Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the ClusterPolicy when apiCall.service.url is used with variable substitution e.g. request.object.. An attacker can retrieve sensitive information from internal services or cloud metadata endpoints b...

Kyverno has unrestricted outbound requests in Kyverno apiCall enabling SSRF

Summary A Server-Side Request Forgery SSRF vulnerability in Kyverno allows authenticated users to induce the admission controller to send arbitrary HTTP requests to attacker-controlled endpoints. When a ClusterPolicy uses apiCall.service.url with variable substitution e.g. request.object.,...

Linux Distros Unpatched Vulnerability : CVE-2026-40194

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::getbinarypacket uses PHP's !=...

DEBIAN-CVE-2026-40194

phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp,...

CVE-2026-40194

phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp,...

CVE-2026-40194

phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp,...

UBUNTU-CVE-2026-40194

phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp,...

GHSA-R854-JRXH-36QX phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()

phpseclib SSH2: Variable-time comparison in HMAC verification Summary phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp, which short-circuits on the first differi...

phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()

phpseclib SSH2: Variable-time comparison in HMAC verification Summary phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp, which short-circuits on the first differi...

CVE-2026-40194

phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp,...

CVE-2026-40194 phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()

phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp,...

CVE-2026-40194

CVE-2026-40194 affects the phpseclib PHP secure communications library. Prior to versions 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::get_binary_packet() compares the received SSH packet HMAC to the computed HMAC using the != operator. In PHP, != on equal-length binary strings invokes memcmp(...

CVE-2026-40194

phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp,...

PraisonAI: Hardcoded `approval_mode="auto"` in Chainlit UI Overrides Administrator Configuration, Enabling Unapproved Shell Command Execution

Summary The Chainlit UI modules chat.py and code.py hardcode config.approvalmode = "auto" after loading administrator configuration from the PRAISONAPPROVALMODE environment variable, silently overriding any "manual" or "scoped" approval setting. This defeats the human-in-the-loop approval gate fo...

PraisonAIAgents: Environment Variable Secret Exfiltration via os.path.expandvars() Bypassing shell=False in Shell Tool

Summary The executecommand function in shelltools.py calls os.path.expandvars on every command argument at line 64, manually re-implementing shell-level environment variable expansion despite using shell=False line 88 for security. This allows exfiltration of secrets stored in environment variabl...

CVE-2026-39962

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an unsanitized username value when ApacheAuthenticate.apacheEnv is configured to use a user-controlled...

EUVD-2026-21156

PraisonAI Vulnerable to Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars...

CVE-2026-35650 OpenClaw < 2026.3.22 - Environment Variable Override Bypass via Inconsistent Sanitization

OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that allows attackers to bypass the shared host environment policy through inconsistent sanitization paths. Attackers can supply blocked or malformed override keys that slip through inconsistent validation ...

CVE-2026-35650 OpenClaw < 2026.3.22 - Environment Variable Override Bypass via Inconsistent Sanitization

OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that allows attackers to bypass the shared host environment policy through inconsistent sanitization paths. Attackers can supply blocked or malformed override keys that slip through inconsistent validation ...

CVE-2026-33092

Local privilege escalation due to improper handling of environment variables. The following products are affected: Acronis True Image OEM macOS before build 42571, Acronis True Image macOS before build 42902...