Critical RCEs in Microsoft AI & GitHub, plus CrowdSec for Hardening

Critical RCEs in Microsoft AI & GitHub, plus CrowdSec for Hardening

Today's Highlights

This week, major RCE vulnerabilities in Microsoft's AI frameworks and GitHub.com highlight critical supply chain and AI-specific security risks. Additionally, a practical guide to integrating CrowdSec with Nginx Proxy Manager offers robust defensive techniques for self-hosted applications.

[Research] Full-chain RCE in Microsoft Semantic Kernel & Agent Framework 1.0 (6 Bypasses) (r/netsec)

Source: https://reddit.com/r/netsec/comments/1sy2k13/research_fullchain_rce_in_microsoft_semantic/

This disclosure details a critical full-chain Remote Code Execution (RCE) vulnerability, assigned a CVSS score of 10.0, affecting Microsoft Semantic Kernel (.NET v1.74) and the new Agent Framework 1.0. The vulnerability chain leverages six distinct bypasses to achieve arbitrary code execution, highlighting complex interaction flaws within the AI orchestration frameworks. Semantic Kernel is a popular open-source SDK that allows developers to integrate large language models (LLMs) with conventional programming languages, making this RCE particularly concerning for applications relying on AI agents and extensible AI pipelines.

The timeline reveals a coordinated disclosure process, indicating the severity and potential for widespread impact on AI-powered applications. Exploiting such a vulnerability could allow attackers to execute malicious code on systems running vulnerable Semantic Kernel or Agent Framework instances, potentially leading to data breaches, system compromise, or manipulation of AI agent behavior. This research underscores the nascent but critical need for robust security practices in developing and deploying AI-integrated software, particularly concerning how LLMs interact with external tools and code execution environments. It serves as a stark reminder of the security risks inherent in complex AI frameworks and the importance of thorough security auditing beyond traditional software.

Comment: This is a must-read for anyone building with AI agents or LLMs, especially on the Microsoft stack. A CVSS 10.0 RCE in foundational AI frameworks shows that prompt injection is just the tip of the iceberg for AI security. Time to patch and review your AI application's attack surface.

Remote Code Execution in GitHub.com and GitHub Enterprise Server (CVE-2026-3854) (r/cybersecurity)

Source: https://reddit.com/r/cybersecurity/comments/1sy9zdt/remote_code_execution_in_githubcom_and_github/

A critical Remote Code Execution (RCE) vulnerability, identified as CVE-2026-3854, has been disclosed affecting both GitHub.com and GitHub Enterprise Server instances. While the future-dated CVE is unusual, the implications of an RCE in GitHub are profound, as it represents a core component of the software supply chain for countless organizations and projects. This type of vulnerability could allow attackers to execute arbitrary code within GitHub's infrastructure or on Enterprise Server deployments, granting them significant control over repositories, build processes, and potentially leading to widespread supply chain attacks.

The severity of an RCE in GitHub cannot be overstated. Compromise of GitHub.com could impact the integrity of open-source projects, enable malicious code injection into widely used libraries, and facilitate sophisticated attacks against downstream users. For GitHub Enterprise Server users, immediate patching and vigilance are paramount to prevent internal system compromise and data exfiltration. This disclosure highlights the ongoing challenge of securing foundational developer platforms and the cascading effects a single vulnerability can have across the entire software development ecosystem.

Comment: An RCE in GitHub is a nightmare scenario for supply chain security. If you're running GitHub Enterprise Server, you need to prioritize this patch immediately. For GitHub.com users, this reinforces the need for strong branch protection, code review, and dependency scanning practices.

NPMplus + CrowdSec setup, my notes (r/selfhosted)

Source: https://reddit.com/r/selfhosted/comments/1sydvmr/npmplus_crowdsec_setup_my_notes/

This practical guide offers detailed notes on integrating Nginx Proxy Manager (NPMplus) with CrowdSec, a free and open-source behavior detection engine. The setup provides a robust defensive layer for self-hosted applications, enhancing security against various threats like brute-force attacks, credential stuffing, and malicious bot activity. NPMplus simplifies reverse proxy management with a user-friendly web interface, making it an ideal front-end for CrowdSec's capabilities, which analyze logs from various services to identify and block suspicious IPs based on a global threat intelligence network.

The notes likely cover installation steps, configuration specifics for linking NPMplus's access logs to CrowdSec's parsers, and setting up bouncers to automatically block identified attackers at the proxy level. This combination enables users to effectively protect their exposed services, moving beyond basic firewall rules to dynamic, behavior-based threat detection and response. For self-hosters and small businesses looking to implement practical hardening guides without significant cost, this integration serves as an excellent example of a layered security approach that contributes to a more resilient infrastructure.

Comment: I've been looking for a better way to protect my self-hosted services, and this NPMplus + CrowdSec combo sounds like a solid, actionable solution. CrowdSec's community-driven threat intelligence is a game-changer for dynamic IP blocking right at the edge.