ZeroPath at Black Hat USA 2026

ZeroPath Blog & Research

Explore our team's latest research and stay up to date with ZeroPath's capabilities.
OpenShift Router CVE-2026-42965: Cloud Metadata SSRF via FQDN EndpointSlice Bypass — Quick Look
CVE Analysis

2026-05-29

10 min read

OpenShift Router CVE-2026-42965: Cloud Metadata SSRF via FQDN EndpointSlice Bypass — Quick Look

A brief summary of CVE-2026-42965, a high severity SSRF vulnerability in the OpenShift Router that allows users with EndpointSlice write access to bypass IP validation by using FQDN typed endpoints that resolve to cloud metadata addresses, potentially exposing instance credentials.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Home Assistant Companion App CVE-2026-44698: Quick Look at Cross-Origin Token Exfiltration via WebView JavaScript Bridge
CVE Analysis

2026-05-29

9 min read

Home Assistant Companion App CVE-2026-44698: Quick Look at Cross-Origin Token Exfiltration via WebView JavaScript Bridge

A brief summary of CVE-2026-44698, a high severity vulnerability in the Home Assistant Companion apps for Android and iOS where a cross-origin iframe can exploit the WebView JavaScript bridge to steal the signed-in user's OAuth access token.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Brief Summary: CVE-2026-44962, Critical XPath Injection to Root in Plesk APS Catalog
CVE Analysis

2026-05-29

9 min read

Brief Summary: CVE-2026-44962, Critical XPath Injection to Root in Plesk APS Catalog

A brief summary of CVE-2026-44962, a CVSS 9.9 XPath injection vulnerability in Plesk's APS Application Catalog that allows any authenticated low privileged user to escalate to root through arbitrary OS command execution.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

OpenShift Router CVE-2026-46579: mTLS Authentication Bypass via Header Spoofing on HTTP Frontend
CVE Analysis

2026-05-29

10 min read

OpenShift Router CVE-2026-46579: mTLS Authentication Bypass via Header Spoofing on HTTP Frontend

A brief summary of CVE-2026-46579, a CVSS 7.4 authentication bypass in the OpenShift Router where the HTTP frontend fails to strip X-SSL-Client headers, allowing unauthenticated attackers to spoof mTLS client certificate identities on routes configured with insecureEdgeTerminationPolicy set to Allow.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Quick Look: CVE-2026-48501 — GitHub CLI Token Leakage via Flawed Host Normalization in TUF Verification Commands
CVE Analysis

2026-05-29

10 min read

Quick Look: CVE-2026-48501 — GitHub CLI Token Leakage via Flawed Host Normalization in TUF Verification Commands

A brief summary of CVE-2026-48501, a high severity token leakage vulnerability in GitHub CLI where flawed host normalization causes authentication tokens to be sent to external, non-GitHub hosts during attestation and release verification commands. Patch information and affected versions are included.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Brief Summary: JetBrains IntelliJ IDEA CVE-2026-49366 Command Injection via Filename Completion
CVE Analysis

2026-05-29

8 min read

Brief Summary: JetBrains IntelliJ IDEA CVE-2026-49366 Command Injection via Filename Completion

A short review of CVE-2026-49366, a high severity command injection vulnerability in JetBrains IntelliJ IDEA that allows arbitrary OS command execution through the IDE's filename completion feature, affecting all versions before 2026.1.1.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Brief Summary: CVE-2026-49367 — JetBrains IntelliJ IDEA Guest User Command Execution via Missing Authorization in Code With Me
CVE Analysis

2026-05-29

8 min read

Brief Summary: CVE-2026-49367 — JetBrains IntelliJ IDEA Guest User Command Execution via Missing Authorization in Code With Me

A short review of CVE-2026-49367, a high severity missing authorization flaw in JetBrains IntelliJ IDEA's Code With Me feature that allows guest users to execute commands on the host machine regardless of their assigned permission level.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Quick Look: CVE-2026-49372 — Unauthenticated SSRF in JetBrains TeamCity Build Status
CVE Analysis

2026-05-29

10 min read

Quick Look: CVE-2026-49372 — Unauthenticated SSRF in JetBrains TeamCity Build Status

A brief summary of CVE-2026-49372, an unauthenticated Server-Side Request Forgery vulnerability in JetBrains TeamCity On-Premises triggered via the build status feature, with a CVSS score of 7.5 and implications for CI/CD infrastructure security.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

JetBrains TeamCity CVE-2026-49373: Brief Summary of Argument Injection RCE via Perforce Connection Settings
CVE Analysis

2026-05-29

7 min read

JetBrains TeamCity CVE-2026-49373: Brief Summary of Argument Injection RCE via Perforce Connection Settings

A brief summary of CVE-2026-49373, a high severity argument injection vulnerability in JetBrains TeamCity that enables remote code execution through malicious Perforce VCS root connection settings.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Mautic CVE-2026-9558: Brief Summary of Critical SSTI to RCE in the Theme Engine
CVE Analysis

2026-05-29

10 min read

Mautic CVE-2026-9558: Brief Summary of Critical SSTI to RCE in the Theme Engine

A brief summary of CVE-2026-9558, a critical (CVSS 9.9) Server-Side Template Injection vulnerability in Mautic's theme engine that allows authenticated users to achieve Remote Code Execution through unsandboxed Twig template rendering.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Oracle Hospitality OPERA 5 CVE-2026-34311: Brief Summary of a Critical Unauthenticated Takeover Vulnerability
CVE Analysis

2026-05-28

10 min read

Oracle Hospitality OPERA 5 CVE-2026-34311: Brief Summary of a Critical Unauthenticated Takeover Vulnerability

A brief summary of CVE-2026-34311, a CVSS 9.8 unauthenticated takeover vulnerability in Oracle Hospitality OPERA 5 Property Services affecting five supported versions across the 5.6.x release family.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Oracle REST Data Services CVE-2026-35277: Brief Summary of a High Severity Data Access Vulnerability in the Core Component
CVE Analysis

2026-05-28

10 min read

Oracle REST Data Services CVE-2026-35277: Brief Summary of a High Severity Data Access Vulnerability in the Core Component

A short review of CVE-2026-35277, a CVSS 8.1 vulnerability in Oracle REST Data Services that allows low privileged attackers to read and modify critical data across all ORDS accessible resources via HTTPS.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Brief Summary: Kibana CVE-2026-42398 SSRF Allowlist Bypass via Webhook Connector
CVE Analysis

2026-05-28

8 min read

Brief Summary: Kibana CVE-2026-42398 SSRF Allowlist Bypass via Webhook Connector

A short review of CVE-2026-42398, a high severity SSRF vulnerability in Kibana that allows authenticated users to bypass the operator configured connection allowlist through crafted Webhook connectors, and why it matters in the context of Kibana's recurring SSRF pattern in 2026.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Samba CVE-2026-4408: Overview of Unauthenticated Remote Code Execution via SAMR Password Script Injection
CVE Analysis

2026-05-28

10 min read

Samba CVE-2026-4408: Overview of Unauthenticated Remote Code Execution via SAMR Password Script Injection

A brief summary of CVE-2026-4408, a critical unauthenticated remote code execution vulnerability in Samba's SAMR server caused by unescaped shell meta-characters in the check password script feature. Includes patch details and affected version information.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Brief Summary: CVE-2026-46775 Oracle REST Data Services Core Component Takeover with Scope Change (CVSS 9.9)
CVE Analysis

2026-05-28

10 min read

Brief Summary: CVE-2026-46775 Oracle REST Data Services Core Component Takeover with Scope Change (CVSS 9.9)

A short review of CVE-2026-46775, a CVSS 9.9 vulnerability in Oracle REST Data Services (ORDS) Core component that allows a low privileged attacker to achieve full takeover with scope change, potentially compromising connected Oracle Database instances and downstream services.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Oracle E-Business Suite CVE-2026-46817: Brief Summary of a Critical Unauthenticated Payments Takeover
CVE Analysis

2026-05-28

10 min read

Oracle E-Business Suite CVE-2026-46817: Brief Summary of a Critical Unauthenticated Payments Takeover

A brief summary of CVE-2026-46817, a CVSS 9.8 unauthenticated vulnerability in Oracle E-Business Suite's Payments File Transmission component affecting versions 12.2.3 through 12.2.15, with context on threat actor interest and the companion vulnerability CVE-2026-46818.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Brief Summary: CVE-2026-46819 — Unauthenticated Data Access in Oracle E-Business Suite Internet Procurement Connector
CVE Analysis

2026-05-28

10 min read

Brief Summary: CVE-2026-46819 — Unauthenticated Data Access in Oracle E-Business Suite Internet Procurement Connector

A short review of CVE-2026-46819, a CVSS 9.1 unauthenticated vulnerability in Oracle E-Business Suite's Internet Procurement Connector that enables unauthorized access to and manipulation of critical procurement data over HTTP. Patch information from Oracle's inaugural monthly CSPU is included.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Overview of CVE-2026-46820: Oracle E-Business Suite Financials Common Modules Scope Change Vulnerability
CVE Analysis

2026-05-28

10 min read

Overview of CVE-2026-46820: Oracle E-Business Suite Financials Common Modules Scope Change Vulnerability

A brief summary of CVE-2026-46820, a high severity vulnerability in Oracle Financials Common Modules (CVSS 8.5) that enables low privileged attackers to access critical financial data and impact additional products through scope change, in the context of sustained threat actor targeting of the Oracle EBS platform.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Quick Look: CVE-2026-46821 — Oracle EBS Financials Common Modules Confidentiality Breach with Scope Change
CVE Analysis

2026-05-28

10 min read

Quick Look: CVE-2026-46821 — Oracle EBS Financials Common Modules Confidentiality Breach with Scope Change

A brief summary of CVE-2026-46821, a high severity confidentiality vulnerability in Oracle E-Business Suite Financials Common Modules (versions 12.2.3 through 12.2.15) that allows low privileged attackers to access critical data across multiple EBS products. Includes patch information from Oracle's inaugural monthly CSPU release.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Brief Summary: CVE-2026-46822 Oracle iAssets Critical Takeover Vulnerability (CVSS 9.9) in E-Business Suite
CVE Analysis

2026-05-28

10 min read

Brief Summary: CVE-2026-46822 Oracle iAssets Critical Takeover Vulnerability (CVSS 9.9) in E-Business Suite

A short review of CVE-2026-46822, a CVSS 9.9 vulnerability in Oracle iAssets (E-Business Suite) that allows a low privileged attacker to achieve full system takeover with scope change impacting adjacent EBS modules. Covers technical details, threat context from prior Cl0p exploitation of Oracle EBS, and mitigation guidance.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Detect & fix
what others miss

Works with
  • GitHub
  • GitLab
  • Bitbucket
  • Azure DevOps Services
  • Jira
  • Linear
  • Slack
  • Security Compass
Security magnifying glass visualization
CVE Analysis | ZeroPath Security Blog - Vulnerability Research & Exploits | Page 9 | ZeroPath