Research

61 pieces of security research, engineering and field notes.

Edict's file:// handler let anyone read files outside the project directory (CWE-22)

The add_remote_skill endpoint in cft0808/edict applied path traversal protection to local and relative paths but skipped the file:// branch entirely. One .resolve() and an allowed_roots check closed the gap.

5 April 2026

vulnerability5 min read

AIPex's localhost daemon let any website control your browser through a WebSocket

AIPex's MCP daemon on 127.0.0.1:9223 accepted WebSocket connections from any origin, letting malicious web pages invoke 30+ browser automation tools. A 39-line fix adds origin validation at the single upgrade handler.

3 April 2026

siemens6 min read

Two CVEs in Siemens SICAM 8 firmware expose three product families to unauthenticated denial of service

CVE-2026-27663 and CVE-2026-27664 affect shared firmware components across Siemens SICAM A8000, EGS and S8000 product lines, enabling unauthenticated denial of service in power grid infrastructure.

3 April 2026

security10 min read

LangFlow, n8n and the pattern where AI configuration becomes code execution

AI orchestration platforms like LangFlow and n8n are accumulating critical RCE vulnerabilities because their architectures treat user-supplied configuration as trusted code.

1 April 2026

ics6 min read

Anritsu's spectrum monitors have no authentication and the vendor has no plans to add it

CVE-2026-3356 exposes a design-level authentication failure across Anritsu's entire Remote Spectrum Monitor line. CVSS 9.3, all versions affected, no fix planned.

1 April 2026

security10 min read

Anthropic shipped its entire source code to npm and the internet kept it forever

A 59.8 MB source map in Claude Code v2.1.88 exposed 512,000 lines of Anthropic's proprietary TypeScript to anyone with an npm account. Clean-room rewrites and decentralised mirrors made DMCA takedowns futile.

31 March 2026

citrix6 min read

CISA added CVE-2026-3055 to the KEV catalog and Citrix NetScaler's perimeter problem is back

CVE-2026-3055, a critical out-of-bounds read in Citrix NetScaler ADC and Gateway, is being actively exploited. CISA has added it to the KEV catalog.

31 March 2026

vulnerability7 min read

Every MCPHub instance started with the same admin password. I changed that.

MCPHub shipped every installation with the hardcoded credential admin/admin123 and published it in the README. The fix generates a cryptographically random password per instance.

30 March 2026

citrix7 min read

CVE-2026-3055 gives unauthenticated attackers a read window into NetScaler memory

CVE-2026-3055, a CVSS 9.3 memory overread in Citrix NetScaler ADC and Gateway configured as SAML IDPs, is drawing active reconnaissance. Attackers are probing authentication endpoints to identify vulnerable appliances.

29 March 2026

vulnerability7 min read

LightRAG's Memgraph backend had a Cypher injection vulnerability hiding in plain sight

LightRAG's Memgraph storage backend interpolated unsanitised entity types directly into Cypher queries, enabling injection via the API. The Neo4j backend was already fixed.

28 March 2026

f57 min read

CVE-2025-53521 lands in CISA's KEV catalog: F5 BIG-IP RCE under active exploitation

CISA added CVE-2025-53521 to the Known Exploited Vulnerabilities catalog on 27 March 2026 after confirming active exploitation of this CVSS 9.8 RCE in F5 BIG-IP. Affected versions span three major branches.

28 March 2026

security12 min read

Environment variables are the new command line: how AI agents keep leaking secrets through configuration files

AI agent frameworks and deployment tools keep shipping the same environment variable injection patterns that operational tooling solved years ago. The gptme fix was one project. The pattern is everywhere.

28 March 2026