411 matches found
CVE-2026-49336
@microsoft/kiota-http-fetchlibrary provides TypeScript libraries for Kiota-generated API clients. In versions 1.0.0-preview.97 through 1.0.0-preview.101, @microsoft/kiota-http-fetchlibrary's RedirectHandler is documented as stripping Authorization and Cookie from cross-origin redirect targets, bu...
CVE-2026-49336 @microsoft/kiota-http-fetchlibrary: Bearer token and Cookie leak across origin on redirect due to case-mismatched scrub in fetchRequestAdapter
@microsoft/kiota-http-fetchlibrary provides TypeScript libraries for Kiota-generated API clients. In versions 1.0.0-preview.97 through 1.0.0-preview.101, @microsoft/kiota-http-fetchlibrary's RedirectHandler is documented as stripping Authorization and Cookie from cross-origin redirect targets, bu...
CVE-2026-49336
The CVE concerns @microsoft/kiota-http-fetchlibrary (TypeScript) in versions 1.0.0-preview.97–1.0.0-preview.101, where RedirectHandler’s scrubSensitiveHeaders uses case-sensitive deletion (delete headers.Authorization, delete headers.Cookie) on a headers object already lower-cased by FetchRequest...
PT-2026-51008
Name of the Vulnerable Software and Affected Versions @microsoft/kiota-http-fetchlibrary versions 1.0.0-preview.97 through 1.0.0-preview.101 Description The RedirectHandler in the library fails to properly remove sensitive headers during cross-origin redirects. While it is intended to strip...
EUVD-2026-37126
Perry before 0.5.1166 contains a JWT validation vulnerability that allows remote attackers to bypass token expiration by exploiting the unconditional setting of validateexp = false in the verifydecode helper within the stdlib JWT verification path. Attackers in possession of a previously issued...
CVE-2026-53776
Perry before 0.5.1166 contains a JWT validation vulnerability in the verify_decode helper that sets validate_exp = false unconditionally, enabling token expiration bypass. Attackers with a previously issued bearer token can present expired tokens to jwt.verify() calls and retain access, undermini...
PT-2026-49727
Name of the Vulnerable Software and Affected Versions Perry versions prior to 0.5.1166 Description An issue in the JWT validation process allows remote attackers to bypass token expiration. This occurs because the verify decode helper within the stdlib JWT verification path unconditionally sets...
CVE-2026-47250 mcp-server-kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration
mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectlgeneric tool in mcp-server-kubernetes passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes...
CVE-2026-47250 mcp-server-kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration
mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectlgeneric tool in mcp-server-kubernetes passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes...
Malicious code in 0x2ai-demo6 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f4a43a40af9e707d98ed55406b0ff32dccaad352fccf5d1eaaca41b9959d924 On npm install, scripts/postinstall.cjs writes .mcp.json into the installer's working directory INITCWD wiring Claude Code to a packaged MCP server...
Malicious code in 0x2ai-demo3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a36d5f023e4740169d1e1e7a56ebe32552cfdc4a05bf50ecc0b648ecea502c0d On npm install, scripts/postinstall.cjs copies the entire payload/ tree into process.env.INITCWD the directory the developer ran the install from usi...
MAL-2026-5588 Malicious code in 0x2ai-demo10x (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c4c4b3e66489f3a4383df5e62540498343c5ab3a5ce145df5733b2820efc71b On npm install, scripts/postinstall.cjs runs fs.cpSyncpayload, process.env.INITCWD, recursive: true , copying.mcp.json,...
Malicious code in 0x2ai-demo7x (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7e956073a7db6057e4d42af462dba0299152ca992c113d74c715e90574d0efb On npm install, scripts/postinstall.cjs copies the package's payload/ tree into the installer's project root process.env.INITCWD, placing...
Malicious code in 0x2ai-demo9x (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e796c3398589b92ecd70f45bc41128101313dd07adeb0634199ac3fef59d19d On npm install, scripts/postinstall.cjs copies the package's payload/ tree into the installer's project root process.env.INITCWD without consent,...
GHSA-CXH2-4639-VMC5 OpenTelemetry Operator for Kubernetes's ServiceMonitor bearerTokenFile reads arbitrary local file and sends contents as bearer auth
Affected Repository: github.com/open-telemetry/opentelemetry-operator Component: cmd/otel-allocator TargetAllocator Companion: Prometheus Operator API types CRDs Summary OpenTelemetry Operator's TargetAllocator watches ServiceMonitor resources via the Prometheus Operator CR watcher and converts...
OpenTelemetry Operator for Kubernetes's ServiceMonitor bearerTokenFile reads arbitrary local file and sends contents as bearer auth
Affected Repository: github.com/open-telemetry/opentelemetry-operator Component: cmd/otel-allocator TargetAllocator Companion: Prometheus Operator API types CRDs Summary OpenTelemetry Operator's TargetAllocator watches ServiceMonitor resources via the Prometheus Operator CR watcher and converts...
nebula-mesh: API endpoints lack ownership checks, enabling cross-operator privilege escalation
The /api/v1/ route surface trusts the bearer token alone for authorisation on most endpoints. The codebase itself admits this at internal/api/hosts.go:384: "API trusts the bearer token for authorisation; per-CA ownership is enforced only in the Web layer." The Web UI gates state-changing routes...
GHSA-598G-H2VC-H5VG nebula-mesh: API endpoints lack ownership checks, enabling cross-operator privilege escalation
The /api/v1/ route surface trusts the bearer token alone for authorisation on most endpoints. The codebase itself admits this at internal/api/hosts.go:384: "API trusts the bearer token for authorisation; per-CA ownership is enforced only in the Web layer." The Web UI gates state-changing routes...
PT-2026-47550
The /api/v1/ route surface trusts the bearer token alone for authorisation on most endpoints. The codebase itself admits this at internal/api/hosts.go:384: "API trusts the bearer token for authorisation; per-CA ownership is enforced only in the Web layer." The Web UI gates state-changing routes...
PT-2026-47621
Name of the Vulnerable Software and Affected Versions Nebula-Mesh versions prior to 0.3.4 Description An authorization gap in the /api/v1/ route surface allows non-admin operators to obtain broad cross-tenant access. The API trusts the bearer token for authorization without enforcing ownership...