Tag

Rce

All articles tagged with #rce

Active Exploitation of Critical Netlogon Flaw Prompting Immediate Patch urged
technology1 month ago

Active Exploitation of Critical Netlogon Flaw Prompting Immediate Patch urged

Belgium’s national cybersecurity authority warns threat actors are actively exploiting CVE-2026-41089, a critical Netlogon vulnerability patched in May 2026, to achieve remote code execution on domain controllers across all supported Windows Server versions; admins should patch immediately as exploitation is underway and advisories from Microsoft have not yet been updated.

Gogs RCE Flaw Lets Authenticated Users Run Code via Git Rebase
security1 month ago

Gogs RCE Flaw Lets Authenticated Users Run Code via Git Rebase

Rapid7 reports a critical Gogs vulnerability (CVSS 9.4) that lets any authenticated user achieve remote code execution by crafting a pull request with a malicious branch name that injects a --exec command into git rebase during the Rebase before merging step; no admin rights are required and an attacker can trigger it simply by registering and creating a repository with rebase merging enabled. If unpatched (as of March 17, 2026), this could allow server compromise, access to all repos, credential dumps, cross-tenant data breaches, or further network access. Mitigations include disabling new registrations, restricting repository creation, and auditing rebase merge settings; a Metasploit module exists to automate the exploit. Estimates put internet-facing Gogs instances around 1,141, likely higher in internal deployments behind VPNs.

Millions at Risk as NGINX Zero-Day RCE Flaw Sees Real-World Exploitation
cybersecurity1 month ago

Millions at Risk as NGINX Zero-Day RCE Flaw Sees Real-World Exploitation

Security researchers say CVE-2026-42945, a heap buffer overflow in NGINX Open Source and NGINX Plus, is being actively exploited in the wild. The flaw can crash NGINX worker processes via crafted requests, with remote code execution possible only if ASLR is disabled and a specific rewrite configuration is present; despite ASLR generally enabled, estimates show up to 5.7 million internet-facing servers may be affected. Organizations should patch promptly, ensure ASLR remains enabled, and audit rewrite rules to mitigate risk while threat actors rapidly scan for vulnerable systems.

Claude Code CLI RCE via Malicious Deeplinks Prompted Quick Patch (2.1.118)
cyber-security-news1 month ago

Claude Code CLI RCE via Malicious Deeplinks Prompted Quick Patch (2.1.118)

A critical remote code execution vulnerability in Anthropic’s Claude Code CLI allowed attackers to execute arbitrary commands through crafted deeplinks. The flaw came from a context-blind argument parser that treated --settings overrides found inside a deeplink’s q parameter as legitimate, enabling injection of a SessionStart hook at startup. Anthropic released a fix in Claude Code 2.1.118 and urged users to update; the issue highlights the risks of eager CLI parsing and deeplink handling.

18-Year-Old NGINX Flaw Triggers Unauthenticated Remote Code Execution
cyber-security1 month ago

18-Year-Old NGINX Flaw Triggers Unauthenticated Remote Code Execution

A severe heap-buffer-overflow bug in NGINX’s ngx_http_rewrite_module (CVE-2026-42945, CVSS 9.2) allows unauthenticated remote code execution when rewrite and set directives are used together, affecting NGINX Open Source 0.6.27–1.30.0 and several F5/NGINX products; a working PoC is public. Patch guidance includes upgrading to NGINX 1.30.1 or 1.31.0 and auditing configurations that combine rewrite+set directives, with a recommendation to add a WAFlayer until patching is complete. Additional related CVEs include CVE-2026-42946 (high severity, memory corruption), CVE-2026-40701 (medium, use-after-free), and CVE-2026-42934 (medium, out-of-bounds read).

18-year-old NGINX flaw raises DoS risk and possible RCE in certain configs
security1 month ago

18-year-old NGINX flaw raises DoS risk and possible RCE in certain configs

An 18-year-old heap buffer overflow in NGINX's rewrite_module (CVE-2026-42945) can cause denial of service and, under specific rewrite configurations, unauthenticated remote code execution. Patches are available in NGINX Open Source 1.31.0 and 1.30.1 and related F5 products; real-world exploitability is debated, but the DoS risk makes patching or applying mitigations urgent, especially where ASLR is disabled to enable RCE in PoC tests.

technology2 months ago

Rogue researcher releases second Windows Defender exploit, threatens more RCEs

A rogue researcher, Nightmare-Eclipse, released a second Windows Defender privilege-escalation exploit (RedSun) after Microsoft patched the first CVE-2026-33825 vulnerability. The PoC allegedly lets unprivileged users gain SYSTEM privileges by abusing Defender to overwrite system files; the researcher warns of more remote code execution exploits to come. Microsoft patched the flaw on Patch Tuesday and credited Zen Dodd and Yuanpei Xu, while the researcher continues to air grievances and threaten further disclosures.

F5 BIG-IP APM Flaw Upgraded to Active RCE Risk, Urgency to Patch
technology3 months ago

F5 BIG-IP APM Flaw Upgraded to Active RCE Risk, Urgency to Patch

F5 Networks reclassified the BIG-IP APM vulnerability CVE-2025-53521 from a DoS issue to a critical remote code execution flaw, with attackers exploiting unpatched systems to deploy webshells. CISA has ordered federal agencies to patch, and F5 issued mitigations and indicators of compromise as online exposure of BIG-IP instances remains high. Patch now and review disks, logs, and terminal history for signs of intrusion.

Ancient Telnet Hole Sparks Modern Worry: CVE-2026-32746 Pre-Auth RCE in Telnetd
security3 months ago

Ancient Telnet Hole Sparks Modern Worry: CVE-2026-32746 Pre-Auth RCE in Telnetd

Researchers analyze CVE-2026-32746, a pre-auth RCE in GNU inetutils Telnetd via a LINEMODE SLC buffer overflow. The issue stems from overflowing a small slcbuf when processing SLC triplets during LINEMODE negotiation, with exploitation heavily dependent on OS and architecture (64-bit vs 32-bit); while a reliable full RCE wasn't achieved across tested targets, a heap leak and an arbitrary-free primitive were demonstrated, potentially enabling code execution under favorable libc conditions. The vulnerability affects inetutils Telnetd and many forks across major distros (Ubuntu, Debian, FreeBSD, NetBSD, macOS, etc.), and patches have not been widely released at publication time. Detection strategies include probing for LINEMODE support and non-invasive overflow checks; watchTowr provides a detection artifact generator. Patch urgently, but note there is no universal fixed version yet; users should build from fixed commits or apply vendor mitigations.

Zero-Click RCE in Claude Desktop Extensions Endangers 10k+ Users
cyber-security5 months ago

Zero-Click RCE in Claude Desktop Extensions Endangers 10k+ Users

Security researchers LayerX revealed a zero-click remote code execution flaw in Claude Desktop Extensions (DXT) that leverages the Model Context Protocol to chain untrusted data from Google Calendar into a privileged local executor. An attacker can trigger the payload via a malicious calendar event with no user interaction, potentially compromising the host with the user’s privileges. The issue affects over 10,000 active Claude users and more than 50 DXT extensions; Anthropic has reportedly not fixed it yet, citing the architecture of MCP autonomy. Mitigations include disconnecting high-privilege local extensions from untrusted data sources and awaiting a patch or architectural changes to MCP. This serves as a warning about the security risks of AI agents autonomously bridging data to local systems.

Decompiled Patch Diff Enables SmarterMail Admin Password Bypass (WT-2026-0001)
security5 months ago

Decompiled Patch Diff Enables SmarterMail Admin Password Bypass (WT-2026-0001)

Researchers detail WT-2026-0001 in SmarterMail, a pre-authentication admin password-reset bypass that can be triggered by calling a force-reset-password API with IsSysAdmin set to true, enabling admin access without verifying OldPassword and potentially yielding remote code execution via the Volume Mount feature. A PoC shows a JSON payload including IsSysAdmin, Username, and NewPassword. SmarterTools released patch 9511 on Jan 15, 2026 to fix the flaw, but exploitation was observed shortly after the patch, highlighting urgent need to upgrade. The patched flow enforces admin verification and old-password checks, mitigating this bypass; the report also notes the ongoing risk and how attackers monitor patches to exploit high-value targets.

MongoDB Urges Immediate Patch for Critical RCE and Data Leak Vulnerabilities
technology6 months ago

MongoDB Urges Immediate Patch for Critical RCE and Data Leak Vulnerabilities

MongoDB has issued an urgent warning to patch a severe remote code execution vulnerability (CVE-2025-14847) affecting multiple versions of its database software. The flaw, due to improper handling of length parameters, allows unauthenticated attackers to execute arbitrary code. Admins are advised to upgrade to patched versions immediately or disable zlib compression to mitigate the risk. The vulnerability has been actively exploited in the past, emphasizing the need for prompt action.

Cisco Issues Urgent Fix for Critical IOS Zero-Day Exploits
network-security9 months ago

Cisco Issues Urgent Fix for Critical IOS Zero-Day Exploits

Cisco has issued a warning about a high-severity, actively exploited vulnerability in IOS and IOS XE Software (CVE-2025-20352) that affects SNMP protocols, allowing remote attackers with certain credentials to execute arbitrary code or cause a denial-of-service. The flaw, rooted in a stack overflow, has been patched in Cisco IOS XE Software Release 17.15.4a, but mitigation involves restricting SNMP access to trusted users and monitoring SNMP activity.

Hackers Exploit Zero-Day Flaw in Sitecore for Backdoors and Malware
cybersecurity10 months ago

Hackers Exploit Zero-Day Flaw in Sitecore for Backdoors and Malware

Threat actors exploited a zero-day vulnerability in legacy Sitecore systems (CVE-2025-53690) involving a ViewState deserialization flaw caused by reused sample ASP.NET machine keys, leading to remote code execution and deployment of reconnaissance malware WeepSteel. The attack involved multi-stage exploits including privilege escalation and persistence techniques. Sitecore recommends immediate replacement and encryption of static machine keys to mitigate the vulnerability.

Cursor AI Code Editor Fixes and Security Vulnerabilities
technology11 months ago

Cursor AI Code Editor Fixes and Security Vulnerabilities

Cybersecurity researchers disclosed a high-severity vulnerability (CVE-2025-54136) in the AI code editor Cursor that allows remote code execution through malicious MCP file swaps, which has been addressed in version 1.3 by requiring repeated user approval for configuration changes. The flaw exposes significant risks in AI development environments, especially as AI tools become more integrated into workflows, and is part of broader concerns about AI security vulnerabilities and attack vectors.