8 matches found
CVE-2026-30898
An example of BashOperator in Airflow documentation suggested a way of passing dagrun.conf in the way that could cause unsanitized user input to be used to escalate privileges of UI user to allow execute code on worker. Users should review if any of their own DAGs have adopted this incorrect advi...
CVE-2026-30898
CVE-2026-30898 concerns Apache Airflow where BashOperator usage documented in DAGs could pass dag_run.conf unsafely, enabling UI user privileges to execute code on workers. The issue arises from an example that could escalate privileges via shell injection-like behavior. The connected OSV entry c...
CVE-2025-47274
ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol MCP servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart...
CVE-2025-47274 ToolHive stores secrets in the state store with no encryption
ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol MCP servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart...
CVE-2025-47274 ToolHive stores secrets in the state store with no encryption
ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol MCP servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart...
CVE-2025-47274
CVE-2025-47274 affects ToolHive, a utility for deploying/managing MCP servers. The issue arises from the startup code ordering that causes sensitive data to be written into run configuration files used to restart stopped MCP containers. An attacker with access to the user’s home directory can rea...
PT-2025-20705 · Toolhive · Toolhive
Name of the Vulnerable Software and Affected Versions: ToolHive versions prior to 0.0.33 Description: The issue arises from the ordering of code used to start a Model Context Protocol MCP server container in ToolHive, inadvertently storing secrets in run config files. This allows an attacker with...
MDVA-2008:025 : drakxtools
This drakxtools update package fixes issues with the hardrake tool to make sure that USB keys are not auto-configured by the service at boot 34568, and adds back the Run Config tool button in the harddrake interface 34794. An issue where bootloader-config would use vmlinuz-desktop or...