GHSA-37h2-6p4f-mp3q: Serena: Unauthenticated Flask dashboard on fixed port enables DNS rebinding → memory poisoning → RCE
Summary
Serena, an AI agent framework, runs an unauthenticated Flask web dashboard on a fixed port (24282) with no login protection or security checks. An attacker can use DNS rebinding (a technique where an attacker controls a domain and redirects it to a victim's local machine) to write malicious commands into Serena's memory from a malicious webpage, which the agent then executes using `shell=True` (a mode that allows shell code injection). This creates a complete remote code execution vulnerability that requires only visiting a malicious website while Serena is running.
Vulnerability Details
EPSS: 0.2%
Yes
July 8, 2026
Classification
Affected Vendors
Affected Packages
Related Issues
Original source: https://github.com/advisories/GHSA-37h2-6p4f-mp3q
First tracked: July 8, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 95%