All news with #remote code execution tag

🛡️ GitHub patched a critical remote code execution bug, CVE-2026-3854, reported by Wiz on March 4, 2026, that could have allowed attackers to access millions of private repositories. The company reproduced the issue within 40 minutes and deployed a fix to GitHub.com in under two hours. The flaw affected GitHub.com and multiple Enterprise offerings and could be triggered by a single crafted git push that injects unsafe metadata fields. GitHub’s forensic review found no evidence of exploitation prior to the researcher disclosure, and patches for GitHub Enterprise Server releases are available now; administrators are urged to upgrade immediately.

🔓 GitHub patched a critical remote code execution flaw (CVE-2026-3854) that allowed authenticated users to inject commands via crafted git push operations. Discovered by Wiz, the issue abused an internal X-STAT component in GitHub’s server-side processing and earned one of the highest bug-bounty payouts. Cloud services were patched quickly and fixes for GitHub Enterprise Server versions 3.14.25 through 3.20.0 were released, but Wiz reported that 88% of Enterprise Server instances remained exposed at disclosure. Enterprise customers are urged to apply vendor patches immediately.

🔒 GitHub patched a critical command-injection vulnerability, CVE-2026-3854, that allowed an authenticated user with push access to achieve remote code execution via a single git push. Researchers at Wiz disclosed the issue on March 4, 2026, and GitHub deployed a fix to GitHub.com within two hours while releasing updates for GitHub Enterprise Server. The flaw resulted from insufficient sanitization of git push options incorporated into the internal X-Stat header, enabling injection of metadata fields to override execution controls. Administrators should apply the provided GHES updates immediately.

⚠️ Security researchers disclosed a high-severity vulnerability in the Cursor AI-powered IDE that can lead to arbitrary code execution when its agent interacts with a malicious repository. Novee Security's analysis shows an attacker can embed a bare Git repository with a crafted hook and trigger it when the IDE autonomously runs Git operations. Cursor patched the flaw in version 2.5; there are no reports of active exploitation.

⚠️ A critical vulnerability, CVE-2026-25874, was disclosed in Hugging Face's open-source robotics framework LeRobot, enabling unauthenticated remote code execution via unsafe deserialization with pickle.loads(). The flaw affects the async inference PolicyServer handling gRPC calls (SendPolicyInstructions, SendObservations, GetActions) over unauthenticated channels and has been validated against LeRobot 0.4.3. A patch is planned for version 0.6.0; operators should treat exposed instances as high-risk and apply mitigations such as enabling TLS, restricting network access, and eliminating pickle-based deserialization.

🔒 A pro‑Ukrainian hacktivist group known as PhantomCore exploited a chain of vulnerabilities in TrueConf Server, using three flaws to achieve remote command execution and bypass authentication beginning in September 2025. Positive Technologies reported that although TrueConf released patches on August 27, 2025, the actors reproduced and weaponized the chain in the wild. Compromised servers were used as springboards for lateral movement, deploying PHP web shells, reverse shells and tunneled proxies, and for harvesting credentials with both bespoke and commodity tools.

⚠️ Researchers warn that a critical vulnerability (CVE-2026-3844) in the Breeze Cache WordPress plugin allows unauthenticated attackers to upload arbitrary files via the fetch_gravatar_from_remote function. Exploitation can lead to remote code execution and complete site takeover, but successful attacks require the optional 'Host Files Locally - Gravatars' add-on to be enabled. Cloudways released a patch in version 2.4.5; administrators should update immediately or disable the add-on until patched.

🔒 CISA warns of five vulnerabilities in Milesight camera firmware that can cause device crashes or permit remote code execution. The flaws affect numerous MS-, PM-, TS-, SC-, and SP-series models and include a CRITICAL use-of-default SSL private key (CVE-2026-32644) plus several HIGH-severity issues such as hard-coded credentials and a heap-based buffer overflow. Milesight has released firmware updates; operators should apply the latest PE/PC/PA builds and follow recommended network isolation and secure remote-access practices.

⚠️ CISA has added one vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2026-39987, a Marimo Remote Code Execution flaw the agency identified as actively exploited. The advisory notes that Remote Code Execution is a common, high-risk attack vector capable of enabling full system compromise. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV-listed issues by required deadlines, and CISA strongly urges all organizations to prioritize timely remediation as part of routine vulnerability management.

⚠️ A critical vulnerability in the Python-based sandbox Terrarium (CVE-2026-5752) allows attackers to execute arbitrary code with root privileges by traversing JavaScript prototype chains in the Pyodide WebAssembly environment. Disclosed by CERT/CC and credited to researcher Jeremy Brown, the flaw permits sandbox escapes from Docker-deployed containers and can expose sensitive files or services. Because the project is no longer actively maintained, immediate mitigations are recommended, such as disabling untrusted code submissions and isolating containers.

🔒 Two weeks after the April 7 disclosure of a remote code injection flaw (CVE-2026-34197) in Apache ActiveMQ, ShadowServer reports nearly 6,500 internet-facing instances remain unpatched. The vulnerability affects versions before 5.19.4 and 6.2.3 and can let an authenticated attacker load remote Spring XML to achieve code execution. CISA added the bug to its KEV list and organizations are urged to upgrade immediately.

⚠️ Google’s Antigravity IDE contained a prompt-injection flaw that could convert a file-search operation into remote code execution. Researchers at Pillar Security showed the agent’s find_my_name tool passed unsanitized Pattern strings to the underlying fd utility, allowing flag injection and execution of binaries. Google acknowledged and fixed the issue and awarded a VRP bounty, but the flaw underscores limits of shell-focused sanitization.

🚨 CISA warns that the Hardy Barth Salia EV Charge Controller running firmware up to 2.3.81 contains two file‑upload vulnerabilities that can crash devices and may enable remote code execution. The issues are tracked as CVE-2025-5873 (CVSS 6.3) and CVE-2025-10371 (CVSS 7.3) and have public proof‑of‑concepts. Hardy Barth did not respond to coordination requests; operators should minimize network exposure and contact the vendor or eCharge for remediation guidance.

⚠️ Silex Technology released updates addressing multiple serious vulnerabilities in SD-330AC and AMC Manager that could permit remote code execution, denial-of-service, or unauthenticated configuration changes. Affected versions include SD-330AC ≤ 1.42 and AMC Manager ≤ 5.0.2; vendor fixes are SD-330AC firmware 1.50+ and AMC Manager 5.1.0+. CISA notes CVSS scores up to 9.8 and recommends applying vendor updates and interim mitigations such as disabling HTTP/HTTPS for impacted functions, setting web-interface passwords, and disabling SNMP.

⚠️ Siemens reports a vulnerability in RUGGEDCOM CROSSBOW Station Access Controller (SAC) that can lead to memory corruption, denial of service, or possible arbitrary code execution. The issue is tied to a numeric truncation error in older SQLite releases (prior to 3.50.2) and is tracked as CVE-2025-6965. Siemens recommends updating SAC to V5.8 or later and ensuring SQLite is at least version 3.50.2 to mitigate the risk.

🔐 Shadowserver reported that over 6,400 publicly exposed Apache ActiveMQ servers are vulnerable to an actively exploited code injection bug tracked as CVE-2026-34197. The flaw, discovered by Horizon3 researcher Naveen Sunkavally with the help of the Claude AI assistant after 13 years, permits authenticated actors to execute arbitrary code. Apache issued patches on March 30 in ActiveMQ Classic 6.2.3 and 5.19.4, and CISA has warned of in-the-wild exploitation and ordered federal agencies to secure affected systems.

🛡️ Google has patched a critical prompt-injection vulnerability in its agentic IDE Antigravity that could allow attackers to achieve arbitrary code execution. Researchers at Pillar Security found that the find_by_name tool passed unsanitized input to the native fd search utility, enabling injection of the -X (exec-batch) flag to run staged scripts. Because this call executes before Strict Mode constraints are applied, an attacker can stage a malicious file and trigger it via a crafted search pattern. The issue was disclosed January 7 and fixed by Google on February 28.

🔐 Talos demonstrates how adversaries can repurpose legitimate macOS features to achieve remote execution and lateral movement across enterprise fleets. By weaponizing Remote Application Scripting (RAE) and abusing Spotlight Finder comments as a staging area, attackers can bypass static file analysis and traditional SSH-focused telemetry. The research validates multiple native transfer channels—including SMB, netcat, Git, TFTP, and SNMP—and urges defenders to emphasize process lineage, IPC anomalies, and strict MDM controls.

⚠️ A critical vulnerability (CVE-2026-5760) in SGLang allows remote code execution via specially crafted GGUF model files. The flaw targets the /v1/rerank endpoint, where a malicious tokenizer.chat_template containing a Jinja2 SSTI payload is rendered using an unsandboxed jinja2.Environment(), enabling arbitrary Python execution. Researcher Stuart Beck reported the issue to CERT/CC, which recommends replacing jinja2.Environment() with ImmutableSandboxedEnvironment to mitigate the risk. No patch was obtained during coordination.

⚠️ OX Security disclosed a systemic "by design" vulnerability in Anthropic's Model Context Protocol (MCP) SDK that permits remote command execution across reference implementations (Python, TypeScript, Java, Rust). Unsafe defaults in MCP's STDIO configuration produced 10 vulnerabilities affecting projects such as LiteLLM, LangChain, and Flowise, impacting over 7,000 public servers and 150 million downloads. Several downstream vendors have issued patches, but Anthropic has declined to change the protocol reference implementation, leaving an ongoing AI supply-chain risk.