Vulnerability Reports
Explore our collection of high-severity CVE reports and remediation guides.
Claude Code & The Echo Chamber: CVE-2026-25723
In the race to build autonomous coding agents, Anthropic's 'Claude Code' (claude-code) stumbled over a classic Unix pitfall. CVE-2026-25723 is a high-severity file write restriction bypass that allows the AI agent—or an attacker influencing it—to overwrite sensitive files outside the project scope. By leveraging piped `sed` commands, the tool's input validation logic was circumvented, potentially turning a helpful coding assistant into a machine for overwriting SSH keys or configuration files.
The Symlink Whisperer: Bypassing Claude Code's Security Rails
In the race to build autonomous coding agents, developers often forget the oldest tricks in the UNIX book. Claude Code, Anthropic's CLI tool for agentic coding, implemented a 'deny' list to prevent the AI from reading sensitive files (like keys or system configs). However, prior to version 2.1.7, this mechanism checked the filename, not the file's destination. By utilizing symbolic links, an attacker (or a malicious repository) could trick the agent into reading any file the user had access to, completely bypassing the application's security constraints.
AdonisJS BodyParser: When a Form Field Eats the Universe
A critical Prototype Pollution vulnerability in the AdonisJS `@adonisjs/bodyparser` package allows unauthenticated attackers to corrupt the global object prototype via crafted multipart form-data requests. By manipulating the `__proto__` property during field accumulation, attackers can trigger Denial of Service, authentication bypasses, or potentially Remote Code Execution depending on the application's gadget chain.
Phlexing on the XSS Filters: A Comedy of Errors in Ruby Views
Phlex, a Ruby library designed to write object-oriented HTML, suffered from a catastrophic failure in its Cross-Site Scripting (XSS) mitigation logic. Despite intended protections, the library failed to account for the chaotic nature of HTML parsing, allowing attackers to inject malicious JavaScript via four distinct vectors: attribute splatting, dynamic tag generation, HTML entity encoding, and SVG context manipulation. The vulnerability stems from an over-reliance on regular expressions for sanitization without understanding the full breadth of browser parsing behaviors.
The Spice Must Flow... Into the Attacker's Wallet: Inside the dYdX Supply Chain Hack
In early February 2025, the official client libraries for the dYdX decentralized exchange were poisoned with malware. This wasn't a clever buffer overflow or a race condition; it was a brutal supply chain compromise where attackers seized control of developer accounts to publish malicious versions (PyPI `1.1.5post1` and npm `3.4.1` et al.). The payload, part of the 'Shai Hulud' campaign, turned developer workstations into open books, exfiltrating crypto wallets, SSH keys, and GitHub tokens before the victims even finished their morning coffee.
Gogs: When 'Painless' Git Becomes Painful (Stored XSS via Mermaid)
A classic tale of neglected dependencies and implicit trust. Gogs, the 'painless' self-hosted Git service, fell victim to a high-severity Stored Cross-Site Scripting (XSS) vulnerability. By bundling an ancient, vulnerable version of the Mermaid.js diagramming library and initializing it without a sandbox, Gogs turned every issue tracker and wiki page into a potential minefield. This report dives into the mechanics of the Mermaid bypass and why client-side rendering of user-supplied DSLs is a dangerous game.
Infinite Stream of Death: Crashing AdonisJS with Unbounded Buffers
A classic but devastating Denial of Service vulnerability in the AdonisJS framework's `@adonisjs/bodyparser` package. By exploiting the multipart file parser's eagerness to identify file types (magic numbers), an attacker can stream an infinite amount of data into a memory buffer that never flushes. This results in a rapid consumption of server RAM, triggering an Out-of-Memory (OOM) crash and effectively taking down the application with a single malicious POST request.
Doppelgänger Certificates: Bypassing Nebula Blocklists with ECDSA Magic
In the world of cryptography, two things can be mathematically identical yet look completely different to a computer. CVE-2026-25793 is a fascinating logic flaw in Slack's Nebula overlay network that exploits the malleability of ECDSA signatures on the NIST P-256 curve. By flipping the 's' value of a cryptographic signature, an attacker can generate a new binary representation of a certificate that remains cryptographically valid but results in a completely different file hash. Since Nebula's blocklist mechanism relied solely on SHA-256 fingerprints of the raw certificate bytes, this allowed banned attackers to simply 'flip a switch' and re-enter the network.
The Trojan Horse in Your Cargo.toml: Deconstructing the 'evm-units' Supply Chain Attack
For eight months, a malicious Rust crate named 'evm-units' sat quietly on crates.io, masquerading as a harmless utility for Ethereum unit conversion. Behind the scenes, it was a sophisticated supply chain attack targeting Web3 developers. By abusing the Rust build process, it executed cross-platform malware the moment a developer compiled their project, compromising over 7,400 environments before its removal in December 2025.
Betting on a Bad Horse: The Malicious `polymarket-clients-sdk` Crate
A classic supply chain attack targeting the Rust ecosystem. The package `polymarket-clients-sdk` appeared on crates.io, masquerading as an official SDK for the popular Polymarket prediction platform. Instead of helper functions for betting, it delivered a payload capable of exfiltrating credentials and compromising developer environments via malicious build scripts. This is a text-book example of Brandjacking combined with the inherent risks of arbitrary code execution during package installation.
Finch-Rust: The Shai-Hulud Worm Burrows into Crates.io
In the ongoing saga of supply chain warfare, the Rust ecosystem—often lauded for its memory safety—has been reminded that the borrow checker cannot save you from social engineering. The 'finch-rust' crate, a malicious package mimicking a legitimate library, was found acting as a loader for the 'Shai-Hulud' malware campaign. Designed to execute arbitrary code during the build process via 'build.rs', this package serves as a stark reminder that 'cargo build' is effectively remote code execution.
The Chameleon Key: Breaking SandboxJS with a Shape-Shifting Object
A critical Time-of-Check Time-of-Use (TOCTOU) vulnerability in SandboxJS allows attackers to bypass security restrictions and achieve Remote Code Execution (RCE). By leveraging JavaScript's dynamic type coercion, a malicious object can masquerade as a benign property key during validation checks, only to transform into a forbidden key like 'constructor' during execution.