Ori

@vbCrLf

Security Researcher and Software Engineer. Playing with @pastenctf

Joined November 2008

46 Following

28 Followers

4 Posts

Ori

@vbCrLf

1 day ago

Over the last few months, I researched Langflow, n8n, and Activepieces. The result is 9 zero-days and a BlueHat IL talk 🛠️ 🚨 CVE-2026-7524 (Critical - 9.8) 🚨 CVE-2026-48519 (Critical - 9.6) ⚠️ CVE-2026-7528 (High - 7.1) 🐛 CVE-2026-42228 (Moderate - 6.3) 🐛 CVE-2026-48520 (Moderate - 6.1) 🚨 CVE-not-yet-published (Critical - 9.0) 🚨 CVE-not-yet-published (Critical - 10.0) ⚠️ CVE-not-yet-published (High - 8.6) ⚠️ CVE-not-yet-published (High - 8.3) Thanks to the vendors for the cooperation and fixes. @Oranav and I will be breaking down some of these on stage at BlueHat IL 2026 Registration closes soon. Write-ups will be published after the con. Abstract: https://t.co/dJfkfwSCvs @BlueHatIL @msftsecresponse

Ori

@vbCrLf

11 days ago

Excited to share my research was accepted at @BlackHatEvents USA 2026! 🎩 I'll present how I achieved interactive access to users' AI assistants by chaining: 🔓 Prompt injection 🔓 Privilege escalation 🔓 Path traversal 🔓 `.toml` injection 🔓 and finally an `LD_PRELOAD` exploit The impact: 🚨 CVE-2026-32193 (Critical) 🏆 $48,000 bug bounty from Microsoft ChatMate: Remote Prompt Execution on AI Assistants through Sandbox Escaping https://t.co/5aU8tXH0na Special thanks to @msftsecresponse for the brilliant collaboration! See you in Vegas 👋 #ChatMate #CVE_2026_32193 #BHUSA @BlackHatEvents @rubrikInc @Oranav

399

Ori

@vbCrLf

Last Seen Users on Sotwe

Trends for you

Most Popular Users