< ciso
brief />
Tag Banner

All news with #remote code execution tag

691 articles · page 8 of 35

CISA Adds Marimo RCE to Known Exploited Vulnerabilities

⚠️ CISA has added one vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2026-39987, a Marimo Remote Code Execution flaw the agency identified as actively exploited. The advisory notes that Remote Code Execution is a common, high-risk attack vector capable of enabling full system compromise. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV-listed issues by required deadlines, and CISA strongly urges all organizations to prioritize timely remediation as part of routine vulnerability management.
read more →

Critical Terrarium Sandbox Flaw Enables Root Code Execution

⚠️ A critical vulnerability in the Python-based sandbox Terrarium (CVE-2026-5752) allows attackers to execute arbitrary code with root privileges by traversing JavaScript prototype chains in the Pyodide WebAssembly environment. Disclosed by CERT/CC and credited to researcher Jeremy Brown, the flaw permits sandbox escapes from Docker-deployed containers and can expose sensitive files or services. Because the project is no longer actively maintained, immediate mitigations are recommended, such as disabling untrusted code submissions and isolating containers.
read more →

Thousands of ActiveMQ Instances Unpatched After AI-Found Flaw

🔒 Two weeks after the April 7 disclosure of a remote code injection flaw (CVE-2026-34197) in Apache ActiveMQ, ShadowServer reports nearly 6,500 internet-facing instances remain unpatched. The vulnerability affects versions before 5.19.4 and 6.2.3 and can let an authenticated attacker load remote Spring XML to achieve code execution. CISA added the bug to its KEV list and organizations are urged to upgrade immediately.
read more →

Prompt Injection in Google's Antigravity Allows RCE

⚠️ Google’s Antigravity IDE contained a prompt-injection flaw that could convert a file-search operation into remote code execution. Researchers at Pillar Security showed the agent’s find_my_name tool passed unsanitized Pattern strings to the underlying fd utility, allowing flag injection and execution of binaries. Google acknowledged and fixed the issue and awarded a VRP bounty, but the flaw underscores limits of shell-focused sanitization.
read more →

Hardy Barth Salia EV Charge Controller Vulnerabilities

🚨 CISA warns that the Hardy Barth Salia EV Charge Controller running firmware up to 2.3.81 contains two file‑upload vulnerabilities that can crash devices and may enable remote code execution. The issues are tracked as CVE-2025-5873 (CVSS 6.3) and CVE-2025-10371 (CVSS 7.3) and have public proof‑of‑concepts. Hardy Barth did not respond to coordination requests; operators should minimize network exposure and contact the vendor or eCharge for remediation guidance.
read more →

Silex SD-330AC and AMC Manager: Multiple Critical Flaws

⚠️ Silex Technology released updates addressing multiple serious vulnerabilities in SD-330AC and AMC Manager that could permit remote code execution, denial-of-service, or unauthenticated configuration changes. Affected versions include SD-330AC ≤ 1.42 and AMC Manager ≤ 5.0.2; vendor fixes are SD-330AC firmware 1.50+ and AMC Manager 5.1.0+. CISA notes CVSS scores up to 9.8 and recommends applying vendor updates and interim mitigations such as disabling HTTP/HTTPS for impacted functions, setting web-interface passwords, and disabling SNMP.
read more →

Siemens RUGGEDCOM CROSSBOW SAC: SQLite Vulnerability

⚠️ Siemens reports a vulnerability in RUGGEDCOM CROSSBOW Station Access Controller (SAC) that can lead to memory corruption, denial of service, or possible arbitrary code execution. The issue is tied to a numeric truncation error in older SQLite releases (prior to 3.50.2) and is tracked as CVE-2025-6965. Siemens recommends updating SAC to V5.8 or later and ensuring SQLite is at least version 3.50.2 to mitigate the risk.
read more →

Actively Exploited Apache ActiveMQ Flaw Impacts 6,400 Servers

🔐 Shadowserver reported that over 6,400 publicly exposed Apache ActiveMQ servers are vulnerable to an actively exploited code injection bug tracked as CVE-2026-34197. The flaw, discovered by Horizon3 researcher Naveen Sunkavally with the help of the Claude AI assistant after 13 years, permits authenticated actors to execute arbitrary code. Apache issued patches on March 30 in ActiveMQ Classic 6.2.3 and 5.19.4, and CISA has warned of in-the-wild exploitation and ordered federal agencies to secure affected systems.
read more →

Google Patches Antigravity IDE Prompt Injection Flaw

🛡️ Google has patched a critical prompt-injection vulnerability in its agentic IDE Antigravity that could allow attackers to achieve arbitrary code execution. Researchers at Pillar Security found that the find_by_name tool passed unsanitized input to the native fd search utility, enabling injection of the -X (exec-batch) flag to run staged scripts. Because this call executes before Strict Mode constraints are applied, an attacker can stage a malicious file and trigger it via a crafted search pattern. The issue was disclosed January 7 and fixed by Google on February 28.
read more →

Weaponizing macOS Primitives for Movement and Execution

🔐 Talos demonstrates how adversaries can repurpose legitimate macOS features to achieve remote execution and lateral movement across enterprise fleets. By weaponizing Remote Application Scripting (RAE) and abusing Spotlight Finder comments as a staging area, attackers can bypass static file analysis and traditional SSH-focused telemetry. The research validates multiple native transfer channels—including SMB, netcat, Git, TFTP, and SNMP—and urges defenders to emphasize process lineage, IPC anomalies, and strict MDM controls.
read more →

Critical SGLang RCE via Malicious GGUF Model (CVE-2026-5760)

⚠️ A critical vulnerability (CVE-2026-5760) in SGLang allows remote code execution via specially crafted GGUF model files. The flaw targets the /v1/rerank endpoint, where a malicious tokenizer.chat_template containing a Jinja2 SSTI payload is rendered using an unsandboxed jinja2.Environment(), enabling arbitrary Python execution. Researcher Stuart Beck reported the issue to CERT/CC, which recommends replacing jinja2.Environment() with ImmutableSandboxedEnvironment to mitigate the risk. No patch was obtained during coordination.
read more →

Anthropic MCP Design Flaw Enables Remote Code Execution

⚠️ OX Security disclosed a systemic "by design" vulnerability in Anthropic's Model Context Protocol (MCP) SDK that permits remote command execution across reference implementations (Python, TypeScript, Java, Rust). Unsafe defaults in MCP's STDIO configuration produced 10 vulnerabilities affecting projects such as LiteLLM, LangChain, and Flowise, impacting over 7,000 public servers and 150 million downloads. Several downstream vendors have issued patches, but Anthropic has declined to change the protocol reference implementation, leaving an ongoing AI supply-chain risk.
read more →

Critical RCE in protobuf.js due to unsafe code gen

⚠️ A critical remote code execution vulnerability has been disclosed in protobuf.js, the widely used JavaScript implementation of Google's Protocol Buffers, caused by unsafe dynamic code generation that concatenates schema-derived identifiers into functions. An attacker who can supply or influence schemas can inject arbitrary JavaScript into a generated Function() call, which executes when the crafted schema is processed. Maintainers and Endor Labs urge immediate upgrades to patched releases and recommend treating schema-loading as untrusted while auditing transitive dependencies.
read more →

CISA Adds Apache ActiveMQ RCE CVE-2026-34197 to KEV

⚠️ CISA has added CVE-2026-34197 to its Known Exploited Vulnerabilities catalog after active exploitation reports targeting Apache ActiveMQ Classic. The flaw is an improper input validation issue that can enable code injection via the Jolokia management API, potentially allowing arbitrary OS command execution. While the bug typically requires credentials, default credentials and a prior authentication bypass in some versions can render it effectively unauthenticated. Users should upgrade to ActiveMQ 5.19.4 or 6.2.3 to remediate the issue.
read more →

Cisco issues critical Webex and ISE vulnerability fixes

⚠️ Administrators using Cisco Webex Services with SSO integrated via Control Hub must upload a new identity provider (IdP) SAML certificate to remediate a critical impersonation vulnerability (CVE-2026-20184). Cisco has patched the cloud-side service, but affected customers must perform the configuration change in Control Hub; there are no workarounds. Cisco also released critical fixes for ISE and ISE-PIC addressing remote code execution and path traversal flaws that require patching and credential hygiene.
read more →

MCP STDIO Design Choice Enables Widespread RCE Risk

⚠️ Researchers at OX Security warn that a design decision in Anthropic’s reference Model Context Protocol (MCP) STDIO implementation may permit remote code execution (RCE) when client applications start local MCP servers without proper command filtering. The flaw stems from SDKs accepting arbitrary STDIO commands as subprocess arguments, which many adapters and tools inherit. Anthropic and other framework maintainers say this behavior is by design and that application developers must sanitize inputs, but OX found few effective defenses and demonstrated RCE across numerous projects and services.
read more →

Hackers Use Marimo Flaw to Deploy NKAbuse via Hugging Face

⚠️Researchers observed attackers exploiting a critical Marimo remote code execution flaw (CVE-2026-39987) to deploy a new NKAbuse variant hosted on Hugging Face Spaces. Attack activity began within hours of public disclosure, with a Space named "vsccode-modetx" serving a dropper script and a malicious binary labeled kagent. The dropper retrieves and runs the payload via curl, then installs persistence via systemd, cron, or macOS LaunchAgent, while Spaces' legitimate HTTPS hosting helps evade detection. Operators are urged to upgrade to version 0.23.0 or block the '/terminal/ws' endpoint if upgrades are not possible.
read more →

Critical Vulnerabilities in Anviz CX Series & CrossChex

⚠️ CISA published an advisory describing multiple critical vulnerabilities in Anviz products, including CX2 Lite, CX7, and CrossChex Standard. Issues range from unauthenticated firmware uploads and command injection to credential exposure and cleartext administrative sessions, any of which can lead to remote code execution and full device compromise. The advisory lists numerous CVEs with example CVSS up to 9.8 and notes no vendor response; organizations are urged to isolate affected devices and apply defensive mitigations immediately.
read more →

Cisco Patches Critical Webex and Identity Services Flaws

🛡️ Cisco has released updates to address four critical vulnerabilities across Webex Services and Identity Services Engine (ISE) that could permit arbitrary code execution and user impersonation. A cloud-side SSO certificate validation flaw (CVE-2026-20184, CVSS 9.8) can allow unauthenticated impersonation, while three ISE input validation issues (CVE-2026-20147, CVE-2026-20180, CVE-2026-20186; CVSS 9.9) enable remote command or code execution when an attacker has appropriate credentials. Cisco provides specific patch levels and migration guidance and advises customers to apply updates or upload a new IdP SAML certificate to Control Hub where applicable.
read more →

Microsoft Patches SharePoint Zero-Day, 168 Other Flaws

🛡️ Microsoft released updates addressing 169 vulnerabilities across its product portfolio, including an actively exploited SharePoint spoofing flaw (CVE-2026-32201) and 168 additional issues rated from Low to Critical. The fixes primarily remediate privilege escalation, information disclosure, and remote code execution weaknesses, and include a high-severity IKEv2 RCE (CVE-2026-33824, CVSS 9.8) and a publicly known Microsoft Defender privilege escalation (CVE-2026-33825). Organizations are urged to prioritize patches for actively exploited CVEs and critical RCEs and to follow Microsoft and CISA guidance for mitigations.
read more →