Application security news, updated daily (if there is any news to share).
CVE-2026-27577 discloses a critical n8n expression-evaluation sandbox escape enabling authenticated workflow editors to execute system commands; fixed in 1.123.22, 2.9.3, and 2.10.1.
Broadcom issued VMSA-2026-0001 for VMware Aria Operations, fixing a High command-injection bug and additional XSS and privilege-escalation flaws affecting VCF deployments.
Anthropic is rolling out Claude Code Security in limited preview for Enterprise/Team plans, scanning codebases for vulnerabilities and suggesting patches with human approval.
OpenSSF Package Analysis identified the npm package compass-e2e-tests (version 99.0.0) as malicious due to communication with a domain associated with malicious activity.