Upwind Security MDR

🚨Critical - mise Arbitrary Code Execution via Tera Templates in .tool-versions (CVE-2026-33646) mise parses .tool-versions files through the Tera template engine with the exec() function registered, but unlike .mise.toml, these files are not subject to trust verification in the default (non-paranoid) mode. An attacker can commit a malicious .tool-versions file with Tera syntax like {{ exec(command="...") }} to a git repository. When a victim with Mise activates CDs into the directory, the shell hook parses the file and runs arbitrary commands silently - no trust prompt, no warning - with the victim's full privileges and environment, exposing tokens, API keys, and SSH agents. Since .tool-versions is a widely committed convention, a malicious PR could execute code on every reviewer's machine. 👉Upgrade to mise 2026.3.10.

🚨Critical - Paymenter Arbitrary File Upload RCE via Ticket Attachments (CVE-2025-58048) Paymenter, an open-source webshop/billing solution for hosting providers, fails to restrict file types in its ticket attachments feature. A malicious authenticated user can upload arbitrary files, including executable scripts served from the web root. This can lead to sensitive data extraction from the database, credentials being read from configuration files, and arbitrary system commands running under the web server user, resulting in full remote code execution. Exploitation requires only a low-privileged authenticated account and no user interaction. 👉Upgrade to Paymenter 1.2.11.

🚨High - MISP Multiple Security Vulnerabilities (CVE-2026-56422 & CVE-2026-56425) CVE-2026-56422- Multiple MISP core controllers and models accept client-controlled primary keys (id) and foreign keys (event_id, org_id, user_id, sharing_group_id, etc.) without proper revalidation. An authenticated user can overwrite objects, re-parent data, transfer ownership, or inject content into other users' contexts. This is a broad Mass Assignment / Authorization Bypass issue (CWE-639) affecting many create/edit/import flows. CVE-2026-56425- MISP's AAD Authentication Plugin contains multiple weaknesses in its OAuth 2.0 flow: session IDs exposed as OAuth state parameters, no session regeneration post-login, missing single-use nonce enforcement, no HTTPS enforcement on redirect URIs, and verbatim logging of attacker-controlled error parameters. Combined, these enable session hijacking, session fixation, CSRF, replay attacks, and log injection. 👉Affected: MISP (pre-fix versions). Fixed in: Latest MISP. Upgrade to latest.

🚨Critical - Grafana Snowflake Datasource Arbitrary File Read/Write (CVE-2026-28381) The Snowflake datasource in Grafana allows GET/PUT commands. Any user with query access to the datasource can read and write arbitrary files between the Grafana server and the connected Snowflake host. Severity: Critical (CVSS 9.6) 👉Affected: Grafana with Snowflake datasource plugin Action: Update the Snowflake datasource plugin or restrict datasource access.

🚨Critical - IBM Langflow OSS Unauthenticated RCE (CVE-2026-10561) IBM Langflow OSS 1.0.0 through 1.9.3 suffers from improper isolation of Python execution combined with an authentication bypass. This allows an unauthenticated remote attacker to execute arbitrary code on the host system, resulting in full compromise. Severity: Critical (CVSS 10.0) 👉Affected: IBM Langflow OSS <= 1.9.3 Action: Upgrade to the latest patched version ץ

🚨 CRITICAL - libssh2 SSH packet_length OOB write in transport read (CVE-2026-55200) libssh2 through 1.11.1 contains an out-of-bounds write in ssh2_transport_read() caused by insufficient bounds checking on the SSH packet_length field. A remote attacker can send crafted SSH packets advertising an excessively large packet_length to trigger heap memory corruption during packet processing. This can be exploited pre-auth in exposed client/server integrations that accept attacker-controlled SSH traffic, with a realistic path to remote code execution depending on memory layout and mitigations. Real-world impact includes service crashes, potential takeover of systems using libssh2 for SSH/SFTP automation, and lateral movement via compromised jump hosts or file-transfer services. 👉 Affected: libssh2 <= 1.11.1 | Upgrade to No fix yet — treat as suspicious

🚨Critical - Spring Framework RCE "Spring4Shell" (CVE-2022-22965) A Spring MVC or Spring WebFlux application running on JDK 9+ can be vulnerable to remote code execution through data binding. By crafting requests that manipulate object properties via Spring's data-binding mechanism (reaching ClassLoader-related fields), an attacker can write a malicious file such as a JSP web shell and execute arbitrary code. The classic exploit path requires the application to be deployed as a WAR on Apache Tomcat; Spring Boot executable jars in the default configuration are not affected, though the underlying weakness is more general. The flaw is remotely exploitable with no privileges or user interaction. 👉Upgrade to Spring Framework 5.3.18 or 5.2.20.

🚨Critical - SiYuan Bazaar Marketplace XSS-to-RCE via Package Metadata (CVE-2026-56395) SiYuan fails to sanitize package metadata and README content in its Bazaar marketplace, so a malicious package author can inject arbitrary HTML and JavaScript through the displayName, description, or README fields. When another user browses the Bazaar, the stored payload executes in the app. Because SiYuan is an Electron app with nodeIntegration enabled, the XSS escapes the browser context and can run OS-level commands, turning a marketplace listing into remote code execution against anyone viewing it. Exploitation requires only that a victim browse the Bazaar. 👉Upgrade to SiYuan v3.6.1.

🚨High - Craft CMS Authenticated RCE via Missing Config Sanitization (CVE-2026-56382) Craft CMS's FieldsController::actionRenderCardPreview() method passes the fieldLayoutConfig POST parameter straight to Fields::createLayout() without calling Component::cleanseConfig(). Because the config isn't sanitized, an authenticated admin user can inject Yii2 event handlers such as 'on init' keys through fieldLayoutConfig. This allows execution of arbitrary PHP code and disclosure of sensitive data, including environment variables holding database credentials and the CRAFT_SECURITY_KEY. Exploitation requires an admin-level account but no user interaction. 👉Upgrade to Craft CMS 5.9.14.

🚨Critical - Crawl4AI Authentication Bypass via Hardcoded JWT Signing Key (CVE-2026-56265) Crawl4AI's Docker API server ships with a hardcoded default JWT signing key. Because the secret used to sign authentication tokens is publicly known, any attacker aware of the default key can forge valid JWTs for any user. This lets an unauthenticated remote attacker bypass authentication entirely and gain full access to protected functionality on the API server, with high confidentiality, integrity, and availability impact and no privileges or user interaction required. 👉Upgrade to Crawl4AI 0.8.7.

🚨Critical - SiYuan Bazaar Marketplace XSS-to-RCE via Package Metadata (CVE-2026-56397) SiYuan fails to sanitize package metadata and README content in its Bazaar marketplace, so a malicious package author can inject arbitrary HTML and JavaScript through the displayName, description, or README fields. When another user browses the Bazaar, the stored payload executes in the app. Because SiYuan is an Electron app with nodeIntegration enabled, the XSS escapes the browser context and can run OS-level commands, turning a marketplace listing into remote code execution against anyone viewing it. Exploitation requires only that a victim browse the Bazaar. 👉Upgrade to SiYuan v3.6.1.

🚨High - phpMyFAQ Privilege Escalation via Missing Authorization (CVE-2026-56396) phpMyFAQ's editUser() and updateUserRights() endpoints fail to verify SuperAdmin status before applying changes. As a result, an authenticated non-SuperAdmin user who holds the edit_user permission can set the is_superadmin flag or grant arbitrary rights to an account. This lets a lower-privileged admin-tier user escalate to full SuperAdmin access over the knowledge base, gaining complete control with high confidentiality, integrity, and availability impact. Exploitation requires only an existing account with edit_user and no user interaction. 👉Upgrade to phpMyFAQ 4.1.4.

⚠️MEDIUM - LiteLLM MCP Proxy authentication bypass (CVE-2026-12773) An auth bypass flaw in BerriAI LiteLLM (<=1.59.8) MCP Proxy allows remote unauthenticated attackers to bypass API key checks. Public PoC is available ,expect opportunistic scanning. 👉Affected: litellm <= 1.59.8

🚨 HIGH - vLLM prompt-embeds sparse tensor validation flaw enables DoS/memory corruption (CVE-2026-56340) vLLM fails to properly validate sparse tensor indices during multimodal embeddings processing when the prompt-embeds feature is enabled. The root cause is missing bounds and consistency checks on attacker-controlled sparse tensor metadata, allowing malformed indices to reach lower-level tensor operations. An attacker can exploit this by sending crafted embedding requests that trigger crashes or sustained resource exhaustion, resulting in denial of service. In worst cases, out-of-bounds behavior may lead to write-what-where style memory corruption, and the risk is amplified because a prior related CVE only disabled the feature by default instead of fixing validation. 👉 Affected: vllm (prompt-embeds enabled; versions not specified) | No fix yet - treat as suspicious

🚨Critical - Malicious npm Package "new-ecro" (GHSA-chhh-8532-pg35) GitHub has flagged the npm package new-ecro as malware (embedded malicious code). Installing or running it can hand full control of the host to an outside entity, so any machine that has pulled this package should be treated as fully compromised. All secrets and keys stored on an affected machine should be rotated immediately from a separate, clean computer. Every published version is affected and there is no safe version to upgrade to. Note that removing the package does not guarantee removal of malicious software it may have already installed. 👉Remove new-ecro, no patched version exists.

🚨Critical - iCagenda for Joomla Unauthenticated File Upload RCE (CVE-2026-48939) The iCagenda events extension for Joomla allows arbitrary file upload through its public event submission form's attachment feature. Because file types are not properly restricted, an unauthenticated attacker can upload a PHP web shell and then execute it, gaining full remote code execution on the server. With no login required, an attacker can steal data, deface pages, plant backdoors, or pivot to attack others. The flaw scores a maximum CVSS 10.0 and is reported as actively exploited in the wild as a zero-day across all versions up to 4.0.7. 👉Upgrade to iCagenda 4.0.8.