ZeroPath at Black Hat USA 2026

ZeroPath Blog & Research

Explore our team's latest research and stay up to date with ZeroPath's capabilities.
vm2 Sandbox Escape to Host RCE (CVE-2026-47131): Technical Breakdown with PoC and Patch Analysis
CVE Analysis

2026-06-12

12 min read

vm2 Sandbox Escape to Host RCE (CVE-2026-47131): Technical Breakdown with PoC and Patch Analysis

A brief summary of CVE-2026-47131, a CVSS 10.0 sandbox escape in the vm2 Node.js library that allows full host remote code execution via prototype chain manipulation. Includes PoC details and patch analysis.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

vm2 CVE-2026-47135: Brief Summary of a Cross-Realm Symbol Sandbox Escape in Node.js
CVE Analysis

2026-06-12

12 min read

vm2 CVE-2026-47135: Brief Summary of a Cross-Realm Symbol Sandbox Escape in Node.js

A brief summary of CVE-2026-47135, a high-severity sandbox escape in the vm2 Node.js library caused by incomplete cross-realm symbol blocking and missing bridge trap checks. Includes patch analysis and mitigation guidance.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

vm2 Sandbox Escape CVE-2026-47137: Quick Look at a CVSS 10.0 Patch Bypass Enabling Host RCE
CVE Analysis

2026-06-12

10 min read

vm2 Sandbox Escape CVE-2026-47137: Quick Look at a CVSS 10.0 Patch Bypass Enabling Host RCE

A brief summary of CVE-2026-47137, a CVSS 10.0 sandbox escape in the vm2 Node.js library that bypasses a prior security patch through a strict equality flaw. Includes proof of concept, patch analysis, and affected version details.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

vm2 CVE-2026-47139: Underscored Builtin Network Bypass Enables SSRF from Node.js Sandbox — Quick Look with PoC and Detection Guidance
CVE Analysis

2026-06-12

12 min read

vm2 CVE-2026-47139: Underscored Builtin Network Bypass Enables SSRF from Node.js Sandbox — Quick Look with PoC and Detection Guidance

A brief summary of CVE-2026-47139, a high severity sandbox bypass in vm2 for Node.js that allows sandboxed code to make network requests via underscored internal builtins despite explicit network module exclusions. Includes proof of concept details and detection strategies.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

vm2 Sandbox Escape via Builtin Denylist Bypass: Overview of CVE-2026-47140 (CVSS 10.0)
CVE Analysis

2026-06-12

12 min read

vm2 Sandbox Escape via Builtin Denylist Bypass: Overview of CVE-2026-47140 (CVSS 10.0)

A brief summary of CVE-2026-47140, a CVSS 10.0 sandbox escape in the vm2 Node.js library caused by incomplete denylist coverage of the process and inspector/promises builtins. Includes patch details, detection methods, and context on the broader 2026 vm2 CVE wave.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

vm2 Sandbox Breakout via Promise Species Hijack (CVE-2026-47208): Technical Breakdown with PoC and Patch Analysis
CVE Analysis

2026-06-12

12 min read

vm2 Sandbox Breakout via Promise Species Hijack (CVE-2026-47208): Technical Breakdown with PoC and Patch Analysis

A brief summary of CVE-2026-47208, a CVSS 10.0 sandbox escape in the vm2 Node.js library that allows full host RCE through a Promise Symbol.species hijack. Includes proof of concept details and patch analysis.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

vm2 CVE-2026-47209: Brief Summary of the Bridge Proxy Set Trap Receiver Bypass
CVE Analysis

2026-06-12

12 min read

vm2 CVE-2026-47209: Brief Summary of the Bridge Proxy Set Trap Receiver Bypass

A short review of CVE-2026-47209, a high severity sandbox escape in the vm2 Node.js library where the Bridge Proxy set trap ignores the receiver parameter, allowing sandbox code to write properties directly to host objects. Includes patch analysis and affected version details.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

vm2 Sandbox Escape via JSPI Promise Species Bypass (CVE-2026-47210): Technical Breakdown with PoC and Patch Analysis
CVE Analysis

2026-06-12

12 min read

vm2 Sandbox Escape via JSPI Promise Species Bypass (CVE-2026-47210): Technical Breakdown with PoC and Patch Analysis

A brief summary of CVE-2026-47210, a critical CVSS 9.8 sandbox escape in the vm2 Node.js library that leverages WebAssembly JSPI to bypass Promise species hardening and achieve arbitrary host process code execution. Includes public PoC details and patch analysis.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Brief Summary: CVE-2026-53787 Unauthenticated File Upload in Amasty Order Attributes for Magento 2
CVE Analysis

2026-06-12

10 min read

Brief Summary: CVE-2026-53787 Unauthenticated File Upload in Amasty Order Attributes for Magento 2

A short review of CVE-2026-53787, a critical unauthenticated arbitrary file upload vulnerability in Amasty Order Attributes for Magento 2 that can lead to remote code execution, stored XSS, and path traversal on affected stores.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

GPTranslate WordPress Plugin CVE-2026-9109: Brief Summary of Unauthenticated Stored XSS via Exposed API Key and REST API
CVE Analysis

2026-06-12

10 min read

GPTranslate WordPress Plugin CVE-2026-9109: Brief Summary of Unauthenticated Stored XSS via Exposed API Key and REST API

A short review of CVE-2026-9109, an unauthenticated stored XSS vulnerability in the GPTranslate WordPress plugin (versions up to 2.31) that leverages a deterministically derived API key exposed on every page. Includes patch details and affected version information.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

WP Ticket Plugin CVE-2026-9848: Brief Summary of an Unauthenticated SQL Injection via WordPress Search
CVE Analysis

2026-06-12

9 min read

WP Ticket Plugin CVE-2026-9848: Brief Summary of an Unauthenticated SQL Injection via WordPress Search

A brief summary of CVE-2026-9848, an unauthenticated SQL injection in the WP Ticket WordPress plugin that allows attackers to extract database contents through the standard search parameter without any authentication.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Keras CVE-2026-11816: Path Traversal via CWD Validation Bypass in Archive Extraction — Technical Breakdown with PoC
CVE Analysis

2026-06-11

10 min read

Keras CVE-2026-11816: Path Traversal via CWD Validation Bypass in Archive Extraction — Technical Breakdown with PoC

A brief summary of CVE-2026-11816, a high severity path traversal in Keras archive extraction that bypasses validation when the process working directory is the filesystem root. Includes proof of concept details and mitigation guidance.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

MongoDB Server CVE-2026-11933: Use-After-Free in Server-Side JavaScript BSON Conversion — Quick Look
CVE Analysis

2026-06-11

10 min read

MongoDB Server CVE-2026-11933: Use-After-Free in Server-Side JavaScript BSON Conversion — Quick Look

A brief summary of CVE-2026-11933, a high-severity use-after-free vulnerability in MongoDB Server's MozJS BSON binding layer that allows authenticated users with read privileges to disclose process memory or crash the server via $where or $function operators.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Spring Integration CVE-2026-40987: Path Traversal via Malicious Remote File Server — Quick Look
CVE Analysis

2026-06-11

9 min read

Spring Integration CVE-2026-40987: Path Traversal via Malicious Remote File Server — Quick Look

A brief summary of CVE-2026-40987, a high severity path traversal vulnerability in Spring Integration's remote file synchronizer that allows a malicious or compromised FTP, SFTP, or SMB server to write arbitrary files anywhere on the client filesystem.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Brief Summary: CVE-2026-40994 Spring Web Services BSP Enforcement Bypass via Insecure Default Initialization
CVE Analysis

2026-06-11

8 min read

Brief Summary: CVE-2026-40994 Spring Web Services BSP Enforcement Bypass via Insecure Default Initialization

A short review of CVE-2026-40994, a high severity insecure default in Spring Web Services where Wss4jSecurityInterceptor silently disables WS-I Basic Security Profile enforcement, allowing BSP-violating SOAP messages to pass validation on affected deployments.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Spring Web Services CVE-2026-40998: Brief Summary of the Jaxp13XPathTemplate XXE Bypass
CVE Analysis

2026-06-11

9 min read

Spring Web Services CVE-2026-40998: Brief Summary of the Jaxp13XPathTemplate XXE Bypass

A brief summary of CVE-2026-40998, a high severity XXE vulnerability in Spring Web Services where Jaxp13XPathTemplate bypasses Spring's hardened XML parser configuration when processing StreamSource and SAXSource inputs, exposing applications to file disclosure and SSRF.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Spring Web Services CVE-2026-40999: Brief Summary of a High Severity SSRF via WS-Addressing Headers
CVE Analysis

2026-06-11

10 min read

Spring Web Services CVE-2026-40999: Brief Summary of a High Severity SSRF via WS-Addressing Headers

A short review of CVE-2026-40999, a high severity SSRF vulnerability in Spring Web Services where unvalidated WS-Addressing ReplyTo and FaultTo headers allow unauthenticated attackers to force outbound connections to arbitrary destinations. Includes patch details and affected version matrix.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Brief Summary: CVE-2026-41700 Cross-Site WebSocket Hijacking in Spring for GraphQL
CVE Analysis

2026-06-11

10 min read

Brief Summary: CVE-2026-41700 Cross-Site WebSocket Hijacking in Spring for GraphQL

A short review of CVE-2026-41700, a high severity Cross-Site WebSocket Hijacking vulnerability in Spring for GraphQL that allows attackers to execute arbitrary GraphQL operations using a victim's credentials when WebSocket transport and cookie-based authentication are in use.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Spring for GraphQL CVE-2026-41856: Overview of Authorization Bypass via Annotation Detection Failure in Type Hierarchies
CVE Analysis

2026-06-11

10 min read

Spring for GraphQL CVE-2026-41856: Overview of Authorization Bypass via Annotation Detection Failure in Type Hierarchies

A brief summary of CVE-2026-41856, a high severity authorization bypass in Spring for GraphQL where security annotations are silently ignored in controller type hierarchies. Includes patch details and affected version information.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Netty CVE-2026-44249: Brief Summary of the IPv6 Subnet Filter Bypass in IpSubnetFilterRule
CVE Analysis

2026-06-11

10 min read

Netty CVE-2026-44249: Brief Summary of the IPv6 Subnet Filter Bypass in IpSubnetFilterRule

A short review of CVE-2026-44249, a high severity IPv6 subnet filter bypass in Netty's IpSubnetFilterRule caused by incorrect bitwise masking and signed integer interpretation. Includes patch details, detection strategies, and affected version ranges.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Detect & fix
what others miss

Works with
  • GitHub
  • GitLab
  • Bitbucket
  • Azure DevOps Services
  • Jira
  • Linear
  • Slack
  • Security Compass
Security magnifying glass visualization
CVE Analysis | ZeroPath Security Blog - Vulnerability Research & Exploits | Page 2 | ZeroPath