Application security news, updated daily (if there is any news to share).
Content is AI-assisted and reviewed by our team, but issues may be missed and best practices evolve rapidly, send corrections to [email protected]. Always consult official documentation and validate key implementation decisions before making design or security choices.
CVE-2026-6442 reports a High-severity sandbox escape in Snowflake's Cortex Code CLI (<1.0.25) where crafted `bash` commands from untrusted content can execute code locally without user consent.
Sonatype disclosed a hard-coded internal database credential in Nexus Repository 3.x that can enable unauthenticated host command execution when the OrientDB binary listener is enabled.
CVE-2026-40316 reports a High-severity GitHub Actions workflow RCE in OWASP BLT, enabling untrusted PR code execution in privileged CI when a maintainer applies a label.
A GitHub-reviewed advisory reports a High-severity command injection in Composer’s Perforce VCS support that can run attacker-supplied shell commands during installs from source.
An oss-security post highlights a third-party Hex.pm security audit, with multiple remediated findings including unsafe deserialization (CVE-2026-21619) and auth/API-key flaws.
A High-severity insecure DLL search path in JPCERT/CC’s `EmoCheck` can enable code execution if a user runs the tool from a directory containing a crafted DLL.
Gleam disclosed and patched a git-dependency path traversal that can delete or overwrite attacker-chosen directories during `gleam deps download`, impacting developer workstations and CI runners.
An oss-security post highlights a GNU tar 1.35 mismatch where `tar -t` hides entries that `tar -x` writes, enabling hidden file injection (CVE-2026-5704).
CVE-2026-35641 discloses a High-severity code-execution path in `openclaw` (<`2026.3.24`) where attacker-controlled `.npmrc` can hijack `git` during plugin/hook installation.
A Critical path traversal in `praisonai` lets crafted `.praison` bundles overwrite arbitrary files during `praisonai recipe unpack`, impacting versions >=2.7.2 and fixed in >=4.5.128.
CVE-2026-40180 reports a High Zip Slip path traversal in `quarkus-openapi-generator`, enabling crafted ZIP entries to write outside the intended output directory during code generation.
CVE-2026-4660 discloses a High-severity issue in HashiCorp `go-getter <= 1.8.5` where a crafted Git URL can trigger arbitrary filesystem reads during Git operations.
CVE-2026-35204 reports a High-severity Helm plugin path traversal where a crafted plugin can write files to arbitrary locations during install/update in Helm 4.0.0–4.1.3.
Elastic disclosed a High-severity Logstash path traversal in GeoIP database downloader updates that can enable arbitrary file write and potential RCE in certain configurations.
CVE-2026-39860 reports a critical Nix sandbox escape where fixed-output derivation output registration follows symlinks, letting local untrusted builds overwrite root-writable files.
CVE-2026-39382 discloses a critical command-injection bug in dbt’s `open-issue-in-repo.yml` reusable GitHub Actions workflow, letting attackers run arbitrary shell commands in CI contexts.
CVE-2026-35454 discloses a High-severity Zip Slip in `coder/code-marketplace` that lets a crafted VSIX write files outside the extension directory before `2.4.2`.
CVE-2026-35580 is a Critical GitHub Actions shell injection in `emissary` workflows (<8.39.0) where workflow_dispatch inputs hit `run:` blocks, enabling repo poisoning and downstream compromise.
OpenSSF Package Analysis flagged `@not-nemo/crypto-tracker` versions `1.0.4` and `1.0.6` as malicious, citing command execution and outbound communication to a domain associated with malicious activity.
A report says attackers are exploiting React2Shell (CVE-2025-55182) in unpatched, internet-exposed Next.js apps to automate credential theft from compromised servers at scale.
SafeDep reports 36 malicious npm packages masquerading as Strapi CMS plugins, using `postinstall` execution to exploit local Redis/PostgreSQL and deploy shells and persistent implants in developer and CI environments.
OSV reports the `photo-extractor` PyPI package version `2.33.0` as a malicious clone that downloads and executes remote code using Telegram as a C2 channel.
Wiz reports the “prt-scan” campaign opened 500+ malicious PRs abusing GitHub Actions `pull_request_target`, leaking runner secrets and compromising at least two npm packages.
OSV flagged `strapi-plugin-form`, a fake Strapi npm plugin whose `postinstall` exfiltrates `.env` and platform secrets and enables remote shell command execution.
OSV flags `supervisors` `0.1.0` on PyPI as malicious, executing code at install time to retrieve a next-stage payload URL from the Solana blockchain.
CVE-2026-34591 is a High wheel path traversal in Python’s `poetry` dependency manager, letting crafted wheels write arbitrary files during installs in CI/dev environments.
CVE-2026-34070 is a High-severity path traversal in `langchain-core` <1.2.22 that can expose host files when user-influenced prompt configs reach legacy `load_prompt*` APIs.
StepSecurity reports `[email protected]` and `[email protected]` were maliciously published on npm via compromised maintainer credentials, adding a `postinstall` RAT dropper dependency.
CVE-2026-33475 discloses a critical shell-injection flaw in Langflow’s GitHub Actions workflows that lets attackers run commands via branch/PR names and steal CI secrets.
Socket reports Trivy Docker Hub tags 0.69.5 and 0.69.6 were pushed without GitHub releases and contain TeamPCP infostealer indicators, impacting pipelines that pull `aquasec/trivy` by tag.
Aqua says attackers used a compromised credential to publish malicious `trivy-action` and `setup-trivy` releases; any affected GitHub Actions pipeline should upgrade and rotate secrets.
Deno published a High-severity command injection flaw in its node:child_process polyfill that can bypass Deno permissions when shell:true is used with attacker-controlled arguments.
An OpenSSF Siren advisory reports an automated campaign ("hackerbot-claw") actively exploiting insecure GitHub Actions workflows to run code and exfiltrate CI credentials.
CVE-2026-28215 lets unauthenticated attackers overwrite self-hosted Hoppscotch infrastructure config via POST /v1/onboarding/config, exposing OAuth credentials and plaintext secrets.
OpenLIT disclosed and fixed a critical GitHub Actions workflow flaw where `pull_request_target` could execute untrusted fork code with privileged tokens and secrets exposed.
F5 Labs reports a supply-chain compromise of Cline CLI 2.3.0 via a stolen npm token, installing OpenClaw and highlighting GitHub Actions cache-poisoning and prompt-injection risks.
Red Hat published RHSA-2026:2768, an Important security advisory updating RHEL 9.4 EUS nodejs:20 to address three Node.js vulnerabilities, including a DoS issue.
GitHub's Advisory Database published a malware advisory for the npm package ambar-src, warning that any affected machine should be treated as fully compromised.
OpenSSF Package Analysis identified the npm package compass-e2e-tests (version 99.0.0) as malicious due to communication with a domain associated with malicious activity.