DEV Community: CVE Reports

CVE-2026-9354: CVE-2026-9354: Arbitrary Mass Mention Bypass in NousResearch hermes-agent Slack and Mattermost Adapters

CVE Reports — Sun, 24 May 2026 07:11:16 +0000

CVE-2026-9354: Arbitrary Mass Mention Bypass in NousResearch hermes-agent Slack and Mattermost Adapters

Vulnerability ID: CVE-2026-9354
CVSS Score: 6.9
Published: 2026-05-24

A vulnerability in the Slack and Mattermost platform adapters for NousResearch hermes-agent permits an unauthenticated remote attacker to execute arbitrary mass mentions. By leveraging prompt injection, an attacker can bypass output sanitization logic and trigger workspace-wide notification exhaustion.

TL;DR

Unauthenticated prompt injection in hermes-agent Slack and Mattermost adapters allows attackers to trigger mass ping notifications via unescaped tags.

⚠️ Exploit Status: POC

Technical Details

CWE ID: CWE-116 / CWE-20
Attack Vector: Network (Prompt Injection)
CVSS 4.0: 6.9 (Medium)
CVSS 3.1: 5.4 (Medium)
Impact: Availability (Notification Exhaustion)
Exploit Status: Public PoC Available
CISA KEV: Not Listed

Affected Systems

NousResearch hermes-agent <= 2026.4.16 (Slack Adapter)
NousResearch hermes-agent <= 2026.4.16 (Mattermost Adapter)
hermes-agent: <= 2026.4.16

Exploit Details

GitHub Gist: Proof of Concept reproducing the mass ping bypass against Slack and Mattermost endpoints

Mitigation Strategies

Modify Slack adapter regex to exclude broadcast tags or implement secondary escaping pass
Inject 'disable_mentions': true into Mattermost adapter payload props
Implement universal LLM output guardrails to neutralize platform-specific mention syntax

Remediation Steps:

Locate gateway/platforms/mattermost.py in the hermes-agent source
Update the post request payload to include 'props': {'disable_mentions': True}
Locate gateway/platforms/slack.py in the hermes-agent source
Add a pre-transmission replace function for '<!everyone>', '<!channel>', and '<!here>'
Restart the hermes-agent service to apply source modifications

References

Read the full report for CVE-2026-9354 on our website for more details including interactive diagrams and full exploit analysis.

CVE-2026-9306: CVE-2026-9306: Unauthenticated Insecure Direct Object Reference (IDOR) in QuantumNous new-api Midjourney Relay

CVE Reports — Sat, 23 May 2026 22:20:51 +0000

CVE-2026-9306: Unauthenticated Insecure Direct Object Reference (IDOR) in QuantumNous new-api Midjourney Relay

Vulnerability ID: CVE-2026-9306
CVSS Score: 6.3
Published: 2026-05-23

CVE-2026-9306 is a critical unauthenticated Insecure Direct Object Reference (IDOR) vulnerability located in the QuantumNous new-api application, affecting versions up to and including 0.12.1. The flaw is caused by improper middleware ordering combined with a lack of object-level authorization checks. This allows remote, unauthenticated attackers to retrieve sensitive Midjourney images belonging to other users by supplying a valid task identifier.

TL;DR

An architectural flaw in QuantumNous new-api <= 0.12.1 allows unauthenticated attackers to bypass authorization and extract user-generated Midjourney images via the /mj/image/:id endpoint using a valid task ID.

⚠️ Exploit Status: WEAPONIZED

Technical Details

CWE ID: CWE-639
Attack Vector: Network
CVSS 4.0: 6.3
Authentication: None Required
Impact: Data Exfiltration (Low Confidentiality)
Exploit Status: Weaponized PoC Available
KEV Status: Not Listed

Affected Systems

QuantumNous new-api
new-api: <= 0.12.1

Exploit Details

GitHub Gist: Technical Advisory & PoC

Mitigation Strategies

Manual code modification to fix middleware ordering
Manual code modification to enforce user scoping in database queries
Deployment of Web Application Firewall (WAF) rules to enforce authentication headers

Remediation Steps:

Open router/relay-router.go in the repository source.
Locate the line relayMjRouter.GET("/image/:id", relay.RelayMidjourneyImage).
Move this line below the relayMjRouter.Use(middleware.TokenAuth(), middleware.Distribute()) declaration.
Open relay/mjproxy_handler.go and locate the data retrieval call.
Modify the call from model.GetByOnlyMJId(taskId) to model.GetByMJId(userId, taskId), ensuring the userId is extracted from the authenticated Gin context.
Recompile the application and restart the service.

References

Read the full report for CVE-2026-9306 on our website for more details including interactive diagrams and full exploit analysis.

GHSA-GGXF-37HM-9WQF: GHSA-GGXF-37HM-9WQF: Session Leakage via Unsafe Challenge Path Parsing in instagrapi

CVE Reports — Sat, 23 May 2026 06:10:50 +0000

GHSA-GGXF-37HM-9WQF: Session Leakage via Unsafe Challenge Path Parsing in instagrapi

Vulnerability ID: GHSA-GGXF-37HM-9WQF
CVSS Score: 6.5
Published: 2026-05-23

The instagrapi library prior to version 2.6.9 contains an improper input validation vulnerability within its challenge handling mechanism. Maliciously crafted server responses can manipulate the client into forwarding session cookies and credentials to an external attacker-controlled domain.

TL;DR

Versions of instagrapi before 2.6.9 are vulnerable to a session leakage flaw where malformed API paths in challenge responses redirect authenticated requests to arbitrary external servers.

⚠️ Exploit Status: POC

Technical Details

CWE ID: CWE-20
Attack Vector: Adjacent Network
CVSS Score: 6.5
Impact: Session Hijacking / Credential Leakage
Exploit Status: Proof of Concept available
Remediation: Update to version 2.6.9

Affected Systems

instagrapi (PyPI package) versions < 2.6.9
instagrapi: < 2.6.9 (Fixed in: 2.6.9)

Code Analysis

Commit: c442a0c

Fix unsafe signup challenge path handling

Exploit Details

GitHub Fix PR (Unit Test): The patch PR includes unit tests demonstrating the payload '@attacker.example' resulting in redirection.

Mitigation Strategies

Upgrade the instagrapi package to the patched version (2.6.9).
Implement strict egress filtering to ensure outbound traffic from the application host is restricted to known, legitimate API domains.
Enforce strict TLS validation to prevent Man-in-the-Middle tampering of API responses.

Remediation Steps:

Identify all projects and services utilizing the instagrapi library via dependency auditing tools.
Update the dependency mapping (e.g., requirements.txt, pyproject.toml) to specify instagrapi >= 2.6.9.
Execute automated test suites to verify that the upgrade does not introduce functional regressions.
Deploy the updated application build to production environments.

References

Read the full report for GHSA-GGXF-37HM-9WQF on our website for more details including interactive diagrams and full exploit analysis.

GHSA-QQQM-5547-774X: GHSA-QQQM-5547-774X: Unauthenticated Path Traversal in FileBrowser Quantum PATCH Handler

CVE Reports — Fri, 22 May 2026 20:40:50 +0000

GHSA-QQQM-5547-774X: Unauthenticated Path Traversal in FileBrowser Quantum PATCH Handler

Vulnerability ID: GHSA-QQQM-5547-774X
CVSS Score: 9.1
Published: 2026-05-22

GHSA-QQQM-5547-774X is a critical path traversal vulnerability in the FileBrowser Quantum application, specifically within the Go backend package. The vulnerability resides in the HTTP handler responsible for processing bulk file modifications via the public API. Unauthenticated attackers can exploit an order-of-operations flaw in the path sanitization logic to bypass intended directory restrictions. This allows adversaries to arbitrarily read, move, and overwrite files on the underlying filesystem by supplying specially crafted HTTP PATCH requests.

TL;DR

An unauthenticated path traversal in FileBrowser Quantum's PATCH endpoint allows attackers to move or rename arbitrary files by exploiting an order-of-operations flaw in path sanitization.

⚠️ Exploit Status: POC

Technical Details

CWE ID: CWE-22
Attack Vector: Network
CVSS v4.0: 9.1
Exploit Status: Proof-of-Concept
Privileges Required: None (Unauthenticated)
Impact: Arbitrary File Read/Write

Affected Systems

FileBrowser Quantum Go Backend (github.com/gtsteffaniak/filebrowser/backend)
FileBrowser Quantum: < 28e9b81e438e (Fixed in: 0.0.0-20260518193514-28e9b81e438e)

Mitigation Strategies

Update the application to pseudo-version 0.0.0-20260518193514-28e9b81e438e or later.
Disable the 'Allow Modify' permission on all public share links.
Deploy Web Application Firewall (WAF) rules to inspect and block traversal sequences in JSON bodies.

Remediation Steps:

Identify the current running version of FileBrowser Quantum.
Pull the latest container image or compile the backend from source including commit 28e9b81e438e.
Restart the FileBrowser service to apply the patch.
Audit existing public shares and verify none maintain the Allow Modify flag unless strictly necessary and tightly scoped.

References

Read the full report for GHSA-QQQM-5547-774X on our website for more details including interactive diagrams and full exploit analysis.

CVE-2026-8723: CVE-2026-8723: Synchronous Denial of Service in qs npm Package via TypeError

CVE Reports — Fri, 22 May 2026 20:10:50 +0000

CVE-2026-8723: Synchronous Denial of Service in qs npm Package via TypeError

Vulnerability ID: CVE-2026-8723
CVSS Score: 5.3
Published: 2026-05-22

The qs query string parsing and serialization library for Node.js is vulnerable to a synchronous Denial of Service (DoS) attack. The vulnerability manifests as a process-terminating TypeError when processing arrays with null or undefined elements under specific configuration parameters.

TL;DR

A configuration-dependent vulnerability in qs.stringify allows attackers to crash the hosting Node.js process by supplying arrays with null or undefined elements when comma formatting and encodeValuesOnly are enabled.

⚠️ Exploit Status: POC

Technical Details

CWE ID: CWE-476
Attack Vector: Network
CVSS v3.1: 5.3
EPSS Score: 0.00044
Impact: Denial of Service (Process Termination)
Exploit Status: poc
KEV Status: Not Listed

Affected Systems

Node.js applications
Projects utilizing the qs npm package versions 6.11.1 through 6.15.1
qs: >= 6.11.1 < 6.15.2 (Fixed in: 6.15.2)

Code Analysis

Commit: 21f80b3

Fix: add null check in encoder mapping for comma-separated arrays

--- a/lib/stringify.js
+++ b/lib/stringify.js
@@ -142,7 +142,9 @@ var stringify = function stringify(
     if (generateArrayPrefix === 'comma' && isArray(obj)) {
         // we need to join elements in
         if (encodeValuesOnly && encoder) {
-            obj = utils.maybeMap(obj, encoder);
+            obj = utils.maybeMap(obj, function (v) {
+                return v == null ? v : encoder(v);
+            });
         }
         objKeys = [{ value: obj.length > 0 ? obj.join(',') || null : void undefined }];

Exploit Details

Vendor Advisory: Public proof of concept exploiting the qs.stringify TypeError crash

Mitigation Strategies

Upgrade the qs package to a patched version
Modify application configuration to avoid vulnerable stringify options
Implement defensive error handling around serialization logic
Sanitize application state before passing data to serializers

Remediation Steps:

Identify all projects in your environment utilizing the qs npm package.
Audit the codebase for usage of qs.stringify with options { arrayFormat: 'comma', encodeValuesOnly: true }.
Update package.json dependencies to ensure qs is version 6.15.2 or higher.
Execute npm install or yarn install to apply the updated dependency.
Deploy the updated application to target environments.
If upgrade is impossible, wrap vulnerable qs.stringify calls in a try-catch block.

References

Read the full report for CVE-2026-8723 on our website for more details including interactive diagrams and full exploit analysis.

GHSA-7M8F-HGJQ-8GC9: GHSA-7M8F-HGJQ-8GC9: Pre-Authentication Denial of Service via Insecure Deserialization Order in aiosend

CVE Reports — Fri, 22 May 2026 19:40:51 +0000

GHSA-7M8F-HGJQ-8GC9: Pre-Authentication Denial of Service via Insecure Deserialization Order in aiosend

Vulnerability ID: GHSA-7M8F-HGJQ-8GC9
CVSS Score: 7.5
Published: 2026-05-22

The aiosend library prior to version 3.0.6 contains a pre-authentication Denial of Service (DoS) vulnerability in its webhook handling mechanism. The software processes and deserializes incoming JSON payloads before verifying the cryptographic signature, allowing unauthenticated attackers to exhaust server CPU and memory resources by sending large, complex payloads.

TL;DR

Pre-auth DoS in aiosend < 3.0.6 due to full Pydantic JSON deserialization occurring prior to HMAC signature verification on webhook endpoints.

⚠️ Exploit Status: POC

Technical Details

Vulnerability Type: Pre-auth Denial of Service (DoS)
CWE ID: CWE-400 (Uncontrolled Resource Consumption)
CVSS v3.1 Score: 7.5 (High)
Attack Vector: Network
Authentication Required: None
Affected Component: aiosend/webhook/base.py
Exploit Status: PoC Available

Affected Systems

aiosend Python package
Applications utilizing aiosend for webhook processing
aiosend: < 3.0.6 (Fixed in: 3.0.6)

Mitigation Strategies

Upgrade the aiosend library to version 3.0.6 or later.
Implement WAF rules to drop POST requests to webhook endpoints lacking proper authentication headers.
Configure reverse proxies (e.g., Nginx) to enforce strict maximum request body sizes for incoming webhooks.
Utilize application framework middleware to reject requests exceeding expected Content-Length bounds.

Remediation Steps:

Audit project dependencies to identify the installed version of aiosend.
Update the aiosend dependency to version 3.0.6 in requirements.txt, Pipfile, or pyproject.toml.
Rebuild and deploy the application environment with the updated dependencies.
Configure web servers or reverse proxies to enforce a strict body size limit (e.g., 50KB) on the exposed webhook URL paths.

References

Read the full report for GHSA-7M8F-HGJQ-8GC9 on our website for more details including interactive diagrams and full exploit analysis.

GHSA-JQQ5-8PX3-9M6M: GHSA-JQQ5-8PX3-9M6M: Single-Byte Heap Overflow Bypass in ImageMagick JSON and YAML Encoders

CVE Reports — Fri, 22 May 2026 06:10:51 +0000

GHSA-JQQ5-8PX3-9M6M: Single-Byte Heap Overflow Bypass in ImageMagick JSON and YAML Encoders

Vulnerability ID: GHSA-JQQ5-8PX3-9M6M
CVSS Score: 6.2
Published: 2026-05-21

A heap-based buffer overflow vulnerability exists in the JSON and YAML encoders of ImageMagick and Magick.NET. This issue constitutes an incomplete fix for CVE-2026-40169, resulting in a single-byte out-of-bounds write (off-by-one error) during image metadata serialization.

TL;DR

ImageMagick < 7.1.2-19 and Magick.NET < 14.12.0 suffer from a single-byte heap overflow in their JSON/YAML encoders. An incomplete patch for a prior vulnerability allows an attacker to cause a denial of service via a crafted file.

⚠️ Exploit Status: POC

Technical Details

CWE ID: CWE-122, CWE-193
Attack Vector: Local / Remote via File Upload
CVSS Score: 6.2
Impact: Denial of Service (DoS)
Exploit Status: Proof of Concept (PoC) Exists
KEV Status: Not Listed

Affected Systems

ImageMagick Core
Magick.NET NuGet Packages
ImageMagick: < 7.1.2-19 (Fixed in: 7.1.2-19)
Magick.NET: < 14.12.0 (Fixed in: 14.12.0)

Exploit Details

Private Researcher (007bsd): A Proof-of-Concept demonstrating the crash exists in the private researcher community.

Mitigation Strategies

Update ImageMagick to version 7.1.2-19 or later
Update Magick.NET packages to version 14.12.0 or later
Disable the JSON and YAML coders via ImageMagick's policy.xml if updates are not possible

Remediation Steps:

Identify all systems and applications using ImageMagick or Magick.NET.
Check the installed version of the libraries.
If utilizing Magick.NET, update the project's NuGet package references to version 14.12.0.
If utilizing ImageMagick locally or in a container, update the system package or base image to incorporate version 7.1.2-19.
Test image processing pipelines to ensure updates do not cause regressions.
Deploy the updated components to production environments.

References

Read the full report for GHSA-JQQ5-8PX3-9M6M on our website for more details including interactive diagrams and full exploit analysis.

GHSA-VF33-6R7X-66XX: GHSA-VF33-6R7X-66XX: Division by Zero and Integer Overflow in ImageMagick Morphology

CVE Reports — Fri, 22 May 2026 03:11:51 +0000

GHSA-VF33-6R7X-66XX: Division by Zero and Integer Overflow in ImageMagick Morphology

Vulnerability ID: GHSA-VF33-6R7X-66XX
CVSS Score: 3.3
Published: 2026-05-21

ImageMagick versions prior to 7.1.1-33 contain an integer overflow vulnerability within the morphology module's binomial kernel generation logic. This integer overflow propagates to yield a division by zero error, resulting in a denial of service.

TL;DR

An unbounded integer overflow in ImageMagick's factorial calculation for binomial kernels leads to a mathematical division by zero. Attackers can trigger this denial of service by supplying an excessively large kernel radius.

⚠️ Exploit Status: POC

Technical Details

CWE ID: CWE-369, CWE-190
Attack Vector: Local / Context-Dependent API
Impact: Denial of Service (Application Crash)
Exploit Status: Proof-of-Concept
Severity: Low
CISA KEV: Not Listed

Affected Systems

ImageMagick
Magick.NET
ImageMagick: < 7.1.1-33 (Fixed in: 7.1.1-33)
Magick.NET: < 7.1.1-33 equivalent (Fixed in: 7.1.1-33 equivalent)

Code Analysis

Commit: d67eef7

Fix for integer overflow and division by zero in binomial kernel generation

Exploit Details

ImageMagick Issue Tracker: Triggering payload via ImageMagick CLI

Mitigation Strategies

Update ImageMagick and associated wrapper libraries (Magick.NET) to version 7.1.1-33 or newer.
Implement strict input validation for user-supplied image processing parameters, explicitly limiting morphology kernel radius sizes.
Ensure web applications do not directly pass unvalidated user input into ImageMagick command-line arguments.

Remediation Steps:

Identify all deployments of ImageMagick and Magick.NET within the environment.
Upgrade all identified packages to at least version 7.1.1-33.
Audit applications interacting with the ImageMagick API to confirm that morphology operations (specifically Binomial) utilize sanitized parameters.
Restart dependent application pools and services to ensure the patched shared libraries are loaded.

References

Read the full report for GHSA-VF33-6R7X-66XX on our website for more details including interactive diagrams and full exploit analysis.

GHSA-QV2Q-C278-PCH5: GHSA-qv2q-c278-pch5: Cryptographic Nonce Reuse and Information Disclosure in ImageMagick

CVE Reports — Fri, 22 May 2026 02:40:50 +0000

GHSA-qv2q-c278-pch5: Cryptographic Nonce Reuse and Information Disclosure in ImageMagick

Vulnerability ID: GHSA-QV2Q-C278-PCH5
CVSS Score: 3.7
Published: 2026-05-21

ImageMagick and its .NET wrapper Magick.NET fail to generate unique Initialization Vectors (IVs) when using the PasskeyEncipherImage method with AES-CTR mode. The deterministic derivation of the IV relies solely on the passphrase and the image dimensions. This cryptographic flaw leads to nonce reuse, allowing an attacker to recover plain text pixel data via XOR operations on ciphertexts.

TL;DR

ImageMagick's encipher utility derives AES-CTR nonces deterministically from image dimensions and passwords, causing keystream reuse. Attackers can recover plaintext images by XORing multiple encrypted images of the same size.

Technical Details

CWE ID: CWE-323
Attack Vector: Network
CVSS Score: 3.7 (Low)
Impact: Confidentiality Loss
Exploit Status: Theoretical/PoC
KEV Status: Not Listed

Affected Systems

ImageMagick
Magick.NET
Magick.NET-Q16-AnyCPU: < 14.12.0 (Fixed in: 14.12.0)
Magick.NET-Q8-AnyCPU: < 14.12.0 (Fixed in: 14.12.0)

Mitigation Strategies

Upgrade Magick.NET to version 14.12.0 or newer.
Ensure a unique passphrase is used for every single image if using the encipher feature.
Migrate to standard, purpose-built cryptographic libraries (e.g., AES-GCM in standard libraries) for robust encryption rather than relying on image processor utilities.

Remediation Steps:

Identify all projects importing Magick.NET distributions (Q8, Q16, HDRI).
Update the NuGet package references to 14.12.0.
Review application source code for usage of PasskeyEncipherImage.
Replace ImageMagick encryption routines with dedicated file encryption mechanisms.

References

Read the full report for GHSA-QV2Q-C278-PCH5 on our website for more details including interactive diagrams and full exploit analysis.

CVE-2026-8596: CVE-2026-8596: Remote Code Execution via Cleartext HMAC Key in Amazon SageMaker Python SDK

CVE Reports — Thu, 21 May 2026 20:40:51 +0000

CVE-2026-8596: Remote Code Execution via Cleartext HMAC Key in Amazon SageMaker Python SDK

Vulnerability ID: CVE-2026-8596
CVSS Score: 7.2
Published: 2026-05-21

The Amazon SageMaker Python SDK is vulnerable to arbitrary code execution due to the cleartext storage of a symmetric HMAC signing key in job environment variables. An authenticated attacker with Describe permissions can extract this key to forge valid integrity signatures for malicious model artifacts.

TL;DR

SageMaker Python SDK leaked symmetric HMAC keys in job environment variables, allowing attackers to forge signatures and achieve RCE via malicious model artifacts.

⚠️ Exploit Status: POC

Technical Details

CWE ID: CWE-312
Attack Vector: Network
CVSS Score: 7.2 (High)
EPSS Score: 0.10%
Impact: Arbitrary Code Execution
Exploit Status: Proof of Concept
KEV Status: Not Listed

Affected Systems

Amazon SageMaker Python SDK ModelBuilder component
Amazon SageMaker Python SDK Serve component
AWS SageMaker Inference Containers
Amazon SageMaker Python SDK (v2): >= 2.199.0, < 2.257.2 (Fixed in: 2.257.2)
Amazon SageMaker Python SDK (v3): >= 3.0.0, < 3.8.0 (Fixed in: 3.8.0)

Mitigation Strategies

Upgrade SageMaker Python SDK to patched versions
Rebuild existing models using the updated SDK
Restrict IAM roles for SageMaker API and S3 access

Remediation Steps:

Update the Amazon SageMaker Python SDK to version 2.257.2 or 3.8.0.
Identify all models and remote functions created with vulnerable SDK versions.
Rebuild and redeploy identified artifacts to generate new ECDSA signatures.
Audit IAM policies to enforce least privilege on sagemaker:DescribeTrainingJob and s3:PutObject.

References

Read the full report for CVE-2026-8596 on our website for more details including interactive diagrams and full exploit analysis.

CVE-2026-8597: CVE-2026-8597: Arbitrary Code Execution via Missing Integrity Verification in Amazon SageMaker Python SDK Triton Handler

CVE Reports — Thu, 21 May 2026 19:40:50 +0000

CVE-2026-8597: Arbitrary Code Execution via Missing Integrity Verification in Amazon SageMaker Python SDK Triton Handler

Vulnerability ID: CVE-2026-8597
CVSS Score: 7.2
Published: 2026-05-21

The Amazon SageMaker Python SDK is vulnerable to arbitrary code execution due to a lack of cryptographic integrity verification in its Triton inference handler. An attacker possessing S3 write permissions can replace legitimate model artifacts with a malicious payload, resulting in code execution within the inference container upon deserialization.

TL;DR

Missing integrity checks on S3-hosted artifacts in the SageMaker Python SDK allow an authenticated attacker with S3 write access to achieve arbitrary code execution via malicious pickle deserialization.

Technical Details

CWE ID: CWE-354
Attack Vector: Network
CVSS v3.1 Score: 7.2
EPSS Score: 0.13%
Impact: Arbitrary Code Execution
Exploit Status: Unexploited
KEV Status: Not Listed

Affected Systems

Amazon SageMaker Python SDK v2
Amazon SageMaker Python SDK v3
AWS Triton Inference Handler
Amazon SageMaker Python SDK v2: 2.199.0 to 2.257.1 (Fixed in: 2.257.2)
Amazon SageMaker Python SDK v3: 3.0.0 to 3.7.1 (Fixed in: 3.8.0)

Mitigation Strategies

Upgrade Amazon SageMaker Python SDK to a patched version (2.257.2+ or 3.8.0+)
Enforce Least Privilege on IAM S3 policies restricting s3:PutObject
Implement S3 Object Lock or S3 Versioning on model artifact buckets

Remediation Steps:

Identify all environments utilizing Amazon SageMaker Python SDK Triton handlers.
Update the Python SDK dependency to 2.257.2 (for v2) or 3.8.0 (for v3).
Rebuild all existing Triton models utilizing the updated ModelBuilder component to generate cryptographic metadata.
Redeploy the rebuilt models to the inference servers.
Audit S3 bucket policies to ensure strict access controls over the model artifact paths.

References

Read the full report for CVE-2026-8597 on our website for more details including interactive diagrams and full exploit analysis.

GHSA-HGV7-V322-MMGR: GHSA-HGV7-V322-MMGR: SSR Session Cross-Talk and Data Exposure in SvelteKit query.batch

CVE Reports — Thu, 21 May 2026 19:10:50 +0000

GHSA-HGV7-V322-MMGR: SSR Session Cross-Talk and Data Exposure in SvelteKit query.batch

Vulnerability ID: GHSA-HGV7-V322-MMGR
CVSS Score: 8.6
Published: 2026-05-21

The SvelteKit framework contains a critical cross-talk vulnerability within its server-side rendering (SSR) processing logic. The query.batch functionality improperly scopes state variables during concurrent request handling, allowing data intended for one user session to be exposed to another. The issue is resolved in version 2.60.1 by migrating the batching state to a strictly isolated request store.

TL;DR

A state isolation failure in SvelteKit's query.batch allows concurrent remote requests to intermingle, exposing sensitive session data across users. Upgrading to version 2.60.1 implements AsyncLocalStorage to properly isolate request contexts and mitigate the vulnerability.

Technical Details

CWE ID: CWE-488 (Exposure of Data Element to Wrong Session)
Attack Vector: Network
CVSS Score: 8.1 - 9.1 (Estimated)
Impact: Sensitive Information Disclosure / Session Cross-Talk
Exploit Status: No public weaponized exploits; theoretical race condition
Affected Component: query.batch in SvelteKit SSR

Affected Systems

@sveltejs/kit (SvelteKit framework)
@sveltejs/kit: < 2.60.1 (Fixed in: 2.60.1)

Code Analysis

Commit: dadaefc

Fix batching state leakage across requests by utilizing get_request_store() and state.remote.batches

Mitigation Strategies

Upgrade the SvelteKit framework package to version 2.60.1 or greater.
Refactor application code to avoid usage of query.batch if immediate patching is impossible.
Audit application logs for suspicious bursts of concurrent requests targeting SSR batched endpoints.

Remediation Steps:

Identify all projects relying on @sveltejs/kit within the organization.
Update the package.json file to specify @sveltejs/kit version 2.60.1.
Run package manager install commands (npm install, yarn, pnpm install) to update lockfiles.
Execute automated integration and regression tests to verify SSR and data-fetching functionality.
Deploy the updated application build to staging and production environments.

References

Read the full report for GHSA-HGV7-V322-MMGR on our website for more details including interactive diagrams and full exploit analysis.