Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-14535

Summary
Assigner-BombadilSystems
Assigner Org ID-aa17e1a1-c329-4d6e-a1ed-8d0188aea082
Published At-04 Jul, 2026 | 13:31
Updated At-04 Jul, 2026 | 13:31
Rejected At-
Credits

Fickling MLAllowlist analysis pass rendered inoperative by shared mutable state in AnalysisContext.shorten_code()

In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shorten_code(node) on every import node it inspects, regardless of whether the import is flagged as unsafe. This call registers the shortened code representation in the shared AnalysisContext.reported_shortened_code set. When the MLAllowlist analysis pass subsequently runs, it calls the same shorten_code() method, receives already_reported=True for every import, and executes a continue statement that skips its allowlist check entirely. This renders MLAllowlist dead code for all imports — it never evaluates whether an import is in the ML allowlist or not. The MLAllowlist pass was designed to catch imports of modules outside the known-safe ML ecosystem (torch, numpy, transformers, etc.) that slip past the UnsafeImports denylist. With MLAllowlist inoperative, any standard library module not in the UNSAFE_IMPORTS denylist can be invoked via pickle deserialization while fickling's check_safety() returns LIKELY_SAFE. The fickling.load() API chains check_safety() into pickle.loads() as an explicit security gate, meaning a LIKELY_SAFE verdict causes the payload to be deserialized and executed. The root cause is shared mutable state between independently-correct analysis passes — UnsafeImportsML works as designed in isolation, MLAllowlist works as designed in isolation, but the shared reported_shortened_code set causes UnsafeImportsML to poison MLAllowlist's deduplication logic.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:BombadilSystems
Assigner Org ID:aa17e1a1-c329-4d6e-a1ed-8d0188aea082
Published At:04 Jul, 2026 | 13:31
Updated At:04 Jul, 2026 | 13:31
Rejected At:
▼CVE Numbering Authority (CNA)
Fickling MLAllowlist analysis pass rendered inoperative by shared mutable state in AnalysisContext.shorten_code()

In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shorten_code(node) on every import node it inspects, regardless of whether the import is flagged as unsafe. This call registers the shortened code representation in the shared AnalysisContext.reported_shortened_code set. When the MLAllowlist analysis pass subsequently runs, it calls the same shorten_code() method, receives already_reported=True for every import, and executes a continue statement that skips its allowlist check entirely. This renders MLAllowlist dead code for all imports — it never evaluates whether an import is in the ML allowlist or not. The MLAllowlist pass was designed to catch imports of modules outside the known-safe ML ecosystem (torch, numpy, transformers, etc.) that slip past the UnsafeImports denylist. With MLAllowlist inoperative, any standard library module not in the UNSAFE_IMPORTS denylist can be invoked via pickle deserialization while fickling's check_safety() returns LIKELY_SAFE. The fickling.load() API chains check_safety() into pickle.loads() as an explicit security gate, meaning a LIKELY_SAFE verdict causes the payload to be deserialized and executed. The root cause is shared mutable state between independently-correct analysis passes — UnsafeImportsML works as designed in isolation, MLAllowlist works as designed in isolation, but the shared reported_shortened_code set causes UnsafeImportsML to poison MLAllowlist's deduplication logic.

Affected Products
Vendor
trailofbits
Product
fickling
Collection URL
https://pypi.org/project/fickling/
Package Name
fickling
Default Status
unaffected
Versions
Affected
  • From 0 through 0.1.11 (custom)
Unaffected
  • 0.1.12 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-693CWE-693 Protection Mechanism Failure
Type: CWE
CWE ID: CWE-693
Description: CWE-693 Protection Mechanism Failure
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
N/AAn attacker can craft a malicious pickle file that imports any standard library module not in fickling's UNSAFE_IMPORTS denylist. Because the MLAllowlist check is silently skipped due to shared state pollution from UnsafeImportsML, fickling's check_safety() returns LIKELY_SAFE. When used with fickling.load(), the payload is deserialized and arbitrary code executes in the victim's environment. This is distinct from denylist incompleteness (CWE-184) because the allowlist mechanism was specifically designed to catch imports that the denylist misses, and a code defect renders it entirely inoperative.
CAPEC ID: N/A
Description: An attacker can craft a malicious pickle file that imports any standard library module not in fickling's UNSAFE_IMPORTS denylist. Because the MLAllowlist check is silently skipped due to shared state pollution from UnsafeImportsML, fickling's check_safety() returns LIKELY_SAFE. When used with fickling.load(), the payload is deserialized and arbitrary code executes in the victim's environment. This is distinct from denylist incompleteness (CWE-184) because the allowlist mechanism was specifically designed to catch imports that the denylist misses, and a code defect renders it entirely inoperative.
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Christopher Aziz (Bombadil Systems LLC)
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/trailofbits/fickling/security/advisories/GHSA-cffv-grgg-g429
N/A
https://github.com/trailofbits/fickling/pull/278
N/A
https://github.com/trailofbits/fickling/commit/41ce7cb01edd97072994039574a2301ebb3f463d
N/A
https://github.com/trailofbits/fickling/releases/tag/v0.1.12
N/A
Hyperlink: https://github.com/trailofbits/fickling/security/advisories/GHSA-cffv-grgg-g429
Resource: N/A
Hyperlink: https://github.com/trailofbits/fickling/pull/278
Resource: N/A
Hyperlink: https://github.com/trailofbits/fickling/commit/41ce7cb01edd97072994039574a2301ebb3f463d
Resource: N/A
Hyperlink: https://github.com/trailofbits/fickling/releases/tag/v0.1.12
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:aa17e1a1-c329-4d6e-a1ed-8d0188aea082
Published At:04 Jul, 2026 | 14:16
Updated At:04 Jul, 2026 | 14:16

In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shorten_code(node) on every import node it inspects, regardless of whether the import is flagged as unsafe. This call registers the shortened code representation in the shared AnalysisContext.reported_shortened_code set. When the MLAllowlist analysis pass subsequently runs, it calls the same shorten_code() method, receives already_reported=True for every import, and executes a continue statement that skips its allowlist check entirely. This renders MLAllowlist dead code for all imports — it never evaluates whether an import is in the ML allowlist or not. The MLAllowlist pass was designed to catch imports of modules outside the known-safe ML ecosystem (torch, numpy, transformers, etc.) that slip past the UnsafeImports denylist. With MLAllowlist inoperative, any standard library module not in the UNSAFE_IMPORTS denylist can be invoked via pickle deserialization while fickling's check_safety() returns LIKELY_SAFE. The fickling.load() API chains check_safety() into pickle.loads() as an explicit security gate, meaning a LIKELY_SAFE verdict causes the payload to be deserialized and executed. The root cause is shared mutable state between independently-correct analysis passes — UnsafeImportsML works as designed in isolation, MLAllowlist works as designed in isolation, but the shared reported_shortened_code set causes UnsafeImportsML to poison MLAllowlist's deduplication logic.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-693Secondaryaa17e1a1-c329-4d6e-a1ed-8d0188aea082
CWE ID: CWE-693
Type: Secondary
Source: aa17e1a1-c329-4d6e-a1ed-8d0188aea082
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/trailofbits/fickling/commit/41ce7cb01edd97072994039574a2301ebb3f463daa17e1a1-c329-4d6e-a1ed-8d0188aea082
N/A
https://github.com/trailofbits/fickling/pull/278aa17e1a1-c329-4d6e-a1ed-8d0188aea082
N/A
https://github.com/trailofbits/fickling/releases/tag/v0.1.12aa17e1a1-c329-4d6e-a1ed-8d0188aea082
N/A
https://github.com/trailofbits/fickling/security/advisories/GHSA-cffv-grgg-g429aa17e1a1-c329-4d6e-a1ed-8d0188aea082
N/A
Hyperlink: https://github.com/trailofbits/fickling/commit/41ce7cb01edd97072994039574a2301ebb3f463d
Source: aa17e1a1-c329-4d6e-a1ed-8d0188aea082
Resource: N/A
Hyperlink: https://github.com/trailofbits/fickling/pull/278
Source: aa17e1a1-c329-4d6e-a1ed-8d0188aea082
Resource: N/A
Hyperlink: https://github.com/trailofbits/fickling/releases/tag/v0.1.12
Source: aa17e1a1-c329-4d6e-a1ed-8d0188aea082
Resource: N/A
Hyperlink: https://github.com/trailofbits/fickling/security/advisories/GHSA-cffv-grgg-g429
Source: aa17e1a1-c329-4d6e-a1ed-8d0188aea082
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

19Records found

CVE-2026-14534
Matching Score-8
Assigner-aa17e1a1-c329-4d6e-a1ed-8d0188aea082
ShareView Details
Matching Score-8
Assigner-aa17e1a1-c329-4d6e-a1ed-8d0188aea082
CVSS Score-8.8||HIGH
EPSS-Not Assigned
Published-04 Jul, 2026 | 13:25
Updated-04 Jul, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fickling check_safety() bypass via unlisted standard library modules (_posixsubprocess, site, atexit)

Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules _posixsubprocess, site, and atexit in the UNSAFE_IMPORTS denylist (fickle.py). Because these modules are absent from the denylist, fickling's check_safety() function returns LIKELY_SAFE with zero findings for pickle payloads that invoke dangerous functions including _posixsubprocess.fork_exec (C-level process spawner capable of executing arbitrary binaries), site.execsitecustomize (executes arbitrary site customization code), and atexit._run_exitfuncs (triggers all registered exit handler callbacks). The fickling.load() API chains check_safety() into pickle.loads() as an explicit security gate; a LIKELY_SAFE verdict causes the payload to be deserialized and executed. This shares the same root cause as CVE-2026-22607 (cProfile), CVE-2025-67748 (pty), and CVE-2025-67747 (marshal/types). OvertlyBadEvals does not flag these modules because they are standard library imports. UnsafeImports does not flag them because they are not in the denylist. The UnusedVariables heuristic is defeated by the SETITEMS opcode pattern.

Action-Not Available
Vendor-trailofbits
Product-fickling
CWE ID-CWE-184
Incomplete List of Disallowed Inputs
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-69264
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-1.02% / 59.28%
||
7 Day CHG+0.21%
Published-07 Jan, 2026 | 21:53
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
pnpm v10+ Bypass "Dependency lifecycle scripts execution disabled by default"

pnpm is a package manager. Versions 10.0.0 through 10.25 allow git-hosted dependencies to execute arbitrary code during pnpm install, circumventing the v10 security feature "Dependency lifecycle scripts execution disabled by default". While pnpm v10 blocks postinstall scripts via the onlyBuiltDependencies mechanism, git dependencies can still execute prepare, prepublish, and prepack scripts during the fetch phase, enabling remote code execution without user consent or approval. This issue is fixed in version 10.26.0.

Action-Not Available
Vendor-pnpmpnpmRed Hat, Inc.
Product-pnpmpnpmRed Hat JBoss Enterprise Application Platform 8Red Hat JBoss Enterprise Application Platform Expansion Pack
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2024-5924
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.25% / 65.70%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 19:40
Updated-23 Nov, 2024 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability

Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Dropbox Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of shared folders. When syncing files from a shared folder belonging to an untrusted account, the Dropbox desktop application does not apply the Mark-of-the-Web to the local files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-23991.

Action-Not Available
Vendor-dropboxDropboxdropbox
Product-dropbox_desktopDropbox Desktopdropbox
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2022-22761
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.74% / 50.20%
||
7 Day CHG~0.00%
Published-22 Dec, 2022 | 00:00
Updated-16 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdfirefox_esrfirefoxFirefox ESRFirefoxThunderbird
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2019-13516
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.8||HIGH
EPSS-0.66% / 47.13%
||
7 Day CHG~0.00%
Published-15 Aug, 2019 | 18:49
Updated-04 Aug, 2024 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cross-site request forgery protection setting that has not taken effect.

Action-Not Available
Vendor-osisoftn/a
Product-pi_web_apiOSIsoft PI Web API
CWE ID-CWE-693
Protection Mechanism Failure
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-38180
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.51% / 71.34%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:30
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows SmartScreen Security Feature Bypass Vulnerability

Windows SmartScreen Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2022Windows Server 2012 R2 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows 11 Version 24H2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2019Windows 11 version 22H3Windows Server 2016Windows Server 2012 (Server Core installation)Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 1507Windows Server 2012Windows 10 Version 1607Windows 10 Version 21H2
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-55487
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.12% / 1.98%
||
7 Day CHG+0.01%
Published-25 Jun, 2026 | 16:41
Updated-29 Jun, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
pnpm: manifest identity spoof satisfies allowBuilds and runs attacker lifecycle

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix normalizer also stripped parenthesized text from git, URL, tarball, file, and other opaque locators. Approval for one source string could therefore authorize a different attacker-controlled source whose locator normalized to the same value. This vulnerability is fixed in 10.34.2 and 11.5.3.

Action-Not Available
Vendor-pnpmpnpm
Product-pnpmpnpm
CWE ID-CWE-346
Origin Validation Error
CWE ID-CWE-693
Protection Mechanism Failure
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2024-29988
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-45.15% / 98.63%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 17:00
Updated-28 Oct, 2025 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-05-21||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
SmartScreen Prompt Security Feature Bypass Vulnerability

SmartScreen Prompt Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_10_21h2windows_11_23h2windows_server_2022windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2019windows_11_21h2Windows Server 2022Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019Windows 11 version 21H2Windows 10 Version 21H2Windows 11 Version 23H2Windows 10 Version 1809Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 11 version 22H3Windows 10 Version 22H2SmartScreen Prompt
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-4447
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.35% / 27.41%
||
7 Day CHG~0.00%
Published-20 Mar, 2026 | 01:34
Updated-10 Jun, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-chromelinux_kernelwindowsmacosChrome
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-32225
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.91% / 55.55%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 16:58
Updated-19 Jun, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Shell Security Feature Bypass Vulnerability

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_23h2windows_server_2022_23h2windows_10_22h2windows_10_1607windows_server_2016windows_server_2025windows_11_26h1windows_server_2012windows_server_2022windows_server_2019windows_10_21h2windows_10_1809windows_11_24h2windows_11_25h2Windows Server 2016Windows 11 Version 25H2Windows Server 2012Windows 10 Version 1607Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2Windows Server 2025Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows 11 Version 23H2Windows 11 version 22H3Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2022Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 21H2Windows 11 Version 24H2Windows 11 version 26H1Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-27893
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-1.36% / 68.44%
||
7 Day CHG+0.61%
Published-26 Mar, 2026 | 23:56
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
vLLM's hardcoded trust_remote_code=True in NemotronVL and KimiK25 bypasses user security opt-out

vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.18.0, two model implementation files hardcode `trust_remote_code=True` when loading sub-components, bypassing the user's explicit `--trust-remote-code=False` security opt-out. This enables remote code execution via malicious model repositories even when the user has explicitly disabled remote code trust. Version 0.18.0 patches the issue.

Action-Not Available
Vendor-vllmvllm-projectRed Hat, Inc.
Product-vllmvllmRed Hat OpenShift AI (RHOAI)Red Hat OpenShift AI 3.3Red Hat OpenShift AI 2.25Red Hat AI Inference Server 3.2Red Hat AI Inference ServerRed Hat Enterprise Linux AI 3.3Red Hat AI Inference Server 3.3
CWE ID-CWE-501
Trust Boundary Violation
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2021-31982
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.31% / 67.08%
||
7 Day CHG~0.00%
Published-30 Jun, 2023 | 23:08
Updated-28 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2023-34984
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-7.1||HIGH
EPSS-0.66% / 46.90%
||
7 Day CHG~0.00%
Published-13 Sep, 2023 | 12:29
Updated-16 Dec, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwebFortiWeb
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-21510
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-25.84% / 97.72%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 17:51
Updated-11 May, 2026 | 21:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2026-03-03||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Windows Shell Security Feature Bypass Vulnerability

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_server_2016windows_10_22h2windows_server_2012windows_11_24h2windows_11_23h2windows_10_1809windows_server_2022windows_server_2025windows_11_25h2windows_server_2022_23h2windows_10_1607windows_server_2019Windows 11 Version 26H1Windows Server 2019Windows 11 version 26H1Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H3Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025 (Server Core installation)Windows 11 Version 25H2Windows 10 Version 22H2Windows 10 Version 21H2Windows Server 2016Windows 11 Version 24H2Windows Server 2012 R2Windows Server 2019 (Server Core installation)Windows Server 2025Windows Server 2022Windows Server 2012 (Server Core installation)Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows 10 Version 1607Windows
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-21513
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-15.38% / 96.39%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 17:51
Updated-11 May, 2026 | 21:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2026-03-03||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
MSHTML Framework Security Feature Bypass Vulnerability

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_23h2windows_server_2022_23h2windows_10_22h2windows_10_1607windows_server_2016windows_server_2025windows_server_2012windows_server_2022windows_server_2019windows_10_21h2windows_10_1809windows_11_24h2windows_11_25h2Windows 11 Version 26H1Windows Server 2019Windows 11 version 26H1Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H3Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025 (Server Core installation)Windows 11 Version 25H2Windows 10 Version 22H2Windows 10 Version 21H2Windows Server 2016Windows 11 Version 24H2Windows Server 2012 R2Windows Server 2019 (Server Core installation)Windows Server 2025Windows Server 2022Windows Server 2012 (Server Core installation)Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows 10 Version 1607Windows
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-11248
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.24% / 15.12%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 23:06
Updated-05 Jun, 2026 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Google Lens in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-Chrome
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-9866
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.35% / 27.28%
||
7 Day CHG~0.00%
Published-03 Sep, 2025 | 16:17
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-49740
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.75% / 50.38%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:58
Updated-13 Feb, 2026 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows SmartScreen Security Feature Bypass Vulnerability

Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_11_24h2windows_10_22h2windows_server_2016windows_server_2022_23h2windows_10_1607windows_11_23h2windows_server_2025windows_10_21h2windows_10_1809windows_server_2022windows_server_2019windows_11_22h2Windows Server 2025Windows 11 Version 23H2Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows 11 version 22H2
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-71322
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.38% / 30.34%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 15:04
Updated-18 Jun, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PickleScan - Unsafe Globals Check Bypass via pty.spawn Function

PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowing attackers to bypass security checks. Malicious actors can craft pickle payloads using pty.spawn to achieve arbitrary code execution when files are processed by PickleScan.

Action-Not Available
Vendor-PickleScan
Product-PickleScan
CWE ID-CWE-693
Protection Mechanism Failure
Details not found