Tag
critical
advisory
Crabbox Environment Variable Exposure Vulnerability (CVE-2026-8634)
2 rules 1 TTP 1 CVECrabbox prior to v0.12.0 is vulnerable to environment variable exposure, allowing attackers with access to a malicious repository to forward local secrets into the remote command environment by exploiting overly permissive environment variable allowlisting and serializing sensitive environment variables into remote command execution, exposing credentials to the remote environment.
Crabbox < 0.12.0
environment variable exposure
credential theft
remote command execution
CVE-2026-8634
2r
1t
1c
high
threat
Inngest SDK Exposes Environment Variables via Unhandled HTTP Methods
2 rules 1 TTP 2 IOCsInngest TypeScript SDK versions 3.22.0 through 3.53.1 expose environment variables via the serve() handler on unhandled HTTP methods, allowing unauthenticated remote attackers to exfiltrate environment variables from the host process via `PATCH`, `OPTIONS`, or `DELETE` requests to the `serve()` HTTP handler.
exploited
inngest TypeScript SDK +2
environment-variable-exposure
inngest
cve-2026-42047
2r
1t
2i