#rce
5 articles exploring rce. Expert insights and analysis from our editorial team.
Articles
InstructLab CVE-2026-6859: Hardcoded trust_remote_code=True Turns Any [HuggingFace Model Into RCE](/articles/picklescan-1-0-4-patches-a-cvss-10-0-pkgutil-resolve-name-bypass-and-six/)
InstructLab CVE-2026-6859 hardcodes trust_remote_code=True in transformers, enabling RCE from any HuggingFace repo. Existing supply-chain scanners cannot detect this vector.
CVE-2026-39987's 9-Hour Exploitation Window Exposes the Credential Gap at the Heart of AI Dev Infrastructure
CVE-2026-39987 gave attackers a root shell on Marimo in under 10 hours, targeting LLM API keys and AWS credentials that dev-grade notebook security routinely leaves exposed.
Flowise's CVE-2026-41264 Turns an LLM-Written Import Into RCE, Breaking the Regex-Gated Sandbox
CVE-2026-41264 (CVSS 9.8) shows how a regex import allowlist in Flowise's CSV Agent fails when the LLM writes the code: aliasing os as pandas bypasses the filter and reaches.
Marimo CVE-2026-39987 Exposed Unauthenticated Root Shells Within Hours of Disclosure
Marimo's /terminal/ws endpoint granted unauthenticated attackers a full PTY shell. CVE-2026-39987 was actively exploited within 9 hours and 41 minutes of disclosure.
MCP STDIO Executes Even When the Server Fails: One Design Decision, 14 CVEs, 30+ RCEs
[OX Security's April 2026 advisory](/articles/vercels-april-2026-database-leak-pivoted-from-lumma-stealer-at-context-ai-via/) traces 14 CVEs and 30+ RCEs across LiteLLM, Flowise, and Cursor to one MCP STDIO behavior: the command field executes before handshake.