Exploit for Improper Control of Dynamically-Managed Code Resources in Nocobase

CVE-2026-34156 – NocoBase Sandbox Escape RCE !CVE-2026-34...

📄 MISP 2.5.27 Workflow Engine Cross Site Scripting

This Metasploit auxiliary module targets a potential stored cross site scripting vulnerability in the MISP Workflow Engine. It is designed to interact with the MISP API, create workflows, and inject malicious payloads into workflow data fields...

ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-boot-starter (>=0.5.0 <=0.8.7) +9547 more potentially affected by CVE-2026-5588 via org.bouncycastle:bcpkix-jdk18on (>=1.71 <=1.83)

org.bouncycastle:bcpkix-jdk18on MAVEN version =1.71, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =3.10.0.5, =0.5.0, =1.2.4, =2023.12.01.210510-f61f157, =2023.12.01.210510-f61f157, =2026.03.26.140500-911435f and more Source cves: CVE-2026-5588 Source advisory:...

CVE-2026-39417

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete fix for CVE-2025-53928, where a Remote Code Execution vulnerability still exists in the MCP node of the workflow engine. MaxKB only restricts the referencing code path loading MCP config from the...

CVE-2026-39417

Affected software : MaxKB, specifically versions 2.7.1 and earlier. Vulnerability details : An incomplete fix for CVE-2025-53928 leaves a Remote Code Execution in the MCP node of the workflow engine. The fix only patched the path loading MCP config from the database; the else branch that loads mc...

CVE-2026-39417 MaxKB: RCE via MCP stdio command injection in workflow engine

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete fix for CVE-2025-53928, where a Remote Code Execution vulnerability still exists in the MCP node of the workflow engine. MaxKB only restricts the referencing code path loading MCP config from the...

EUVD-2026-22162

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete fix for CVE-2025-53928, where a Remote Code Execution vulnerability still exists in the MCP node of the workflow engine. MaxKB only restricts the referencing code path loading MCP config from the...

CVE-2026-39417 MaxKB: RCE via MCP stdio command injection in workflow engine

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete fix for CVE-2025-53928, where a Remote Code Execution vulnerability still exists in the MCP node of the workflow engine. MaxKB only restricts the referencing code path loading MCP config from the...

CVE-2026-39417

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete fix for CVE-2025-53928, where a Remote Code Execution vulnerability still exists in the MCP node of the workflow engine. MaxKB only restricts the referencing code path loading MCP config from the...

PraisonAI 代码注入漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.139 and praisonaiagents prior to 1.5.140 contained a code injection vulnerability. This vulnerability stemmed from the workflow engine processing untrusted YAML files, which...

PT-2026-32564

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete fix for CVE-2025-53928, where a Remote Code Execution vulnerability still exists in the MCP node of the workflow engine. MaxKB only restricts the referencing code path loading MCP config from the...

Warm-Flow 代码注入漏洞

Warm-Flow is a workflow engine developed by Dromara. Versions of Warm-Flow 1.8.4 and earlier contained a code injection vulnerability. This vulnerability stemmed from the improper handling of parameters listenerPath, skipCondition, and permissionFlag by the SpelHelper.parseExpression function in...

PT-2026-32122

Lawnchair is a free, open-source home app for Android. Prior to commit fcba413f55dd47f8a3921445252849126c6266b2, command injection in release update.yml workflow dispatch input allows arbitrary code execution. Commit fcba413f55dd47f8a3921445252849126c6266b2 patches the issue...

PT-2026-32593

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.139 praisonaiagents versions prior to 1.5.140 Description The workflow engine is susceptible to arbitrary command and code execution through untrusted YAML files. When the system loads a YAML file with type: job...

EUVD-2026-19728

Emissary has GitHub Actions Shell Injection via Workflow Inputs...

SUSE CVE-2026-33344

Dagu is a workflow engine with a built-in Web user interface. From version 2.0.0 to before version 2.3.1, the fix for CVE-2026-27598 added ValidateDAGName to CreateNewDAG and rewrote generateFilePath to use filepath.Base. This patched the CREATE path. The remaining API endpoints - GET, DELETE,...

CVE-2026-31886

Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, the dagRunId request field accepted by the inline DAG execution endpoints is passed directly into filepath.Join to construct a temporary directory path without any format validation. Go's filepath.Join resolves...

CVE-2026-33344 Dagu has an incomplete fix for CVE-2026-27598: path traversal via %2F-encoded slashes in locateDAG

Dagu is a workflow engine with a built-in Web user interface. From version 2.0.0 to before version 2.3.1, the fix for CVE-2026-27598 added ValidateDAGName to CreateNewDAG and rewrote generateFilePath to use filepath.Base. This patched the CREATE path. The remaining API endpoints - GET, DELETE,...

dagu 路径遍历漏洞

Dagu is a workflow engine developed under open source by Dagu Workflow Engine. Versions of Dagu from 2.0.0 to 2.3.1 had a path traversal vulnerability. This vulnerability stemmed from the fact that API endpoints such as GET, DELETE, RENAME, and EXECUTE did not call the ValidateDAGName function. A...

CVE-2026-31882

Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, when Dagu is configured with HTTP Basic authentication DAGUAUTHMODE=basic, all Server-Sent Events SSE endpoints are accessible without any credentials. This allows unauthenticated attackers to access real-time DAG...