Caddy: Remote Admin Authorization Bypass on PKI Endpoints via Prefix-Based Path Matching

AI Disclosure I used an LLM to help review the source code, reason about attack surface, and help draft and refine this report. I manually validated the finding by reproducing it locally, confirming the vulnerable code path, and verifying the HTTP behavior with curl -v. Summary Caddy's remote adm...

`potato-annotation` has a Project-Boundary Bypass

Summary validatepathsecurity uses string-prefix containment startswith for boundary checks. This allows paths that are outside the intended project directory but share its prefix string e.g., /tmp/potatoprojdemoevil/... vs /tmp/potatoprojdemo to be accepted. Details Affected source location root...

Rack::Static prefix matching can expose unintended files under the static root

Summary Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with that string, including unrelated paths such as "/css-config.env" or...

Rack::Static prefix matching can expose unintended files under the static root

Summary Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with that string, including unrelated paths such as "/css-config.env" or...

PT-2026-29915

Summary Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with that string, including unrelated paths such as "/css-config.env" or...

CVE-2026-33490 h3: Missing Path Segment Boundary Check in `mount()` Causes Middleware Execution on Unrelated Prefix-Matching Routes

H3 is a minimal HTTP framework. In versions 2.0.0-0 through 2.0.1-rc.16, the mount method in h3 uses a simple startsWith check to determine whether incoming requests fall under a mounted sub-application's path prefix. Because this check does not verify a path segment boundary i.e., that the next...

CVE-2026-33490

H3 is a minimal HTTP framework. In versions 2.0.0-0 through 2.0.1-rc.16, the mount method in h3 uses a simple startsWith check to determine whether incoming requests fall under a mounted sub-application's path prefix. Because this check does not verify a path segment boundary i.e., that the next...

CVE-2026-33490

The connected document provides concrete details for CVE-2026-33490: a missing path-segment boundary check in the h3 library allows a mounted sub-app at a base path (e.g., /admin) to leak middleware-induced context (such as isAdmin) to unrelated routes that merely share the string prefix (e.g., /...

Fedora 44 : scitokens-cpp (2026-176625c3fc)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-176625c3fc advisory. - Fix scope path boundary validation to deny sibling-prefix authorization bypasses - Reject parent-directory traversal in scope paths, including encoded...

h3: Missing Path Segment Boundary Check in `mount()` Causes Middleware Execution on Unrelated Prefix-Matching Routes

Summary The mount method in h3 uses a simple startsWith check to determine whether incoming requests fall under a mounted sub-application's path prefix. Because this check does not verify a path segment boundary i.e., that the next character after the base is / or end-of-string, middleware...

PT-2026-26775

Name of the Vulnerable Software and Affected Versions h3 versions 2.0.0-0 through 2.0.1-rc.16 Description The mount method in h3 uses a simple startsWith check to determine if incoming requests fall under a mounted sub-application's path prefix. This check does not verify a path segment boundary,...

CVE-2026-32232 ZeptoClaw: Path boundary checks bypass via symlink, TOCTOU, and hardlink

ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulnerability is fixed in 0.7.6...

CVE-2026-32232 ZeptoClaw: Path boundary checks bypass via symlink, TOCTOU, and hardlink

ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulnerability is fixed in 0.7.6...

CVE-2026-32232

CVE-2026-32232 affects ZeptoClaw (pre-0.7.6). The vulnerability combines Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass, allowing workspace boundary bypass during path validation and subsequent I/O. The issue is fixed in 0.7.6. Affected behavior in...

CVE-2026-32232 ZeptoClaw: Path boundary checks bypass via symlink, TOCTOU, and hardlink

ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulnerability is fixed in 0.7.6...

EUVD-2026-11669

ZeptoClaw: Path boundary checks bypass via symlink, TOCTOU, and hardlink...

GHSA-XJGW-4WVW-RGM4 MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment

Summary The confluencedownloadattachment MCP tool accepts a downloadpath parameter that is written to without any directory boundary enforcement. An attacker who can call this tool and supply or access a Confluence attachment with malicious content can write arbitrary content to any path the serv...

Rack has a Directory Traversal via Rack:Directory

Summary Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory listing outside the intended root. Details In directory.rb,...