#rce
6 articles exploring rce. Expert insights and analysis from our editorial team.
Articles
Microsoft Semantic Kernel Patches Two RCE Paths: eval() in Vector Filter, DownloadFileAsync Escape to Host
Microsoft discloses two CVSS 9.9 Semantic Kernel RCE bugs from tool-design flaws. Trust boundary is each annotated tool method, and all agent frameworks need auditing.
InstructLab CVE-2026-6859: Hardcoded trust_remote_code=True Turns Any HuggingFace Model Into RCE
InstructLab CVE-2026-6859 hardcodes trust_remote_code=True in transformers, enabling RCE from any HuggingFace repo. Existing supply-chain scanners cannot detect this vector.
CVE-2026-39987's 9-Hour Exploitation Window Exposes the Credential Gap at the Heart of AI Dev Infrastructure
CVE-2026-39987 gave attackers a root shell on Marimo (see also credential scope violations) in under 10 hours, targeting LLM API keys and AWS credentials that dev-grade notebook security routinely leaves exposed.
Flowise's CVE-2026-41264 Turns an LLM-Written Import Into RCE, Breaking the Regex-Gated Sandbox
CVE-2026-41264 (CVSS 9.8) (see also agent-writable execution fields) shows how a regex import allowlist in Flowise's CSV Agent fails when the LLM writes the code: aliasing os as pandas bypasses the filter and reaches.
Marimo CVE-2026-39987 Exposed Unauthenticated Root Shells Within Hours of Disclosure
Marimo's /terminal/ws endpoint granted unauthenticated attackers a full PTY shell. CVE-2026-39987 was actively exploited within 9 hours and 41 minutes of disclosure.
MCP STDIO Executes Even When the Server Fails: One Design Decision, 14 CVEs, 30+ RCEs
OX Security's April 2026 advisory traces 14 CVEs and 30+ RCEs across LiteLLM, Flowise, and Cursor to one MCP STDIO behavior: the command field executes before handshake.