All news with #vulnerability disclosure tag

🔒 Cybersecurity researchers disclosed four vulnerabilities in OpenClaw — collectively named Claw Chain — that can be chained for data theft, privilege escalation, and persistence. The flaws include two TOCTOU race conditions enabling reads and writes outside sandbox mounts, an allowlist bypass via heredoc expansion, and an access-control weakness allowing owner impersonation. Vendor patches are available in version 2026.4.22; users are urged to update immediately. Successful exploitation can expose credentials, modify configurations, and plant backdoors while mimicking normal agent behavior to evade detection.

🔍 Researchers using an LLM-powered platform discovered a critical 18-year-old heap buffer overflow in Nginx that can enable remote code execution under certain conditions. Tracked as CVE-2026-42945, it resides in ngx_http_rewrite_module and affects versions 0.6.27 through 1.30.0. Patches were released in 1.31.0 and 1.30.1 and in Nginx Plus releases; several F5 products remain pending updates. Exploitation can cause server crashes and, without ASLR, may allow arbitrary code execution.

🔒 Wordfence disclosed a critical authentication bypass in the Burst Statistics WordPress plugin (CVE-2026-8181) that lets unauthenticated actors impersonate admin users via REST API requests and even create rogue admin accounts. The flaw, introduced in versions 3.4.0 and 3.4.1, misinterprets wp_authenticate_application_password() return values, treating errors or null as successful authentication. Users should upgrade to 3.4.2 or disable the plugin immediately.

🔒 On day one of Pwn2Own Berlin 2026 researchers earned $523,000 exploiting 24 unique zero-days, led by Orange Tsai, who collected $175,000 after chaining four logic flaws to escape the Microsoft Edge sandbox. Windows 11 was rooted three times for new privilege-escalation bugs, and Valentina Palmiotti secured payouts for Red Hat Workstations and an NVIDIA Container Toolkit flaw. The event focuses on enterprise and AI-targeted technologies.

🔒 Researchers at DepthFirst AI found an 18-year-old heap buffer overflow in NGINX’s ngx_http_rewrite_module (CVE-2026-42945) that can cause denial of service and, under specific conditions, remote code execution. The flaw affects NGINX Open Source 0.6.27 through 1.30.0 and several F5-managed builds. Exploitation hinges on configurations using both rewrite and set directives and problems in the internal script engine’s two-pass handling of rewrites. Patches and mitigations are available, and F5 recommends replacing unnamed PCRE capture groups with named captures if immediate upgrades are not possible.

🔒Fragnesia (CVE-2026-46300) is a newly disclosed Linux kernel local privilege escalation discovered by William Bowling of Zellic and the V12 team, with a working PoC published on May 13. The flaw permits unprivileged users to overwrite kernel page-cache contents of read-only files, enabling in-memory tampering that can spawn a root shell without touching disk. It stems from shared page fragment bookkeeping failures tied to ESP-in-TCP decryption behavior and is being mitigated by interim distro backports and module hardening.

🔒 PraisonAI contained a critical authentication bypass (CVE-2026-44338) in its legacy Flask API server that sets AUTH_ENABLED = False and AUTH_TOKEN = None by default. Exploitation allows unauthenticated callers to enumerate configured agents via /agents and to trigger workflows through /chat, potentially consuming model quotas and exposing run results. The flaw affects versions 2.5.6–4.6.33 and was fixed in v4.6.34; operators are advised to update, audit deployments, and rotate exposed credentials.

🔍 Sysdig reported that a newly disclosed authentication bypass in the open-source orchestration framework PraisonAI was probed by internet scanners about 3 hours and 44 minutes after a GitHub advisory published on May 11. The flaw stems from a legacy Flask API server that ships with authentication disabled by default, affecting versions 2.5.6 through 4.6.33 and fixed in 4.6.34. Researchers urge immediate upgrades and monitoring for the “CVE-Detector/1.0” user-agent and suspicious /api/agents and related paths.

🔒 An anonymous researcher known as Chaotic Eclipse (aka Nightmare-Eclipse) disclosed two new Windows zero-days: YellowKey, a BitLocker bypass present in the Windows Recovery Environment (WinRE), and GreenPlasma, a CTFMON-related privilege escalation. YellowKey targets Windows 11 and Windows Server 2022/2025 by placing crafted FsTx files on a USB or EFI partition and replaying them to obtain a shell even when BitLocker is enabled. The GreenPlasma proof-of-concept can create arbitrary memory section objects in SYSTEM-writable directories, potentially enabling higher-privilege manipulation, though the exploit is incomplete. Microsoft says it investigates reported issues and supports coordinated disclosure.

⚠️ A new high-severity Linux kernel privilege escalation, named Fragnasia (CVE-2026-46300), abuses a logic bug in the XFRM ESP-in-TCP subsystem to write arbitrary bytes into the kernel page cache of read-only files, enabling local attackers to gain root. A proof-of-concept exploit demonstrates corrupting /usr/bin/su to obtain a root shell. It affects kernels released before May 13, 2026, and mirrors the mitigation used for the recently disclosed Dirty Frag class.

🔒 A new local privilege escalation dubbed Fragnesia (CVE-2026-46300) was disclosed in the Linux kernel's XFRM ESP-in-TCP subsystem, allowing unprivileged local attackers to corrupt the kernel page cache and gain root. The issue, discovered by William Bowling of V12, is a separate bug from Dirty Frag but affects the same surface. A PoC exploit has been published and multiple distributions have issued advisories. Mitigations for Dirty Frag apply until patched kernels are available.

⚠️ F5 and researcher depthfirst disclosed a critical heap buffer overflow in the ngx_http_rewrite_module affecting both NGINX Plus and NGINX Open Source. Tracked as CVE-2026-42945 (CVSS v4: 9.2) and dubbed NGINX Rift, the flaw can be triggered remotely via crafted URIs to cause DoS or, with ASLR disabled, lead to remote code execution. Fixes were released after responsible disclosure on April 21, 2026, across many NGINX releases and ecosystem products. Users should apply vendor updates or replace unnamed PCRE captures with named captures as a temporary mitigation.

⚠️ Two newly disclosed flaws in the Avada Builder WordPress plugin place roughly one million sites at risk of arbitrary file read (CVE-2026-4782, CVSS 6.5) and unauthenticated time-based SQL injection (CVE-2026-4798, CVSS 7.5). The issues were reported to Wordfence in March and fixed in 3.15.2 and fully resolved in 3.15.3. Site owners are urged to update immediately and audit subscriber accounts and wp-config.php for signs of compromise.

🔒 Microsoft released patches for 138 vulnerabilities across its product portfolio, including 30 Critical and 104 Important flaws, with none currently listed as publicly known or under active attack. The update spans privilege escalation, remote code execution, information disclosure, and spoofing issues, and includes a recently patched AMD CPU isolation flaw (CVE-2025-54518). Notable high-risk fixes include CVE-2026-41096 (Windows DNS heap overflow) and several Critical issues in Azure, Dynamics 365, Hyper-V, and Office. Administrators are urged to prioritize updates, rotate Secure Boot certificates before the June 26, 2026 deadline, and follow mitigation guidance such as reducing internet exposure and enforcing MFA.

⚠️ Security researchers disclosed a critical out-of-bounds read in Ollama that can leak process memory and is tracked as CVE-2026-7482 (CVSS 9.1), dubbed "Bleeding Llama". The flaw arises in the GGUF model loader's WriteTo() flow due to use of the unsafe package, allowing a crafted model upload to read past heap bounds. Successful exploitation can reveal environment variables, API keys, prompts, and user conversation data and exfiltrate it via the /api/push endpoint. Users are urged to apply fixes, restrict network exposure, and place an authentication proxy before Ollama instances.

🔐 Ivanti disclosed five vulnerabilities in its on‑premises Endpoint Manager Mobile (EPMM) suite, and one—CVE-2026-6973—has been added to CISA’s Known Exploited Vulnerabilities Catalog due to active exploitation. Updated EPMM releases resolving the issues are available and administrators are urged to apply patches and rotate administrative credentials immediately. The defects include improper input validation, access control failures, and certificate validation errors, and Ivanti says it is using AI tools to help identify additional vulnerabilities. Organizations should also review enrollment settings such as Apple Device Enrollment and assess whether legacy on‑premises MDM fits a Zero Trust model.

⚠ Microsoft Defender researchers describe Dirty Frag, a Linux local privilege escalation that abuses kernel networking and memory-fragment handling in esp4, esp6, and rxrpc. Public proof-of-concept activity and active targeting suggest the exploit yields more reliable escalation from unprivileged user to root across multiple distributions. Microsoft recommends immediate mitigations—disable unused modules, harden containers, increase monitoring, clear caches cautiously, and prioritize vendor kernel patches—while Defender expands detections.

⚠ A newly disclosed Linux zero-day, named Dirty Frag, enables local attackers to obtain root privileges on most major distributions with a single command. Researcher Hyunwoo Kim published a detailed write-up and a proof-of-concept exploit after an embargo was broken on May 7, 2026. The flaw stems from an approximately nine-year-old logic error in the kernel's algif_aead interface and chains two page-cache write issues to modify protected files in memory. As a temporary mitigation, administrators are advised to disable and unload the esp4, esp6, and rxrpc modules until vendor patches are available.

🔒 A new unpatched local privilege escalation in the Linux kernel, called Dirty Frag, was disclosed to maintainers on April 30, 2026. Researcher Hyunwoo Kim (@v4bel) says it deterministically chains two page-cache write primitives (xfrm-ESP and RxRPC) to achieve root on many distributions, and a one-command PoC has been released. Vendors recommend immediately blocklisting the esp4, esp6, and rxrpc modules and monitoring upstream and vendor advisories for patches.

🔒Google has increased maximum payouts for its vulnerability reward programs, raising the top prize to $1.5 million. The new maximum applies to critical issues impacting Android, with reports indicating the full amount requires compromising the Pixel Titan M2 security chip. Rewards for vulnerabilities in Chrome now top out at $250,000. Since launching its programs in 2010, Google has paid $81.6 million to researchers.