Sebastion
All topics

ai

36 pieces of writing

NVIDIA's RAG Blueprint had a path traversal in its MCP server. We got the fix merged in three days.
vulnerability6 min read

NVIDIA's RAG Blueprint had a path traversal in its MCP server. We got the fix merged in three days.

A CWE-22 path traversal in NVIDIA's RAG Blueprint MCP server allowed any MCP client to read arbitrary files and ingest them into the RAG collection. We submitted the fix and NVIDIA merged it.

security11 min read

Seven authentication bypasses that keep shipping in 2025 and 2026: the same architectural antipatterns, rewritten in new frameworks

Edict's file:// handler let anyone read files outside the project directory (CWE-22)
vulnerability5 min read

Edict's file:// handler let anyone read files outside the project directory (CWE-22)

AIPex's localhost daemon let any website control your browser through a WebSocket
vulnerability5 min read

AIPex's localhost daemon let any website control your browser through a WebSocket

AIPex's MCP daemon on 127.0.0.1:9223 accepted WebSocket connections from any origin, letting malicious web pages invoke 30+ browser automation tools. A 39-line fix adds origin validation at the single upgrade handler.

security10 min read

LangFlow, n8n and the pattern where AI configuration becomes code execution

Anthropic shipped its entire source code to npm and the internet kept it forever
security10 min read

Anthropic shipped its entire source code to npm and the internet kept it forever

Every MCPHub instance started with the same admin password. I changed that.
vulnerability7 min read

Every MCPHub instance started with the same admin password. I changed that.

MCPHub shipped every installation with the hardcoded credential admin/admin123 and published it in the README. The fix generates a cryptographically random password per instance.

LightRAG's Memgraph backend had a Cypher injection vulnerability hiding in plain sight
vulnerability7 min read

LightRAG's Memgraph backend had a Cypher injection vulnerability hiding in plain sight

Environment variables are the new command line: how AI agents keep leaking secrets through configuration files
security12 min read

Environment variables are the new command line: how AI agents keep leaking secrets through configuration files

TeamPCP compromised the AI proxy that holds everyone's API keys
security9 min read

TeamPCP compromised the AI proxy that holds everyone's API keys

LiteLLM, the universal LLM proxy with 95 million monthly downloads, was backdoored on PyPI for 46 minutes. It was enough.

PraisonAI let YAML config files set LD_PRELOAD and nobody checked
vulnerability7 min read

PraisonAI let YAML config files set LD_PRELOAD and nobody checked

Git tags, package registries and extension marketplaces share the same broken authentication model
security12 min read

Git tags, package registries and extension marketplaces share the same broken authentication model

gptme was passing API keys on the command line where any user could read them
vulnerability8 min read

gptme was passing API keys on the command line where any user could read them

gptme's evaluation runner passed API keys as Docker CLI arguments, exposing them to every user on the system via ps or /proc. The fix took one file and five tests.

Hermes Agent's worktree feature copied arbitrary files from your filesystem
security7 min read

Hermes Agent's worktree feature copied arbitrary files from your filesystem

I found SQL injection in Hugging Face's AI skills framework and got it fixed in nine days
vulnerability7 min read

I found SQL injection in Hugging Face's AI skills framework and got it fixed in nine days