#cve
5 articles exploring cve. Expert insights and analysis from our editorial team.
Articles
PickleScan 1.0.4 Patches a CVSS 10.0 pkgutil.resolve_name Bypass and Six Missing Stdlib RCE Modules
PickleScan 1.0.4 patched three [critical bypasses](/articles/instructlab-cve-2026-6859-hardcoded-trust-remote-code-true-turns-any/), but the fixes expose a deeper flaw: denylist scanning cannot keep pickle safe. The structural fix is safetensors migration.
Spring AI 1.0.6 Patches Five CVEs Including CVSS 8.8 SQL Injection in CosmosDBVectorStore.doDelete
Spring AI 1.0.6 patches five CVEs including SQL injection and filter-expression escapes across 14+ vector stores, proving that RAG retrieval layers are not sanitized database.
LangChain CVE-2026-34070: load_prompt Path Traversal Patched in 1.2.22, Symlink Bypass Left Open
LangChain CVE-2026-34070 (CVSS 7.5) enables arbitrary file reads via load_prompt traversal; langchain-core 1.2.22 patches direct traversal but leaves a symlink bypass open.
March-April MCP CVEs Expose the Local-Host Trust Model (see also [local-host trust model](/articles/hugging-face-lerobot-cve-2026-25874-unauthenticated-pickle-loads-rce-in-grpc/)) in AI Agent Frameworks
Three CVEs scoring up to 9.8 reveal a structural flaw: MCP's local-host trust model lacks authentication primitives for networked multi-tenant deployments.
Marimo's CVE-2026-39987 Pre-Auth RCE Puts AI Notebooks on the [Same CVE Treadmill](/articles/instructlab-cve-2026-6859-hardcoded-trust-remote-code-true-turns-any/) as Inference Servers (see also [inference servers](/articles/hugging-face-lerobot-cve-2026-25874-unauthenticated-pickle-loads-rce-in-grpc/))
CVE-2026-39987 skipped auth on Marimo's /terminal/ws, handing any caller a root PTY shell (CVSS 9.3) — exploited in the wild just 9h 41m after the advisory.