< ciso
brief />
Tag Banner

All news with #remote code execution tag

691 articles · page 2 of 35

Web-enabled AI agents can enable host-level RCE

🔒 Microsoft demonstrated a new remote code execution path called “AutoJack,” showing how web-enabled AI agents can be hijacked to reach local Model Context Protocol (MCP) services and execute arbitrary processes. The researchers exploited three weaknesses in AutoGen Studio’s MCP WebSocket implementation—origin allowlist inheritance, missing authentication for MCP paths, and unsanitized URL-supplied server parameters that spawn processes. Microsoft reported and mitigated the issue in development builds and warned this pattern could affect other agentic frameworks.
read more →

Oracle issues 245 high-priority security fixes

🔒 Oracle released a Critical Security Patch update containing 245 fixes for supported on-premises products, including Enterprise Manager, JD Edwards, Fusion Middleware, MySQL and PeopleSoft. The update provides targeted, high-priority fixes outside the quarterly cadence to reduce disruption and speed remediation. Several patches address remote, unauthenticated exploits—most notably in WebLogic Server, Oracle Coherence and PeopleSoft—some of which are already actively exploited or present immediate risk. Vendors and analysts warn that the scale and placement of these flaws, especially in Fusion Middleware components nearing end of support, create significant control-plane and pivot risks.
read more →

F5 issues patches for two critical NGINX flaws

🛡️ F5 released updates to fix two critical vulnerabilities in NGINX Open Source that can allow remote code execution. CVE-2026-42530 is a use-after-free in the HTTP/3 QUIC module and CVE-2026-42055 is a heap-based buffer overflow affecting proxy and gRPC modules when specific directives are set. Patches are available across NGINX Open Source, NGINX Plus, Gateway Fabric, Instance Manager, WAF, DoS modules and Ingress Controller versions. Mitigations include disabling HTTP/3 for CVE-2026-42530 and adjusting ignore_invalid_headers or large_client_header_buffers settings for CVE-2026-42055.
read more →

AzeoTech DAQFactory Type Confusion Advisory

🔒 AzeoTech DAQFactory versions 21.1 and earlier contain a Type Confusion vulnerability that can be triggered by specially crafted .ctl files, potentially enabling arbitrary code execution. Users are advised to avoid opening documents from untrusted sources, store .ctl files in admin-only writable folders, operate in Safe Mode, and apply document editing passwords. CISA notes no known public exploitation and emphasizes network exposure minimization for control systems.
read more →

AVer PTC Camera Remote Code Execution Advisory

🔒 AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras contain an input validation flaw that could permit unauthenticated remote arbitrary code execution via a crafted web request. Affected devices are rated CVSS v3 9.8 and relate to CWE-552 Files or Directories Accessible to External Parties. AVer has released firmware to address the issue and CISA advises minimizing network exposure, placing devices behind firewalls, and using secure remote access methods such as updated VPNs.
read more →

F5 issues out‑of‑band patches for critical NGINX flaws

🔒 F5 released out-of-band updates to fix multiple NGINX vulnerabilities, including two critical flaws in the ngx_http_v3_module and ngx_http_proxy_v2/_grpc modules that can lead to DoS or code execution. The bugs cause use‑after‑free or heap buffer overflow in worker processes and affect NGINX Plus, Open Source, Gateway Fabric, and Instance Manager. Mitigations include disabling HTTP/3 and adjusting header buffer directives until patches are applied.
read more →

Google Vertex AI SDK bucket squatting enables RCE

🔒 A design flaw in the Vertex AI SDK for Python allowed attackers to hijack model staging buckets across projects by predicting bucket names derived from project ID and region. Unit 42 researchers called this class of issue Bucket Squatting, where global bucket name uniqueness enabled pre-creation and silent takeover. The flaw could lead to cross-tenant model poisoning and remote code execution via pickle deserialization. Google issued fixes in SDK versions 1.144.0 and 1.148.0 and users should upgrade.
read more →

CISA directs urgent patch for JCE Joomla flaw

🛡️ The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity vulnerability in the Widget Factory Joomla Content Editor (JCE) plugin, tracked as CVE-2026-48907, which is being actively exploited in the wild. The flaw allows unauthenticated attackers to upload and execute PHP code via new editor profiles in affected Joomla deployments. JCE released version 2.9.99.6 in early June and urged immediate updates, noting that updates do not remove existing compromises and outlining remediation steps for infected sites.
read more →

RSLinx Classic vulnerability advisory and mitigations

🔒 This advisory describes a stack-based buffer overflow and an out-of-bounds read in Rockwell Automation RSLinx Classic Third-Party components that can cause denial of service or enable remote code execution. Rockwell recommends upgrading to version 4.60.00 or later or applying patch BF31213 where upgrades are not possible. CISA urges minimizing network exposure, isolating control systems behind firewalls, and using secure remote access methods such as updated VPNs while performing impact analysis and risk assessments.
read more →

Attackers Exploit Multiple Fortinet FortiSandbox Bugs

🔍 Threat intelligence firm Defused Cyber reports active exploitation of three high-severity Fortinet FortiSandbox vulnerabilities observed within 24 hours. The flaws — CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089 — are high-severity (CVSS 9.1) issues involving path traversal and OS command injection that can enable unauthenticated attackers to bypass authentication or execute commands. Fortinet issued patches for the first two in April 2026 and fixed the third last week; defenders are cautioned to apply updates promptly.
read more →

Vertex AI SDK bucket-squatting enables RCE

🛡️ We discovered a vulnerability in the Google Cloud Vertex AI Python SDK that allowed an attacker to hijack a model upload and poison it, enabling remote code execution (RCE) in a victim's serving infrastructure. The issue stems from a predictable default staging bucket name and a missing ownership check in the SDK. By creating the same deterministic bucket in their own project and granting broad permissions, an attacker could replace uploaded model artifacts within a short window before Vertex AI reads them. Google fixed the issue in google-cloud-aiplatform v1.148.0 released April 15, 2026; developers should upgrade to the patched SDK.
read more →

Critical FortiSandbox Vulnerabilities Actively Exploited

🛡️ Fortinet's FortiSandbox platform is being actively targeted by attackers exploiting multiple recently patched critical vulnerabilities. The flaws (CVE-2026-39813, CVE-2026-39808, CVE-2026-25089) enable unauthenticated privilege escalation and remote code execution through low-complexity command injection, requiring no user interaction. Administrators are urged to upgrade affected systems to the latest releases to block ongoing attacks and reduce exposure.
read more →

LiteLLM vulnerability chain allows full server takeover

🛡️ Researchers at Obsidian Security disclosed a three-bug chain in the open-source LiteLLM proxy that lets a default low-privilege account escalate to full proxy admin and achieve remote code execution. The combined issue, rated CVSS 9.9, exposes provider keys, decryption secrets, prompts, and responses. Maintainer BerriAI published fixes in LiteLLM v1.83.14-stable (May 2); users should upgrade and audit admin roles, guardrails, callbacks, and keys.
read more →

Langflow path traversal allows remote code execution

🚨 Enterprises using the open-source AI orchestration platform Langflow are urged to apply a patch for a high-severity path traversal flaw that enables arbitrary file writes and, in some environments, remote code execution. The vulnerability stems from improper handling of uploaded filenames at the /api/v2/files endpoint and was fixed in version 1.9.0, though exploitation has been observed in the wild. Public proof-of-concept code and exposed instances increase risk for unpatched deployments.
read more →

Compromised JavaScript in Popular WordPress Plugins

🛡️ An attacker served tampered JavaScript used by PushEngage, OptinMonster, and TrustPulse, executing only when a logged-in WordPress administrator loaded the files. The malicious code created an attacker-controlled admin account, installed a hidden plugin backdoor providing remote code execution, and exfiltrated credentials to a fake tidio[.]cc domain. Sansec disclosed the campaign on June 13; PushEngage confirmed exposures that lasted longer than the brief windows seen for the other plugins. Site owners should treat any site that loaded the affected scripts during the window as compromised and perform server-side scans and credential rotations immediately.
read more →

Critical Splunk Enterprise Postgres Sidecar Flaw Fixed

🛡️ Splunk released security updates to remediate a critical unauthenticated file operation and remote code execution vulnerability (CVE-2026-20253, CVSS 9.8) affecting certain Splunk Enterprise versions. The flaw stemmed from an unauthenticated PostgreSQL sidecar service endpoint that allowed creation or truncation of arbitrary files. Splunk fixed the issue in 10.0.7 and 10.2.4; Splunk Cloud is not affected because it does not use Postgres sidecars. Users are urged to apply the updates promptly to mitigate exploitation risk.
read more →

Critical LangGraph flaw chain risks remote code execution

🔒 Researchers disclosed three patched vulnerabilities in LangGraph, including a critical SQL injection and unsafe deserialization chain that could enable remote code execution in self-hosted deployments. LangGraph is an open-source framework from LangChain for building stateful, multi-agent AI applications. Check Point and researcher Yarden Porat reported the issues, which affect SQLite and Redis checkpointers but not LangChain's managed LangSmith service.
read more →

ShinyHunters exploited Oracle PeopleSoft zero‑day

🔒 The ShinyHunters extortion group exploited an unpatched Oracle PeopleSoft remote code execution zero‑day (CVE-2026-35273) to compromise enterprise servers, steal data, and extort victims. Mandiant links the activity to UNC6240 and observed attacks from May 27 to June 9, before Oracle published its advisory on June 10. The flaw requires no authentication and exposes PeopleTools 8.61 and 8.62 installations with externally reachable Environment Management Hub endpoints. Universities were heavily targeted; mitigations focus on disabling or blocking PSEMHUB and hunting for post‑exploit indicators.
read more →

Oracle mitigates PeopleSoft zero-day used in data theft

🔔 Oracle warns of a critical PeopleSoft Suite zero-day, CVE-2026-35273, enabling unauthenticated remote code execution and carrying a CVSS 9.8 score. The flaw impacts PeopleSoft PeopleTools versions 8.61 and 8.62; Oracle released emergency mitigations and plans a patch. Threat actor ShinyHunters is linked to active exploitation and large-scale data theft across hundreds of instances. Administrators are urged to review logs and block identified IPs to assess compromise.
read more →

Critical LangGraph Vulnerabilities Put AI Agents at Risk

🔒 Check Point Research discovered a critical vulnerability chain in LangGraph, an open-source AI agent framework with ~46.5M monthly downloads, that can lead to full remote code execution. The issue centers on the checkpointer persistence layer where an SQL injection in get_state_history() can be chained with a msgpack deserialization flaw to execute attacker-controlled code. Three CVEs were assigned and patched; affected teams should upgrade and place authentication and network controls in front of self-hosted deployments.
read more →