectors are unknown.

Recommendation

Monitor web server logs for suspicious POST requests containing serialized data being sent to NVIDIA BioNeMo endpoints, and deploy the Sigma rule Detect Suspicious BioNeMo Deserialization Attempts to detect potential exploitation attempts.
Inspect network traffic for unusual data patterns related to serialization protocols and correlate with BioNeMo activity, to aid in identifying potential exploitation attempts targeting CVE-2026-24164.
Monitor process creation events on servers hosting NVIDIA BioNeMo for unexpected processes being spawned by the BioNeMo application, using the Detect BioNeMo Child Process Sigma rule to catch unexpected child processes.
Apply any available patches or updates released by NVIDIA to address CVE-2026-24164 as soon as they become available. Refer to NVIDIA’s security advisory for remediation guidance.

Active Exploitation of SharePoint Deserialization Vulnerability (CVE-2026-20963)

hello@craftedsignal.io — Fri, 20 Mar 2026 12:00:00 +0000

On March 18, 2026, CISA added CVE-2026-20963, a SharePoint deserialization vulnerability, to its Known Exploited Vulnerabilities catalog, signaling active exploitation in the wild. This vulnerability allows attackers to execute arbitrary code on affected SharePoint servers through the deserialization of untrusted data. Organizations utilizing SharePoint are urged to apply the necessary patches promptly. Beyond patching, it’s crucial to conduct a thorough audit of SharePoint assets, particularly…

PhpSpreadsheet SSRF and RCE Vulnerability via IOFactory::load

hello@craftedsignal.io — Tue, 30 Jan 2024 12:00:00 +0000

PhpSpreadsheet, a widely used PHP library for reading and writing spreadsheet files, is susceptible to a critical vulnerability that can lead to both Server-Side Request Forgery (SSRF) and Remote Code Execution (RCE). The vulnerability stems from insufficient validation of the $filename parameter passed to the IOFactory::load function. When this parameter is user-controlled, attackers can leverage PHP wrappers such as ftp://, phar://, and ssh2.sftp:// to bypass the is_file check, leading to malicious file inclusion or arbitrary code execution. This flaw affects versions up to and including 1.30.2, as well as versions 2.0.0 through 5.5.0. Exploitation can occur even if the specified file inside the phar archive does not exist or is not a supported file type, potentially masking the attack. Due to PhpSpreadsheet’s widespread use in other popular libraries like maatwebsite/excel and sonata-project/exporter, the impact of this vulnerability is significant.

Attack Chain

An attacker crafts a malicious phar archive (exploit.xlsx) containing a PHP object with a __destruct method that executes arbitrary code via shell_exec.
The attacker hosts the malicious phar archive on a web server or makes it accessible through other means.
The attacker crafts a request to a vulnerable web application using PhpSpreadsheet, providing a phar:// URL (e.g., phar://exploit.xlsx/whatever) as the $filename parameter to IOFactory::load.
IOFactory::load attempts to load the file specified in the $filename parameter, which passes through the vulnerable is_file check.
The phar:// wrapper triggers PHP’s phar extension, which deserializes the metadata within the exploit.xlsx archive.
Deserialization of the malicious PHP object triggers the __destruct method, executing the attacker’s arbitrary code via shell_exec, achieving RCE. The code creates /tmp/poc.txt in the example.
Alternatively, the attacker provides an ftp:// URL to IOFactory::load, pointing to an attacker-controlled FTP server.
The vulnerable is_file check allows the ftp:// connection, leading to an SSRF vulnerability where the server running PhpSpreadsheet connects to the attacker’s specified FTP server.

Impact

Successful exploitation of this vulnerability can lead to a range of severe consequences. Remote Code Execution (RCE) allows an attacker to execute arbitrary commands on the server, potentially leading to complete system compromise. The SSRF vulnerability enables an attacker to probe internal network resources, potentially exposing sensitive information or allowing further attacks on internal systems. Given PhpSpreadsheet’s use in numerous web applications and frameworks, a successful attack could impact a large number of users and organizations. Example impact includes attackers gaining initial access to internal applications.

Recommendation

Apply the suggested mitigations by either checking for PHP wrappers in the filename before calling is_file or by using realpath to ensure a clean absolute path (see code snippets in the advisory).
Deploy the Sigma rule Detect_PhpSpreadsheet_Phar_Wrapper to detect attempts to exploit the RCE vulnerability by monitoring process creation events with command lines containing “phar://” and php.
Deploy the Sigma rule Detect_PhpSpreadsheet_Ftp_Wrapper to detect attempts to exploit the SSRF vulnerability by monitoring network connections with destination ports on FTP protocol (21) and file paths contain ftp.
Monitor web server logs for requests containing the phar:// or ftp:// schemes in the filename parameter to IOFactory::load.

xmldom XML Node Injection via Comment Serialization

hello@craftedsignal.io — Fri, 26 Jan 2024 12:00:00 +0000

The xmldom library is susceptible to XML node injection due to a lack of validation when serializing comment nodes. Versions prior to 0.8.13 and versions between 0.9.0 and 0.9.10 are vulnerable. An attacker can inject arbitrary XML nodes into the serialized output by including comment-breaking sequences (e.g., -->) in the comment data. This allows them to alter the structure of the XML document. Exploitation involves crafting malicious input that leverages the library’s DOM construction and serialization flow. It matters because applications using xmldom to process potentially untrusted XML data could be coerced into generating malicious XML structures. The fix requires an opt-in requireWellFormed flag to be enabled when calling serializeToString().

Attack Chain

An application receives untrusted data intended for use in XML comment content.
The application calls createComment(data) in xmldom, passing the untrusted data. The library stores the data without proper validation.
The application constructs an XML document, including the comment node created in the previous step.
The application calls serializeToString() on the XML document to serialize it.
If the untrusted data contains comment-breaking sequences, such as -->, the serializer prematurely terminates the comment.
The serializer injects any subsequent content in the untrusted data as live XML markup.
The application stores, forwards, signs, or hands the serialized XML to another parser.
The downstream consumer trusts the altered XML structure, leading to unintended consequences, such as misconfiguration or security bypass.

Impact

Successful exploitation allows attackers to inject arbitrary XML nodes, potentially altering the structure and meaning of generated XML documents. This could lead to misconfiguration, policy bypass, or other security vulnerabilities in applications that rely on the integrity of the XML structure. The vulnerability affects applications that use xmldom to build XML from untrusted input. The number of victims depends on the usage of the vulnerable library and the exposure of applications to untrusted XML data.

Recommendation

Upgrade to @xmldom/xmldom version 0.8.13 or 0.9.10 or later to gain access to the fix.
Audit all calls to serializeToString() and add the { requireWellFormed: true } option when serializing comments containing potentially untrusted data.
Implement server-side input validation to sanitize comment data by removing comment-breaking sequences like --> before passing it to createComment().
Deploy the Sigma rule to detect comment injections.

Pipecat Remote Code Execution via Pickle Deserialization in LivekitFrameSerializer

hello@craftedsignal.io — Tue, 02 Jan 2024 10:00:00 +0000

A critical vulnerability (CVE-2025-62373) exists in Pipecat’s LivekitFrameSerializer, an optional, non-default, and now deprecated frame serializer class intended for LiveKit integration. The deserialize() method in src/pipecat/serializers/livekit.py uses Python’s pickle.loads() on data received from WebSocket clients without validation or sanitization. This allows a malicious WebSocket client to send a crafted pickle payload to execute arbitrary code on the Pipecat server. While LivekitFrameSerializer is not enabled by default and was deprecated in version 0.0.90 in favor of the safer LiveKitTransport method, it remains in the codebase and could be inadvertently used, posing a severe risk if a Pipecat server is configured to use it and is listening on an external interface.

Attack Chain

Attacker identifies a Pipecat server with an exposed WebSocket endpoint (e.g., listening on 0.0.0.0:8765) using the vulnerable LivekitFrameSerializer.
Attacker crafts a malicious Python pickle payload. This payload contains instructions to execute arbitrary code on the server, using techniques like defining a class with a __reduce__ method that calls os.system().
Attacker establishes a WebSocket connection to the Pipecat server.
Attacker sends the crafted pickle payload as a WebSocket message to the server.
The Pipecat server receives the message and passes the data to the LivekitFrameSerializer.deserialize() method.
The deserialize() method calls pickle.loads() on the attacker-controlled data without proper validation.
pickle.loads() deserializes the malicious pickle object, triggering the execution of the attacker’s code on the server with the privileges of the Pipecat process.
Attacker achieves remote code execution, potentially leading to full compromise of the server, including data exfiltration, malware installation, or pivoting to other systems.

Impact

Successful exploitation of this vulnerability, CVE-2025-62373, allows an attacker to achieve remote code execution on the Pipecat server. If an application uses LivekitFrameSerializer and exposes the Pipecat WebSocket server to untrusted networks, an attacker can completely compromise the server. This could lead to the execution of operating system commands, data modification, malware installation, or pivoting to other systems. The vulnerability is critical because any code execution flaw in a real-time communications server context poses a high risk.

Recommendation

Immediately stop using the LivekitFrameSerializer due to its use of unsafe pickle deserialization. Migrate to the recommended LiveKitTransport or other secure methods provided by the Pipecat framework (see Overview).
Update Pipecat to a version >= 0.0.94 to receive the deprecation warning.
If you must support LiveKit integration or binary frame serialization, use safer alternatives like JSON, Protocol Buffers, or MessagePack.
Bind the Pipecat service to localhost (127.0.0.1) whenever possible to prevent external network access as mentioned in the Overview.
Implement authentication and authorization on the WebSocket connection to restrict who can send data to the server, as described in the Mitigation section.