Application security news, updated daily (if there is any news to share).
Content is AI-assisted and reviewed by our team, but issues may be missed and best practices evolve rapidly, send corrections to [email protected]. Always consult official documentation and validate key implementation decisions before making design or security choices.
CVE-2026-40217 reports a High LiteLLM guardrails sandbox escape where authenticated API users bypass regex filtering via bytecode rewriting to execute arbitrary server-side code.
CVE-2026-1115 is a critical stored XSS in `parisneo/lollms` social posts (versions <2.2.0) that executes in Home Feed viewers’ browsers, including admins.
JVN reports multiple CrewAI vulnerabilities where prompt injection can lead to remote code execution, SSRF, and arbitrary local file reads in agent deployments.
Anthropic announced Project Glasswing, an industry coalition using its unreleased Claude Mythos Preview model to find and fix vulnerabilities in critical software. Mythos autonomously discovered thousands of high-severity zero-days across every major OS and browser, including a 27-year-old OpenBSD flaw and a Linux kernel exploit chain achieving full system takeover.
CVE-2026-5594 reports remote code injection in `premAI-io/premsql` (up to 0.2.1) where attacker-influenced `result` is passed to Python `eval()` in a follow-up worker.
A GitHub-reviewed advisory warns @mobilenext/mobile-mcp users that unvalidated URL schemes in mobile_open_url allow prompt-injected AI agents to trigger arbitrary Android intents via ADB.
A GitHub-reviewed advisory reports a critical auth bypass in `litellm` when JWT auth is enabled, allowing unauthenticated impersonation via an OIDC userinfo cache key collision.
A GitHub-reviewed advisory warns vLLM’s OpenAI-compatible API server can be OOM-crashed by a single request with an extremely large `n`, affecting `vllm` < `0.19.0`.
CVE-2026-34430 discloses a High-severity sandbox escape in ByteDance `deer-flow` where bash tool validation bypass enables host command execution on deployments before patch commit `92c7a20`.
CVE-2026-34159 discloses a critical unauthenticated RCE in `llama.cpp`’s RPC backend, where crafted `GRAPH_COMPUTE` messages can yield arbitrary memory read/write over TCP.
Spring’s advisory warns `SimpleVectorStore` can execute attacker-supplied SpEL via filter keys, enabling remote code execution in Spring AI 1.0.x and 1.1.x apps.
GitHub disclosed a High-severity issue in Copilot CLI (<=0.0.422) where crafted bash parameter expansion can bypass shell safety checks and execute arbitrary commands.
F5 Labs reports a supply-chain compromise of Cline CLI 2.3.0 via a stolen npm token, installing OpenClaw and highlighting GitHub Actions cache-poisoning and prompt-injection risks.
Anthropic is rolling out Claude Code Security in limited preview for Enterprise/Team plans, scanning codebases for vulnerabilities and suggesting patches with human approval.