🔫 Pwn2Own Berlin 2026: DEVCORE dominates with $505K, 47 zero-days discovered
Pwn2Own Berlin 2026 concluded with $1.298 million in payouts across three days, as researchers exposed 47 unique zero-day vulnerabilities. DEVCORE Research Team secured Master of Pwn with 50.5 points and $505,000, exploiting targets including Microsoft SharePoint and multiple Windows 11 privilege escalations. STARLabs SG placed second with a $200,000 VMware ESXi cross-tenant code execution. OpenAI Codex fell three times to different researchers using distinct techniques.
The competition results mark a 20% increase from 2025's $1.07M total, reflecting expanded targeting of AI infrastructure and developer tooling beyond traditional platforms. Vendors have 90 days to patch before disclosure.
🛰️ Open sources - closed narratives
@sitreports
Pwn2Own Berlin 2026 concluded with $1.298 million in payouts across three days, as researchers exposed 47 unique zero-day vulnerabilities. DEVCORE Research Team secured Master of Pwn with 50.5 points and $505,000, exploiting targets including Microsoft SharePoint and multiple Windows 11 privilege escalations. STARLabs SG placed second with a $200,000 VMware ESXi cross-tenant code execution. OpenAI Codex fell three times to different researchers using distinct techniques.
The competition results mark a 20% increase from 2025's $1.07M total, reflecting expanded targeting of AI infrastructure and developer tooling beyond traditional platforms. Vendors have 90 days to patch before disclosure.
🛰️ Open sources - closed narratives
@sitreports
🔫 CISA Adds Actively Exploited Exchange Server Zero-Day to KEV Catalog
CISA has added CVE-2026-42897, a cross-site scripting vulnerability in Microsoft Exchange Server with a CVSS score of 8.1, to its Known Exploited Vulnerabilities catalog. Microsoft confirmed active exploitation affecting Outlook Web Access, where attackers execute malicious JavaScript by sending specially crafted emails, according to reporting from Security Affairs. The vulnerability surfaced two days after Microsoft's May 2026 Patch Tuesday with no permanent fix available, only temporary mitigations.
Federal agencies must remediate by May 29, 2026, under BOD 22-01.
🛰️ Open sources - closed narratives
@sitreports
CISA has added CVE-2026-42897, a cross-site scripting vulnerability in Microsoft Exchange Server with a CVSS score of 8.1, to its Known Exploited Vulnerabilities catalog. Microsoft confirmed active exploitation affecting Outlook Web Access, where attackers execute malicious JavaScript by sending specially crafted emails, according to reporting from Security Affairs. The vulnerability surfaced two days after Microsoft's May 2026 Patch Tuesday with no permanent fix available, only temporary mitigations.
Federal agencies must remediate by May 29, 2026, under BOD 22-01.
🛰️ Open sources - closed narratives
@sitreports
🔫 OpenAI confirms breach via TanStack supply chain attack
OpenAI disclosed that two employee devices were compromised through malicious TanStack packages distributed by the TeamPCP hacking group, exposing credentials from internal code repositories. The attackers deployed the Mini Shai-Hulud worm, which spread via hijacked GitHub Actions tokens and stole secrets from CI/CD environments, according to Security Affairs reporting.
The company rotated exposed credentials and revoked code-signing certificates for iOS, macOS, Windows, and Android applications. OpenAI stated no customer data or production systems were compromised, but macOS users must update their apps by June 12, 2026, to maintain functionality.
🛰️ Open sources - closed narratives
@sitreports
OpenAI disclosed that two employee devices were compromised through malicious TanStack packages distributed by the TeamPCP hacking group, exposing credentials from internal code repositories. The attackers deployed the Mini Shai-Hulud worm, which spread via hijacked GitHub Actions tokens and stole secrets from CI/CD environments, according to Security Affairs reporting.
The company rotated exposed credentials and revoked code-signing certificates for iOS, macOS, Windows, and Android applications. OpenAI stated no customer data or production systems were compromised, but macOS users must update their apps by June 12, 2026, to maintain functionality.
🛰️ Open sources - closed narratives
@sitreports
🔫 Windows MiniPlasma Zero-Day Grants SYSTEM Access
Researcher Chaotic Eclipse released proof-of-concept exploit code for a Windows privilege escalation zero-day dubbed MiniPlasma, affecting fully patched systems including the latest May 2026 builds. The flaw targets the Cloud Filter driver (cldflt.sys) and appears to be an unpatched remnant of CVE-2020-17103, originally reported by Google Project Zero in 2020. Independent testing confirms the exploit successfully elevates standard user accounts to SYSTEM privileges on Windows 11 Pro.
This marks the latest in a series of zero-day disclosures by the researcher, following BlueHammer, RedSun, YellowKey, and GreenPlasma exploits released since April. Previous exploits from this series have already been observed in active attacks.
🛰️ Open sources - closed narratives
@sitreports
Researcher Chaotic Eclipse released proof-of-concept exploit code for a Windows privilege escalation zero-day dubbed MiniPlasma, affecting fully patched systems including the latest May 2026 builds. The flaw targets the Cloud Filter driver (cldflt.sys) and appears to be an unpatched remnant of CVE-2020-17103, originally reported by Google Project Zero in 2020. Independent testing confirms the exploit successfully elevates standard user accounts to SYSTEM privileges on Windows 11 Pro.
This marks the latest in a series of zero-day disclosures by the researcher, following BlueHammer, RedSun, YellowKey, and GreenPlasma exploits released since April. Previous exploits from this series have already been observed in active attacks.
🛰️ Open sources - closed narratives
@sitreports
🔍 Tycoon2FA Phishing Kit Adds Device-Code Attack Vector
The Tycoon2FA phishing-as-a-service platform has integrated device-code phishing capabilities targeting Microsoft 365 accounts, while exploiting Trustifi click-tracking URLs to evade detection. According to recent analysis, the kit now automates OAuth device authorization flow abuse, bypassing traditional MFA protections.
Device-code phishing represents a significant escalation in social engineering tactics, as it leverages legitimate Microsoft authentication mechanisms to trick users into authorizing malicious devices. Organizations relying solely on MFA for account security face elevated credential theft risk from this technique.
🛰️ Open sources - closed narratives
@sitreports
The Tycoon2FA phishing-as-a-service platform has integrated device-code phishing capabilities targeting Microsoft 365 accounts, while exploiting Trustifi click-tracking URLs to evade detection. According to recent analysis, the kit now automates OAuth device authorization flow abuse, bypassing traditional MFA protections.
Device-code phishing represents a significant escalation in social engineering tactics, as it leverages legitimate Microsoft authentication mechanisms to trick users into authorizing malicious devices. Organizations relying solely on MFA for account security face elevated credential theft risk from this technique.
🛰️ Open sources - closed narratives
@sitreports
⚡ NGINX CVE-2026-42945 Under Active Exploitation
A critical vulnerability in NGINX is being actively exploited in the wild, causing worker process crashes and potentially enabling remote code execution. The flaw, designated CVE-2026-42945, poses significant risk to web servers running vulnerable versions of the widely-deployed software.
The exploitation pattern suggests threat actors are probing for vulnerable instances to achieve service disruption or establish footholds. Organizations running NGINX should prioritize patching immediately, as security researchers have confirmed active targeting of this vector in production environments.
🛰️ Open sources - closed narratives
@sitreports
A critical vulnerability in NGINX is being actively exploited in the wild, causing worker process crashes and potentially enabling remote code execution. The flaw, designated CVE-2026-42945, poses significant risk to web servers running vulnerable versions of the widely-deployed software.
The exploitation pattern suggests threat actors are probing for vulnerable instances to achieve service disruption or establish footholds. Organizations running NGINX should prioritize patching immediately, as security researchers have confirmed active targeting of this vector in production environments.
🛰️ Open sources - closed narratives
@sitreports
🔍 Grafana Discloses GitHub Token Compromise and Extortion Attempt
Grafana Labs confirmed a security incident involving a compromised GitHub token that allowed unauthorized actors to download source code repositories. The breach, disclosed by Grafana, was followed by an extortion attempt. The token provided read access to private repositories but no write permissions or production infrastructure access.
The incident highlights supply chain risks through developer credential exposure. While no code modification or customer data access occurred, downloaded proprietary codebases create potential for future exploitation through vulnerability discovery or IP theft. The extortion component indicates threat actors increasingly monetize repository access beyond direct system compromise.
🛰️ Open sources - closed narratives
@sitreports
Grafana Labs confirmed a security incident involving a compromised GitHub token that allowed unauthorized actors to download source code repositories. The breach, disclosed by Grafana, was followed by an extortion attempt. The token provided read access to private repositories but no write permissions or production infrastructure access.
The incident highlights supply chain risks through developer credential exposure. While no code modification or customer data access occurred, downloaded proprietary codebases create potential for future exploitation through vulnerability discovery or IP theft. The extortion component indicates threat actors increasingly monetize repository access beyond direct system compromise.
🛰️ Open sources - closed narratives
@sitreports
🎭 Samsung Weather App Triggers Diplomatic Incident Over Disputed Islands
Samsung issued an emergency update to its pre-installed weather application after it incorrectly labeled Dokdo—a group of volcanic islets disputed by South Korea, North Korea, and Japan—as North Korean territory. The tech giant blamed The Weather Channel for the mapping error, but according to The Register, the incident sparked outrage among South Korean netizens who viewed it as a national champion surrendering territory to adversaries.
The rapid response underscores how seemingly minor data errors in consumer applications can trigger significant diplomatic sensitivities in regions with active territorial disputes. The incident highlights supply chain risks in third-party geospatial data integration.
🛰️ Open sources - closed narratives
@sitreports
Samsung issued an emergency update to its pre-installed weather application after it incorrectly labeled Dokdo—a group of volcanic islets disputed by South Korea, North Korea, and Japan—as North Korean territory. The tech giant blamed The Weather Channel for the mapping error, but according to The Register, the incident sparked outrage among South Korean netizens who viewed it as a national champion surrendering territory to adversaries.
The rapid response underscores how seemingly minor data errors in consumer applications can trigger significant diplomatic sensitivities in regions with active territorial disputes. The incident highlights supply chain risks in third-party geospatial data integration.
🛰️ Open sources - closed narratives
@sitreports
🤖 Linux Security List Overwhelmed by Duplicate AI Bug Reports
Linus Torvalds declared the Linux kernel security mailing list "almost entirely unmanageable" due to multiple researchers deploying identical AI tools to find vulnerabilities, creating massive report duplication. Maintainers now spend time forwarding duplicates and noting previously patched issues rather than addressing actual security work, according to his weekly kernel update.
Torvalds urged researchers to add value beyond automated detection by creating patches and understanding code context, noting AI-detected bugs are inherently non-secret and treating them on private lists creates counterproductive churn.
🛰️ Open sources - closed narratives
@sitreports
Linus Torvalds declared the Linux kernel security mailing list "almost entirely unmanageable" due to multiple researchers deploying identical AI tools to find vulnerabilities, creating massive report duplication. Maintainers now spend time forwarding duplicates and noting previously patched issues rather than addressing actual security work, according to his weekly kernel update.
Torvalds urged researchers to add value beyond automated detection by creating patches and understanding code context, noting AI-detected bugs are inherently non-secret and treating them on private lists creates counterproductive churn.
🛰️ Open sources - closed narratives
@sitreports
📡 Iran threatens submarine cable disruption in Strait of Hormuz
Iranian military-linked social media accounts have threatened to impose unspecified "fees" on submarine internet cables passing through the Strait of Hormuz. Iran operates torpedo-capable submarines in the strategically shallow waterway, through which multiple subsea cables terminate in Gulf nations. According to reporting, some cables have dual paths with landing points in Oman east of the Strait, providing redundancy.
While kinetic action could reduce bandwidth between the Gulf and global networks, complete disruption remains unlikely given existing redundancies. The threat coincides with a new maritime insurance scheme requiring cryptocurrency payment, as traditional insurers refuse coverage for Strait transit.
🛰️ Open sources - closed narratives
@sitreports
Iranian military-linked social media accounts have threatened to impose unspecified "fees" on submarine internet cables passing through the Strait of Hormuz. Iran operates torpedo-capable submarines in the strategically shallow waterway, through which multiple subsea cables terminate in Gulf nations. According to reporting, some cables have dual paths with landing points in Oman east of the Strait, providing redundancy.
While kinetic action could reduce bandwidth between the Gulf and global networks, complete disruption remains unlikely given existing redundancies. The threat coincides with a new maritime insurance scheme requiring cryptocurrency payment, as traditional insurers refuse coverage for Strait transit.
🛰️ Open sources - closed narratives
@sitreports
🔫 Reaper Infostealer Targets macOS via Script Editor Bypass
A new macOS infostealer named Reaper exploits Apple's Script Editor to steal credentials, cryptocurrency wallets, and business documents while bypassing Terminal-based defenses in macOS Tahoe 26.4. The malware spreads via fake WeChat and Miro installers on typosquatted Microsoft domains, according to SentinelOne research, and uses persistence mechanisms disguised as Google Software Update components.
Reaper adds document theft and wallet injection capabilities, establishing a 60-second beacon for remote code execution and persistent access to enable continued data exfiltration and secondary payload deployment.
🛰️ Open sources - closed narratives
@sitreports
A new macOS infostealer named Reaper exploits Apple's Script Editor to steal credentials, cryptocurrency wallets, and business documents while bypassing Terminal-based defenses in macOS Tahoe 26.4. The malware spreads via fake WeChat and Miro installers on typosquatted Microsoft domains, according to SentinelOne research, and uses persistence mechanisms disguised as Google Software Update components.
Reaper adds document theft and wallet injection capabilities, establishing a 60-second beacon for remote code execution and persistent access to enable continued data exfiltration and secondary payload deployment.
🛰️ Open sources - closed narratives
@sitreports
🔫 INTERPOL Operation Ramz: 201 Arrests, 53 Servers Seized Across MENA Region
INTERPOL's first regional cybercrime operation in the Middle East and North Africa resulted in 201 arrests and identification of 382 additional suspects across 13 countries. Authorities seized 53 servers hosting phishing, malware, and fraud infrastructure affecting at least 3,867 confirmed victims, with nearly 8,000 intelligence packages recovered from seized equipment.
The operation dismantled multiple criminal networks including a Jordan-based investment scam using trafficked Asian workers, a phishing-as-a-service platform in Algeria, and compromised infrastructure across Qatar, Oman, and Morocco.
🛰️ Open sources - closed narratives
@sitreports
INTERPOL's first regional cybercrime operation in the Middle East and North Africa resulted in 201 arrests and identification of 382 additional suspects across 13 countries. Authorities seized 53 servers hosting phishing, malware, and fraud infrastructure affecting at least 3,867 confirmed victims, with nearly 8,000 intelligence packages recovered from seized equipment.
The operation dismantled multiple criminal networks including a Jordan-based investment scam using trafficked Asian workers, a phishing-as-a-service platform in Algeria, and compromised infrastructure across Qatar, Oman, and Morocco.
🛰️ Open sources - closed narratives
@sitreports
🔫 SHub Reaper Targets macOS Users With Fake Apple Security Updates
A new SHub infostealer variant dubbed Reaper exploits macOS Script Editor via applescript:// URL schemes to bypass Terminal protections Apple introduced in March. The malware uses fake WeChat and Miro installers on spoofed domains, displays bogus security update prompts, and steals browser data, crypto wallets, password managers, and Telegram sessions while avoiding Russian-language systems.
Reaper hijacks wallet applications by replacing legitimate core files and establishes persistence through fake Google update scripts executing every 60 seconds. SentinelOne's analysis reveals the malware exfiltrates up to 150MB of targeted files and maintains backdoor access via LaunchAgent registration.
🛰️ Open sources - closed narratives
@sitreports
A new SHub infostealer variant dubbed Reaper exploits macOS Script Editor via applescript:// URL schemes to bypass Terminal protections Apple introduced in March. The malware uses fake WeChat and Miro installers on spoofed domains, displays bogus security update prompts, and steals browser data, crypto wallets, password managers, and Telegram sessions while avoiding Russian-language systems.
Reaper hijacks wallet applications by replacing legitimate core files and establishes persistence through fake Google update scripts executing every 60 seconds. SentinelOne's analysis reveals the malware exfiltrates up to 150MB of targeted files and maintains backdoor access via LaunchAgent registration.
🛰️ Open sources - closed narratives
@sitreports
🤖 SOCOM flags lag in cross-platform autonomous integration
U.S. Special Operations Command's deputy acquisition director stated that development of collaborative autonomy—enabling multiple autonomous systems to operate and share data across domains without platform-specific software—is moving too slowly. Speaking at SOF Week, David Breede cited the need for rapid integration of autonomous behaviors across different platforms, noting current efforts remain hindered by manual, bespoke integrations.
The concern mirrors broader DOD struggles with interoperability. The Army recently launched a hackathon to connect legacy equipment with new systems under common architecture, acknowledging Ukraine's integrated counter-drone networks as a model for shared sensor-weapon communication that U.S. forces lack at scale.
🛰️ Open sources - closed narratives
@sitreports
U.S. Special Operations Command's deputy acquisition director stated that development of collaborative autonomy—enabling multiple autonomous systems to operate and share data across domains without platform-specific software—is moving too slowly. Speaking at SOF Week, David Breede cited the need for rapid integration of autonomous behaviors across different platforms, noting current efforts remain hindered by manual, bespoke integrations.
The concern mirrors broader DOD struggles with interoperability. The Army recently launched a hackathon to connect legacy equipment with new systems under common architecture, acknowledging Ukraine's integrated counter-drone networks as a model for shared sensor-weapon communication that U.S. forces lack at scale.
🛰️ Open sources - closed narratives
@sitreports
📄 Pentagon's FY27 Cyber Budget Falls 92% Short of Internal Requirements
The Pentagon's FY2027 budget allocates under $75 million to U.S. Cyber Command for its CYBERCOM 2.0 force generation plan—just 8% of the $956 million officials requested in March 2025. The initiative, approved in November, aims to create three new organizations for talent management, training, and capability development, with total projected costs of $3.7 billion.
🛰️ Open sources - closed narratives
@sitreports
The Pentagon's FY2027 budget allocates under $75 million to U.S. Cyber Command for its CYBERCOM 2.0 force generation plan—just 8% of the $956 million officials requested in March 2025. The initiative, approved in November, aims to create three new organizations for talent management, training, and capability development, with total projected costs of $3.7 billion.
🛰️ Open sources - closed narratives
@sitreports
📡 FBI Seeks Nationwide License Plate Surveillance Access
The FBI is pursuing procurement of nationwide automated license plate reader (ALPR) access, which would enable warrantless tracking of vehicle movements across the United States, according to procurement records reviewed by 404 Media. Only two vendors—Flock and Motorola—are positioned to fulfill the requirement.
The procurement signals federal expansion of ALPR capabilities beyond local police deployments, coming amid growing civil liberties concerns and public resistance to mass vehicle surveillance systems in multiple jurisdictions nationwide.
🛰️ Open sources - closed narratives
@sitreports
The FBI is pursuing procurement of nationwide automated license plate reader (ALPR) access, which would enable warrantless tracking of vehicle movements across the United States, according to procurement records reviewed by 404 Media. Only two vendors—Flock and Motorola—are positioned to fulfill the requirement.
The procurement signals federal expansion of ALPR capabilities beyond local police deployments, coming amid growing civil liberties concerns and public resistance to mass vehicle surveillance systems in multiple jurisdictions nationwide.
🛰️ Open sources - closed narratives
@sitreports
🔫 TanStack Considers Invitation-Only PRs After Supply Chain Breach
The TanStack team is weighing drastic measures including invitation-only pull requests following a supply chain attack that exploited GitHub Actions misconfiguration. The Shai-Hulud worm extracted secrets from memory during automated workflows triggered by pull_request_target, poisoning a shared cache across the repository. TanStack has removed all use of pull_request_target, disabled caches, and pinned actions to commit SHA hashes.
The proposal to close external contributions represents a potential break from open-source norms, highlighting tensions between supply chain security and contribution models.
🛰️ Open sources - closed narratives
@sitreports
The TanStack team is weighing drastic measures including invitation-only pull requests following a supply chain attack that exploited GitHub Actions misconfiguration. The Shai-Hulud worm extracted secrets from memory during automated workflows triggered by pull_request_target, poisoning a shared cache across the repository. TanStack has removed all use of pull_request_target, disabled caches, and pinned actions to commit SHA hashes.
The proposal to close external contributions represents a potential break from open-source norms, highlighting tensions between supply chain security and contribution models.
🛰️ Open sources - closed narratives
@sitreports
⚡ 18-Year-Old NGINX Flaw Under Active Exploitation Days After Disclosure
CVE-2026-42945, dubbed "NGINX Rift," is already being exploited in the wild just days after researchers disclosed the vulnerability. The heap buffer overflow flaw affects both NGINX Open Source and NGINX Plus, dormant since 2008 in the rewrite module. VulnCheck observed exploitation attempts on canary systems shortly after the CVE publication, with a public PoC appearing the same day patches dropped.
While rated CVSS 9.2, practical RCE requires specific server configurations and disabled ASLR—unlikely on modern Linux systems. Censys scans identified roughly 5.7 million internet-exposed NGINX servers running potentially vulnerable versions, creating significant patching burden despite limited real-world exploitation risk.
🛰️ Open sources - closed narratives
@sitreports
CVE-2026-42945, dubbed "NGINX Rift," is already being exploited in the wild just days after researchers disclosed the vulnerability. The heap buffer overflow flaw affects both NGINX Open Source and NGINX Plus, dormant since 2008 in the rewrite module. VulnCheck observed exploitation attempts on canary systems shortly after the CVE publication, with a public PoC appearing the same day patches dropped.
While rated CVSS 9.2, practical RCE requires specific server configurations and disabled ASLR—unlikely on modern Linux systems. Censys scans identified roughly 5.7 million internet-exposed NGINX servers running potentially vulnerable versions, creating significant patching burden despite limited real-world exploitation risk.
🛰️ Open sources - closed narratives
@sitreports
🔫 UK F-35s to carry US glide bombs amid software delays
The UK Ministry of Defence has approved procurement of the US-made GBU-53/B StormBreaker glide bomb as an interim stand-off weapon for its F-35 fleet. The move follows continued delays to Lockheed Martin's Block 4 software update, now expected in 2031—five years behind schedule—which is required to integrate the domestically-developed SPEAR 3 mini-cruise missile. The Register reports the SPEAR 3 passed test firings in 2024 but remains unusable on F-35s.
The decision highlights critical capability gaps in the UK's stealth fighter program. During Operation Highmast, HMS Prince of Wales deployed with 24 F-35s but lacked adequate spare parts, forcing the MoD to cannibalize land-based stocks.
🛰️ Open sources - closed narratives
@sitreports
The UK Ministry of Defence has approved procurement of the US-made GBU-53/B StormBreaker glide bomb as an interim stand-off weapon for its F-35 fleet. The move follows continued delays to Lockheed Martin's Block 4 software update, now expected in 2031—five years behind schedule—which is required to integrate the domestically-developed SPEAR 3 mini-cruise missile. The Register reports the SPEAR 3 passed test firings in 2024 but remains unusable on F-35s.
The decision highlights critical capability gaps in the UK's stealth fighter program. During Operation Highmast, HMS Prince of Wales deployed with 24 F-35s but lacked adequate spare parts, forcing the MoD to cannibalize land-based stocks.
🛰️ Open sources - closed narratives
@sitreports
🔍 GitHub Investigating TeamPCP Breach Claim Targeting Internal Repositories
GitHub is investigating claims by threat actor TeamPCP of unauthorized access to approximately 4,000 internal repositories. The alleged breach surfaced on May 20, 2026, with the actor claiming to have accessed proprietary code and internal project data, according to reporting from cybersecurity sources.
If verified, the incident would represent significant supply chain exposure, potentially affecting downstream users of GitHub-hosted code and enterprise dependencies. The scope and authentication vector remain under investigation, with no official breach confirmation from GitHub at this time.
🛰️ Open sources - closed narratives
@sitreports
GitHub is investigating claims by threat actor TeamPCP of unauthorized access to approximately 4,000 internal repositories. The alleged breach surfaced on May 20, 2026, with the actor claiming to have accessed proprietary code and internal project data, according to reporting from cybersecurity sources.
If verified, the incident would represent significant supply chain exposure, potentially affecting downstream users of GitHub-hosted code and enterprise dependencies. The scope and authentication vector remain under investigation, with no official breach confirmation from GitHub at this time.
🛰️ Open sources - closed narratives
@sitreports
🔫 ChromaDB Zero-Day Enables Pre-Auth RCE on AI Vector Databases
CVE-2026-45829, a maximum-severity flaw in ChromaDB's Python FastAPI server, allows unauthenticated attackers to execute arbitrary code by exploiting misplaced authentication checks. Attackers can inject malicious Hugging Face models that execute before credentials are validated. Affecting versions 1.0.0 through 1.5.8 of the open-source vector database with 14 million monthly PyPI downloads, the flaw remains unpatched despite February disclosure.
Shodan data shows 73% of internet-exposed instances run vulnerable versions. Maintainers have not responded to HiddenLayer researchers. Mitigation requires switching to Rust frontends, restricting HTTP exposure, or implementing network-level API port controls.
🛰️ Open sources - closed narratives
@sitreports
CVE-2026-45829, a maximum-severity flaw in ChromaDB's Python FastAPI server, allows unauthenticated attackers to execute arbitrary code by exploiting misplaced authentication checks. Attackers can inject malicious Hugging Face models that execute before credentials are validated. Affecting versions 1.0.0 through 1.5.8 of the open-source vector database with 14 million monthly PyPI downloads, the flaw remains unpatched despite February disclosure.
Shodan data shows 73% of internet-exposed instances run vulnerable versions. Maintainers have not responded to HiddenLayer researchers. Mitigation requires switching to Rust frontends, restricting HTTP exposure, or implementing network-level API port controls.
🛰️ Open sources - closed narratives
@sitreports