ZeroPath at Black Hat USA 2026

ZeroPath Blog & Research

Explore our team's latest research and stay up to date with ZeroPath's capabilities.
Apache Polaris CVE-2026-42811: CEL Injection Collapses GCS Credential Scoping to Bucket Wide Access
CVE Analysis

2026-05-04

7 min read

Apache Polaris CVE-2026-42811: CEL Injection Collapses GCS Credential Scoping to Bucket Wide Access

A brief summary of CVE-2026-42811, a critical CEL injection flaw in Apache Polaris that allows crafted namespace or table names to expand GCS downscoped credentials from a single table to the entire configured bucket.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Apache Polaris CVE-2026-42812: Brief Summary of a Critical Metadata Write Bypass Enabling Cross Table Data Exposure
CVE Analysis

2026-05-04

10 min read

Apache Polaris CVE-2026-42812: Brief Summary of a Critical Metadata Write Bypass Enabling Cross Table Data Exposure

A brief summary of CVE-2026-42812, a CVSS 9.9 vulnerability in Apache Polaris that allows low privileged users to bypass storage location validation by modifying the write.metadata.path table property, potentially exposing cross table data. Includes patch analysis and affected configurations.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Brief Summary: CVE-2026-44028 Local Privilege Escalation in Nix and Lix via NAR Parser Stack Overflow
CVE Analysis

2026-05-04

8 min read

Brief Summary: CVE-2026-44028 Local Privilege Escalation in Nix and Lix via NAR Parser Stack Overflow

A short review of CVE-2026-44028, a local privilege escalation vulnerability in the Nix and Lix package managers caused by unbounded recursion in the NAR parser, potentially allowing arbitrary code execution as root on multi-user installations.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Quick Look: CVE-2026-4803 — Unauthenticated Stored XSS in Royal Elementor Addons via Leaked Nonce
CVE Analysis

2026-05-04

5 min read

Quick Look: CVE-2026-4803 — Unauthenticated Stored XSS in Royal Elementor Addons via Leaked Nonce

A brief summary of CVE-2026-4803, a high severity stored cross site scripting vulnerability in the Royal Elementor Addons WordPress plugin that allows unauthenticated attackers to inject scripts via a publicly leaked nonce and unsanitized status parameter.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Brief Summary: CVE-2026-5294 — GeekyBot WordPress Plugin Missing Authorization Leading to Remote Code Execution
CVE Analysis

2026-05-04

5 min read

Brief Summary: CVE-2026-5294 — GeekyBot WordPress Plugin Missing Authorization Leading to Remote Code Execution

A short review of CVE-2026-5294, a critical missing authorization flaw in the GeekyBot WordPress plugin that allows unauthenticated attackers to install arbitrary plugins and achieve remote code execution via an exposed AJAX endpoint.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Brief Summary: MoreConvert Pro CVE-2026-5722 Authentication Bypass via Token Reuse in WooCommerce Waitlist Flow
CVE Analysis

2026-05-04

5 min read

Brief Summary: MoreConvert Pro CVE-2026-5722 Authentication Bypass via Token Reuse in WooCommerce Waitlist Flow

A short review of CVE-2026-5722, a critical (CVSS 9.8) authentication bypass in the MoreConvert Pro WordPress plugin that allows unauthenticated attackers to log in as any user, including administrators, by exploiting token reuse in the guest waitlist verification flow.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Brief Summary: GnuTLS CVE-2026-33845 DTLS Integer Underflow Leading to Heap Overrun
CVE Analysis

2026-04-30

6 min read

Brief Summary: GnuTLS CVE-2026-33845 DTLS Integer Underflow Leading to Heap Overrun

A short review of CVE-2026-33845, a high severity integer underflow in GnuTLS DTLS handshake reassembly that enables remote denial of service or information disclosure via crafted zero length fragments.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Brief Summary: CVE-2026-41882 — IntelliJ IDEA Built-in Web Server Arbitrary File Read via Link Following
CVE Analysis

2026-04-30

6 min read

Brief Summary: CVE-2026-41882 — IntelliJ IDEA Built-in Web Server Arbitrary File Read via Link Following

A short review of CVE-2026-41882, a high severity arbitrary local file read vulnerability in JetBrains IntelliJ IDEA's built-in web server caused by improper symbolic link resolution. Includes patch details across five release branches and vendor security history.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Brief Summary: CVE-2026-4670 Critical Authentication Bypass in Progress MOVEit Automation
CVE Analysis

2026-04-30

6 min read

Brief Summary: CVE-2026-4670 Critical Authentication Bypass in Progress MOVEit Automation

A short review of CVE-2026-4670, a critical authentication bypass vulnerability in Progress Software MOVEit Automation that allows unauthenticated remote attackers to gain unauthorized access via backend command port interfaces.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Brief Summary: MOVEit Automation CVE-2026-5174 Privilege Escalation via Improper Input Validation
CVE Analysis

2026-04-30

6 min read

Brief Summary: MOVEit Automation CVE-2026-5174 Privilege Escalation via Improper Input Validation

A short review of CVE-2026-5174, a high severity improper input validation flaw in Progress Software MOVEit Automation that enables privilege escalation from a low privilege network position, affecting multiple version branches.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Brief Summary: Pallets Click CVE-2026-7246 Command Injection via click.edit() Unsanitized Filenames
CVE Analysis

2026-04-30

6 min read

Brief Summary: Pallets Click CVE-2026-7246 Command Injection via click.edit() Unsanitized Filenames

A brief summary of CVE-2026-7246, a high severity command injection vulnerability in the Pallets Click library's click.edit() function that allows arbitrary OS command execution through crafted filenames.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Brief Summary: SonicOS CVE-2026-0204 Management Interface Access Control Bypass Across Gen 6, Gen 7, and Gen 8 Firewalls
CVE Analysis

2026-04-29

7 min read

Brief Summary: SonicOS CVE-2026-0204 Management Interface Access Control Bypass Across Gen 6, Gen 7, and Gen 8 Firewalls

A short review of CVE-2026-0204, a high severity access control flaw in SonicOS that could expose management interface functions on SonicWall Gen 6, Gen 7, and Gen 8 firewalls. Includes patch details and temporary workarounds.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Wazuh CVE-2026-30893: Overview of Critical Path Traversal in Cluster Synchronization with PoC and Patch Analysis
CVE Analysis

2026-04-29

10 min read

Wazuh CVE-2026-30893: Overview of Critical Path Traversal in Cluster Synchronization with PoC and Patch Analysis

A brief summary of CVE-2026-30893, a critical path traversal vulnerability in Wazuh's cluster synchronization routine that enables arbitrary file writes and code execution. Includes proof of concept details and a breakdown of the vendor's patch.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Brief Summary: CVE-2026-41940 — Critical Authentication Bypass in cPanel and WHM Login Flow
CVE Analysis

2026-04-29

7 min read

Brief Summary: CVE-2026-41940 — Critical Authentication Bypass in cPanel and WHM Login Flow

A short review of CVE-2026-41940, a critical authentication bypass in cPanel and WHM that allows unauthenticated remote attackers to gain control panel access. Includes patch information across all six affected release branches.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Wireshark TLS Dissector Heap Overflow CVE-2026-5402: Brief Summary of a High Severity Analyst Risk
CVE Analysis

2026-04-29

5 min read

Wireshark TLS Dissector Heap Overflow CVE-2026-5402: Brief Summary of a High Severity Analyst Risk

A brief summary of CVE-2026-5402, a heap buffer overflow in Wireshark's TLS Encrypted Client Hello dissector that scores CVSS 8.8 and affects versions 4.6.0 through 4.6.4, with potential for denial of service or code execution on analyst workstations.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

FreeRTOS Plus TCP CVE-2026-7424: Integer Underflow in DHCPv6 Parser Enables Single Packet Denial of Service — Quick Look and Patch Analysis
CVE Analysis

2026-04-29

8 min read

FreeRTOS Plus TCP CVE-2026-7424: Integer Underflow in DHCPv6 Parser Enables Single Packet Denial of Service — Quick Look and Patch Analysis

A brief summary of CVE-2026-7424, an integer underflow in the FreeRTOS-Plus-TCP DHCPv6 sub-option parser that allows a single crafted packet from an adjacent network to freeze the IP task and corrupt device configuration. Includes patch analysis and affected version details.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

ProFTPD CVE-2026-42167: Brief Summary of a Pre-Auth SQL Injection Leading to RCE via mod_sql
CVE Analysis

2026-04-28

8 min read

ProFTPD CVE-2026-42167: Brief Summary of a Pre-Auth SQL Injection Leading to RCE via mod_sql

A short review of CVE-2026-42167, a pre-authentication SQL injection in ProFTPD's mod_sql module that can lead to authentication bypass and remote code execution. Includes patch details and affected configurations.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Quick Look: CVE-2026-7288 Buffer Overflow in D-Link DIR-825M Router with Public Exploit Available
CVE Analysis

2026-04-28

7 min read

Quick Look: CVE-2026-7288 Buffer Overflow in D-Link DIR-825M Router with Public Exploit Available

A brief summary of CVE-2026-7288, a high severity buffer overflow in the D-Link DIR-825M router's VPN configuration endpoint that enables remote code execution. Public exploit code is available, and no vendor patch has been released.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Quick Look: CVE-2026-7289 Remote Buffer Overflow in D-Link DIR-825M Router
CVE Analysis

2026-04-28

5 min read

Quick Look: CVE-2026-7289 Remote Buffer Overflow in D-Link DIR-825M Router

A brief summary of CVE-2026-7289, a remotely exploitable stack based buffer overflow in the D-Link DIR-825M router firmware that allows unauthenticated attackers to crash or take control of the device via a crafted HTTP request.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Firefox ESR CVE-2026-7321: Brief Summary of a Critical WebRTC Sandbox Escape via Buffer Overflow
CVE Analysis

2026-04-28

5 min read

Firefox ESR CVE-2026-7321: Brief Summary of a Critical WebRTC Sandbox Escape via Buffer Overflow

A brief summary of CVE-2026-7321, a critical buffer overflow in Firefox ESR's WebRTC Networking component that enables sandbox escape. The vulnerability carries a CVSS score of 9.6 and is fixed in Firefox ESR 140.10.1.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Detect & fix
what others miss

Works with
  • GitHub
  • GitLab
  • Bitbucket
  • Azure DevOps Services
  • Jira
  • Linear
  • Slack
  • Security Compass
Security magnifying glass visualization
CVE Analysis | ZeroPath Security Blog - Vulnerability Research & Exploits | Page 22 | ZeroPath