Application security news, updated daily (if there is any news to share).
Content is AI-assisted and reviewed by our team, but issues may be missed and best practices evolve rapidly, send corrections to [email protected]. Always consult official documentation and validate key implementation decisions before making design or security choices.
CVE-2026-34204 lets authenticated MinIO clients with `s3:PutObject` permission make objects permanently unreadable by injecting internal SSE metadata via crafted `X-Minio-Replication-*` headers.
CVE-2026-33897 is a critical template-engine sandbox bypass in Incus <6.23.0 that lets low-privileged API users read/write host files as root.