Tag

Policy-Bypass

4 briefs RSS

PraisonAI Recipe Policy Bypass via YAML Workflow Approval

A policy bypass vulnerability in PraisonAI (CVE-NONE) allows untrusted recipes to self-approve and execute default-denied critical shell tools, such as `execute_command`, by declaring them in `workflow.yaml` instead of `TEMPLATE.yaml requires.tools`, leading to arbitrary command execution with the privileges of the PraisonAI process.

PraisonAI application-vulnerability policy-bypass remote-code-execution python

2r 2t 2d ago

high advisory

@hulumi/policies: CIS 1.16 Admin Policy Bypass Vulnerability

2 rules 1 TTP

@hulumi/policies versions before 1.3.2 improperly inspect inline and attached IAM policies, potentially allowing admin-equivalent policy paths to bypass the administrator-policy guardrail, resulting in a CIS 1.16 admin policy bypass.

@hulumi/policies +1 vulnerability iam policy bypass privilege escalation

2r 1t May 21, 2026

high advisory

Keycloak UMA Policy Bypass Vulnerability (CVE-2026-4636)

2 rules 3 TTPs 1 CVE

CVE-2026-4636 describes a vulnerability in Keycloak where an authenticated user with the uma_protection role can bypass User-Managed Access (UMA) policy validation, leading to unauthorized access to victim-owned resources.

keycloak uma policy-bypass privilege-escalation

2r 3t 1c Apr 2, 2026

high advisory

Heimdall Host Matching Case-Sensitivity Vulnerability

2 rules 1 TTP

Heimdall performs case-sensitive host matching, which can lead to policy bypass because HTTP hostnames are case-insensitive, potentially leading to unauthorized access, data modification, or privilege escalation if the request host is part of the rule.

heimdall defense-evasion policy-bypass access-control

2r 1t Jan 2, 2024