Executive Summary:
A critical vulnerability exists in the Eclipse Theia Website's automated software build process that could allow an attacker to execute malicious code. By submitting a specially crafted pull request, an unauthorized user could gain extensive control over the project's environment, enabling them to steal sensitive secrets, modify the official website, and inject malicious code into the repository. This flaw represents a complete compromise of the affected system's integrity and confidentiality.

Vulnerability Details

CVE-ID: CVE-2026-1699

Affected Software: In the Eclipse Theia Website Multiple Products

Affected Versions: See vendor advisory for specific affected versions

Vulnerability: The vulnerability lies within a GitHub Actions workflow file (.github/workflows/preview.yml) which improperly uses the pull_request_target trigger. This trigger is designed to run workflows with access to the base repository's secrets and a privileged GITHUB_TOKEN, even for pull requests from forked repositories. The workflow dangerously combines this trigger with steps that check out and execute code from the untrusted pull request, creating a code injection vector. An attacker can exploit this by submitting a pull request containing malicious commands, which are then executed within the trusted CI/CD environment, granting them access to repository secrets and write permissions to packages, pages, and the repository itself.

Business Impact

This vulnerability is rated as critical severity with a CVSS score of 10, indicating the highest possible risk. Successful exploitation could lead to severe business consequences, including a full-scale supply chain attack where malicious packages are published under the trusted Eclipse Theia organization name, impacting downstream users. An attacker could also deface the official website, causing significant reputational damage, or inject backdoors into the source code, compromising the integrity of the product. The exfiltration of repository secrets could lead to further compromise of related infrastructure and services, resulting in significant data breaches and financial loss.

Remediation Plan

Immediate Action: Update In the Eclipse Theia Website Multiple Products to the latest version immediately to apply the necessary security patch that corrects the flawed GitHub Actions workflow. After patching, conduct a thorough review of access logs and GitHub audit logs for any signs of exploitation attempts that may have occurred prior to remediation.

Proactive Monitoring: Monitor GitHub Actions workflow logs for any unusual commands, unexpected script executions, or outbound network connections to suspicious endpoints. Implement alerts for pull requests submitted by new or unknown contributors that modify workflow files. Regularly scan public package repositories for any unauthorized or malicious packages published under the organization's name.

Compensating Controls: If immediate patching is not feasible, temporarily disable the vulnerable .github/workflows/preview.yml workflow to close the attack vector. Rotate all secrets stored in the repository's GitHub secrets configuration as they should be considered compromised. Implement a policy requiring manual review and approval by a trusted maintainer before any workflows are run on external pull requests.

Exploitation Status

Public Exploit Available: false

Analyst Notes: As of the published date, Jan 30, 2026, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, the attack pattern involving the misuse of pull_request_target is well-documented, and proof-of-concept exploits can be developed with minimal effort by skilled threat actors.

Analyst Recommendation

Given the critical CVSS score of 10 and the potential for a complete compromise of the CI/CD pipeline and repository, organizations must treat this vulnerability with the highest urgency. The primary recommendation is to apply the vendor-supplied patches immediately. Following the update, a comprehensive security audit is crucial to identify any signs of historical compromise, including unauthorized code commits, malicious package publications, or secret exfiltration. Although not currently on the CISA KEV list, the severity of this vulnerability warrants immediate and decisive action to prevent a potentially devastating security incident.

Executive Summary:
A critical remote code execution vulnerability, identified as CVE-2026-0756, has been discovered in github-kanban-mcp-server. This flaw allows an unauthenticated remote attacker to execute arbitrary commands on the server, potentially leading to a complete system compromise. Due to the lack of required authentication and the high severity score, this vulnerability poses a significant and immediate risk to affected organizations.

Vulnerability Details

CVE-ID: CVE-2026-0756

Affected Software: Multiple Products (specifically the github-kanban-mcp-server component)

Affected Versions: See vendor advisory for specific affected versions

Vulnerability: The vulnerability is a command injection flaw within the github-kanban-mcp-server. The specific weakness exists in how the application processes the create_issue parameter. An attacker can send a specially crafted request containing malicious commands within this parameter. The server fails to properly sanitize this user-supplied input before using it to execute a system call, allowing the injected commands to be executed on the underlying operating system with the privileges of the service account.

Business Impact

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could lead to a complete compromise of the affected server. Potential consequences include theft or modification of sensitive data, deployment of ransomware, service disruption, and using the compromised server as a pivot point for further attacks within the internal network. The business risks include significant data breaches, reputational damage, financial loss, and potential regulatory fines.

Remediation Plan

Immediate Action: Organizations must prioritize the deployment of vendor-supplied patches. Update all affected instances of products containing the github-kanban-mcp-server component to the latest secure version immediately. After patching, review server access logs and application logs for any signs of compromise or exploitation attempts that may have occurred before the patch was applied.

Proactive Monitoring: Implement enhanced monitoring on affected systems. Security teams should look for unusual process execution initiated by the service account, unexpected outbound network connections from the server, and review web server access logs for requests to the vulnerable endpoint containing shell metacharacters (e.g., |, &, ;, $()) within the create_issue parameter.

Compensating Controls: If immediate patching is not feasible, consider implementing the following controls:

• Deploy a Web Application Firewall (WAF) with rules specifically designed to block command injection attempts targeting the create_issue parameter.
• Restrict network access to the affected application, allowing connections only from trusted IP addresses.
• If possible, run the service in a sandboxed or containerized environment with minimal privileges to limit the impact of a potential compromise.

Exploitation Status

Public Exploit Available: False

Analyst Notes: As of the publication date of January 23, 2026, there are no known public exploits available for this vulnerability. However, command injection vulnerabilities are typically straightforward to exploit once the technical details are understood. Threat actors are likely to develop exploit code rapidly.

Analyst Recommendation

Given the critical CVSS score of 9.8 and the fact that no authentication is required for exploitation, this vulnerability represents a severe and urgent threat. We strongly recommend that organizations identify all affected assets and apply the vendor-provided patches with the highest priority. Although this CVE is not currently on the CISA KEV list, its characteristics make it a prime candidate for future inclusion and active exploitation. Treat this vulnerability as an active threat and remediate it without delay.

Executive Summary:
A critical command injection vulnerability has been identified in the MCP Watch security scanner. This flaw allows an unauthenticated attacker to execute arbitrary commands on the underlying server by sending a maliciously crafted URL. Successful exploitation could result in a complete system compromise, leading to data theft, service disruption, or further network intrusion.

Vulnerability Details

CVE-ID: CVE-2025-66401

Affected Software: MCP Watch is a comprehensive security scanner for Model Context Protocol Multiple Products

Affected Versions: 0.1.2 and earlier

Vulnerability: The vulnerability exists within the cloneRepo method of the MCPScanner class. The application accepts a user-provided URL, githubUrl, and passes it directly to a system shell command (execSync) without proper input sanitization or validation. An attacker can exploit this by appending shell metacharacters (e.g., ;, |, &&, $(command)) to the URL, which allows them to inject and execute arbitrary commands with the privileges of the running application.

Business Impact

This vulnerability is rated as critical severity with a CVSS score of 9.8, reflecting the ease of exploitation and the potential for severe impact. A successful attack grants the adversary remote code execution (RCE) on the host machine, effectively giving them full control. This could lead to the theft of sensitive data, deployment of ransomware, complete disruption of services running on the server, or the use of the compromised system as a pivot point to attack other internal network resources.

Remediation Plan

Immediate Action: Update MCP Watch is a comprehensive security scanner for Model Context Protocol Multiple Products to the latest version. The vendor has released a patch that addresses this vulnerability by properly sanitizing the user-supplied URL before it is passed to the system shell. After patching, monitor for any signs of exploitation attempts and review historical access logs for indicators of compromise.

Proactive Monitoring: Security teams should monitor application and system logs for any requests to the cloneRepo method containing unusual URL formats or shell metacharacters (e.g., ;, |, &, $, (, )). Monitor for unexpected outbound network connections or processes being spawned by the MCP Watch application, such as sh, bash, curl, wget, or nc.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) rule to block requests containing common shell metacharacters in the githubUrl parameter. Additionally, ensure the MCP Watch application is running with the lowest possible user privileges to limit the potential damage of a successful exploit.

Exploitation Status

Public Exploit Available: false

Analyst Notes: As of Dec 1, 2025, there are no known public exploits or proof-of-concept code available for this vulnerability. However, given the straightforward nature of command injection flaws, it is highly likely that threat actors can independently develop an exploit with minimal effort.

Analyst Recommendation

Due to the critical CVSS score of 9.8 and the risk of unauthenticated remote code execution, this vulnerability poses a significant threat to the organization. Although it is not currently listed in the CISA KEV catalog, its severity demands immediate attention. We strongly recommend that all instances of the affected software be patched or taken offline immediately to prevent a potential compromise.

Executive Summary:
A critical remote command injection vulnerability exists in the Apache bRPC software. This flaw allows a remote, unauthenticated attacker to execute arbitrary commands on the server by sending a specially crafted request to the built-in heap profiler service. Successful exploitation can lead to a complete compromise of the affected system, including data theft, service disruption, and further network intrusion.

Vulnerability Details

CVE-ID: CVE-2025-60021

Affected Software: Apache bRPC

Affected Versions: All versions prior to 1.15.0

Vulnerability: The bRPC heap profiler built-in service, accessible via the /pprof/heap endpoint, is vulnerable to remote command injection. The service improperly validates the extra_options parameter, passing user-supplied input directly to a command-line execution. An unauthenticated remote attacker can exploit this by crafting a request to the /pprof/heap endpoint with malicious shell commands embedded within the extra_options parameter, resulting in arbitrary code execution with the permissions of the bRPC service.

Business Impact

This vulnerability is rated as critical severity with a CVSS score of 9.8. A successful exploit allows an unauthenticated attacker to gain full control over the affected server. Potential consequences include the exfiltration of sensitive data, deployment of ransomware or other malware, complete service disruption, and the ability for an attacker to use the compromised system as a pivot point for further attacks within the organization's network. The ease of exploitation combined with the high impact poses a significant and immediate risk to business operations, data confidentiality, and system integrity.

Remediation Plan

Immediate Action: Organizations must immediately upgrade affected instances of Apache bRPC to version 1.15.0 or later to remediate this vulnerability. If an immediate upgrade is not feasible, the patch available at https://github.com/apache/brpc/pull/3101 should be applied manually. After patching, administrators should monitor for any signs of exploitation attempts by reviewing application and network access logs.

Proactive Monitoring: Security teams should actively monitor web server and application logs for any requests to the /pprof/heap endpoint. Specifically, look for requests containing suspicious or unexpected characters and commands within the extra_options parameter. Monitor system process tables for any unusual child processes being spawned by the bRPC service, which could indicate a successful compromise.

Compensating Controls: If patching or upgrading is not immediately possible, access to the bRPC built-in services, particularly the /pprof/ path, should be restricted at the network level. Use a firewall, reverse proxy, or other network access control lists (ACLs) to ensure that these diagnostic endpoints are only accessible from trusted internal IP addresses. If the heap profiler is not required for production use, it should be disabled entirely as a security best practice.

Exploitation Status

Public Exploit Available: false

Analyst Notes: As of Jan 16, 2026, there are no known public exploits or active exploitation campaigns targeting this vulnerability. The vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. However, due to the critical severity and simplicity of exploitation, it is highly likely that proof-of-concept exploits will be developed and used by threat actors in the near future.

Analyst Recommendation

Given the critical CVSS score of 9.8 and the potential for complete system compromise from an unauthenticated attacker, this vulnerability represents a severe risk. We strongly recommend that all organizations using affected versions of Apache bRPC prioritize the deployment of the vendor-supplied patch or upgrade to version 1.15.0 immediately. The lack of current exploitation should not diminish the urgency, as high-severity vulnerabilities like this are attractive targets for attackers. Proactive patching is the most effective defense against potential future exploitation.

Executive Summary:
A critical command injection vulnerability has been identified in the Coolify management tool, rated 9.9 out of 10. This flaw allows a regular user to execute arbitrary commands on the server by entering malicious text into the "Git Repository" field when creating a project. Successful exploitation can lead to a complete compromise of the underlying server, including data theft, service disruption, and unauthorized access to the network.

Vulnerability Details

CVE-ID: CVE-2025-59157

Affected Software: Coolify

Affected Versions: All versions prior to 4.0.0-beta.420.7

Vulnerability: The vulnerability is a command injection flaw within the project creation workflow. The "Git Repository" input field fails to properly sanitize user-supplied data before passing it to a system shell for execution, likely during a git clone operation. An authenticated attacker with standard user privileges can craft a malicious payload (e.g., https://github.com/user/repo.git; id) and submit it as the repository URL. The server will execute the injected command (id) with the permissions of the Coolify application process, leading to remote code execution (RCE) on the host system.

Business Impact

This vulnerability is of critical severity with a CVSS score of 9.9, posing a significant threat to the organization. A successful exploit grants an attacker full control over the server hosting Coolify, enabling them to steal sensitive data such as application source code, database credentials, and API keys. The attacker could also disrupt services, install persistent backdoors, use the compromised server to attack other systems within the internal network (lateral movement), or deploy ransomware. The fact that a low-privileged user can trigger this vulnerability significantly increases the risk profile.

Remediation Plan

Immediate Action: Immediately upgrade all instances of Coolify to the patched version 4.0.0-beta.420.7 or newer. After patching, it is crucial to review server and application logs for any signs of past exploitation attempts, such as unusual commands or outbound network connections originating from the Coolify process.

Proactive Monitoring: Security teams should monitor application logs for project creation events containing malformed Git repository URLs, specifically those with shell metacharacters (e.g., ;, |, &&, $(), `). Monitor system processes for unexpected child processes being spawned by the Coolify service user. Implement network monitoring to detect anomalous outbound traffic from the Coolify server to unknown destinations.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with rules designed to detect and block common command injection patterns in HTTP requests to the Coolify application. Further restrict the operating system user account running the Coolify service by applying the principle of least privilege, limiting its ability to read/write files and execute system commands. Restrict all outbound network connectivity from the server except to explicitly approved endpoints.

Exploitation Status

Public Exploit Available: false

Analyst Notes: As of the publication date, January 5, 2026, there is no known public proof-of-concept exploit code, and the vulnerability is not being actively exploited in the wild. However, due to the critical CVSS score and the low complexity of exploitation, it is highly probable that threat actors will develop and deploy exploits in the near future. The vulnerability is not currently listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.

Analyst Recommendation

Given the critical severity (CVSS 9.9) and the risk of complete system compromise by a low-privileged user, this vulnerability represents an immediate and severe threat. We strongly recommend that all organizations using affected versions of Coolify apply the security update to version 4.0.0-beta.420.7 or later with the highest priority. Do not wait for evidence of active exploitation or for its addition to the CISA KEV catalog; the risk of compromise is too high to delay remediation.

Executive Summary:
A critical vulnerability has been discovered in the PLY (Python Lex-Yacc) library, allowing for remote code execution. The flaw stems from an undocumented and unsafe feature that deserializes user-supplied data without validation, enabling an attacker to run arbitrary code and completely compromise the affected system. Due to its high severity and the stealthy nature of the undocumented feature, this vulnerability poses a significant risk to organizations.

Vulnerability Details

CVE-ID: CVE-2025-56005

Affected Software: PLY (Python Lex-Yacc) library

Affected Versions: Version 3.11. See vendor advisory for a complete list of affected products utilizing this library.

Vulnerability: The vulnerability exists within the yacc() function of the PLY library, which contains an undocumented parameter named picklefile. This parameter accepts a path to a file which is then deserialized using Python's pickle.load() function. As pickle.load() does not validate the data it processes, an attacker can craft a malicious pickle file (.pkl) containing embedded code. By controlling the input to the picklefile parameter, an attacker can trick the application into loading this malicious file, resulting in Remote Code Execution (RCE) on the host system.

Business Impact

This vulnerability is rated as critical with a CVSS score of 9.8, reflecting the ease of exploitation and the potential for complete system compromise. A successful attack would grant an adversary full control over the affected application server, leading to severe consequences such as theft of sensitive data, deployment of ransomware, or using the compromised system to launch further attacks against the internal network. The undocumented nature of the feature introduces a significant risk of a persistent and difficult-to-detect backdoor, potentially leading to long-term compromise, reputational damage, and major business disruption.

Remediation Plan

Immediate Action: Immediately apply the security update provided by the vendor to patch the PLY library to the latest version. After patching, review system and application access logs for any signs of exploitation, such as unexpected file operations involving .pkl files or unusual process execution.

Proactive Monitoring:

• Log Analysis: Scrutinize application logs for any usage of the yacc() function where the picklefile parameter is present. Monitor file system audit logs for the creation or modification of .pkl files in unexpected locations.
• Network Monitoring: Watch for unusual outbound connections from servers running applications with the PLY library, as this could indicate a successful compromise and communication with a command-and-control server.
• Endpoint Detection: Use endpoint security tools to detect suspicious process execution originating from the application process, which could signal that the RCE vulnerability has been exploited.

Compensating Controls: If immediate patching is not feasible, implement the following controls:

• Input Sanitization: Strictly validate and sanitize all user-controlled input that could potentially be passed to the vulnerable function.
• Web Application Firewall (WAF): Deploy WAF rules to block requests containing patterns indicative of this attack, such as file paths ending in .pkl.
• Principle of Least Privilege: Run the affected application with the minimum permissions necessary to function, thereby limiting the potential impact of a successful code execution exploit.

Exploitation Status

Public Exploit Available: True

Analyst Notes: As of January 20, 2026, proof-of-concept (PoC) exploit code is publicly available. The vulnerability relies on insecure deserialization using Python's pickle module, which is a well-understood and easily exploitable flaw. The primary risk factor is that the vulnerable parameter is undocumented, meaning developers are likely unaware of its existence and the associated danger. While there are no confirmed reports of widespread exploitation in the wild, the availability of a PoC makes targeted attacks highly probable.

Analyst Recommendation

Given the critical CVSS score of 9.8 and the direct path to remote code execution, this vulnerability requires immediate attention. We strongly recommend that all affected systems be patched on an emergency basis. Due to the ease of exploitation, organizations should assume they are being targeted and hunt for evidence of compromise. Although this vulnerability is not currently on the CISA KEV list, its severity and the availability of a public exploit warrant treating it with the highest priority.

Executive Summary:
A critical vulnerability has been identified in the react-native-bottom-tabs library, affecting versions 0.9.2 and below. The flaw resides within a GitHub Actions workflow, which can be manipulated by an attacker to inject malicious code into the software build process. This could lead to a supply chain attack, where applications using this library are unknowingly distributed with malicious code, potentially compromising end-user data and systems.

Vulnerability Details

CVE-ID: CVE-2025-54594

Affected Software: react-native-bottom-tabs (and by extension, multiple downstream products that use this library)

Affected Versions: Versions 0.9.2 and below

Vulnerability: The vulnerability exists in the github/workflows/release-canary.yml GitHub Actions workflow. This workflow improperly handles context from pull requests, allowing for command injection. An unauthenticated attacker can craft a malicious pull request with specially formatted branch names or commit messages. When the workflow is triggered, these malicious strings are used in a script or command line environment without proper sanitization, leading to arbitrary code execution on the build runner. This compromise allows an attacker to alter the release artifacts, embedding malware or backdoors into the compiled library that is then published for developers to use.

Business Impact

This vulnerability is rated critical with a CVSS score of 9.1, reflecting its severe potential impact. Successful exploitation would result in a supply chain compromise, a highly effective attack vector. If your organization's applications use the vulnerable library, they could be trojanized to steal sensitive corporate or customer data, deploy ransomware, or use your infrastructure for further attacks. The consequences include significant reputational damage, loss of customer trust, regulatory fines for data breaches, and substantial financial costs associated with incident response and remediation.

Remediation Plan

Immediate Action:

• Identify all applications and systems within your environment that utilize the react-native-bottom-tabs library.
• Update the dependency to the latest patched version (above 0.9.2) in all affected projects.
• Rebuild and redeploy all applications that were built using the vulnerable library version to ensure they are free from any potential compromise.
• Review access logs for build systems and artifact repositories for any signs of unauthorized access or modification around the time of vulnerable builds.

Proactive Monitoring:

• Monitor build server logs for unusual commands, network connections to unknown endpoints, or unexpected script executions during the CI/CD process.
• Implement integrity checks and binary analysis on all third-party libraries and release artifacts to detect anomalies or malicious code.
• Monitor deployed applications for anomalous behavior, such as unexpected network traffic or high resource consumption, which could indicate a compromise.

Compensating Controls:

• If immediate patching is not feasible, temporarily disable the automated release-canary.yml workflow in your fork of the repository to prevent exploitation.
• Implement a strict Software Bill of Materials (SBOM) to maintain visibility and control over all software dependencies.
• Enforce code signing for all release artifacts and verify signatures upon deployment to ensure their integrity has not been compromised.
• Harden CI/CD pipelines by limiting permissions, requiring manual approvals for sensitive workflows, and scanning workflow configurations for vulnerabilities.

Exploitation Status

Public Exploit Available: false

Analyst Notes:
As of August 6, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, vulnerabilities in CI/CD pipelines are highly valued by threat actors for supply chain attacks. Due to the straightforward nature of the likely attack vector (e.g., a malicious pull request), proof-of-concept (PoC) code could be developed and released quickly. Any exploitation would result in a compromised version of the library, making it difficult to detect without deep binary analysis.

Analyst Recommendation
Given the critical severity (CVSS 9.1) and the potential for a high-impact supply chain attack, this vulnerability requires immediate attention. We strongly recommend that all teams immediately initiate the remediation plan. The highest priority is to identify all instances of the react-native-bottom-tabs library and update them to a patched version. Although this CVE is not currently on the CISA KEV list, its critical nature warrants treating it with the same level of urgency as a known exploited vulnerability. A post-remediation audit of CI/CD security practices and dependency management is also advised to prevent similar issues in the future.