Critical for AI Builders
Two major vulnerabilities hit AI development tooling this week. Marimo notebook tool is seeing active exploitation, while KTransformers has unsafe deserialization that affects distributed model serving.
- CVE-2026-39987 — Marimo (KEV exploited) — Pre-auth remote code execution allows unauthenticated shell access — Update immediately if running Marimo in production
- CVE-2026-26210 — KTransformers (CVSS 9.8) — Unsafe pickle deserialization in balance_serve mode exposes ZMQ socket without authentication — Upgrade to version >0.5.3 and audit network exposure
- CVE-2026-6859 — InstructLab (CVSS 8.8) — Hardcoded trust_remote_code=True in training scripts enables arbitrary code execution from malicious HuggingFace models — Review model sources before running ilab train/download/generate
- CVE-2026-39861 — Claude Code (CVSS 10.0) — Symlink sandbox bypass allows writing outside workspace without user prompt — Update to version 2.1.64 or later
Critical for Vibe Coders
JetBrains TeamCity is being exploited in the wild with a path traversal flaw that grants limited admin actions. Multiple critical vulnerabilities also hit protobuf JavaScript compilation and WordPress development plugins.
- CVE-2024-27199 — JetBrains TeamCity (KEV exploited) — Path traversal enables limited admin actions — Patch TeamCity immediately if self-hosted
- CVE-2026-41242 — protobufjs (CVSS 9.8) — Code injection in type fields executes during object decoding — Update to version 8.0.1 or 7.5.5
- CVE-2026-40372 — ASP.NET Core (CVSS 9.1) — Improper cryptographic signature verification enables privilege escalation — Apply Microsoft security updates
- CVE-2026-40614 — PJSIP (CVSS 8.8) — Buffer overflow in Opus audio frame decoding — Update PJSIP to latest version if using audio features
- CVE-2026-6518 — WordPress CMP Plugin (CVSS 8.8) — Arbitrary file upload via AJAX action with insufficient capability checks — Update plugin to >4.1.16
Critical for Open Source
Several critical supply chain risks emerged including unsafe deserialization in protobufjs and buffer overflows in widely-used multimedia libraries. PAC4J authentication library also has LDAP injection flaws.
- CVE-2026-41242 — protobufjs (CVSS 9.8) — Malicious type field injection enables arbitrary code execution during deserialization — Maintainers should audit type field validation in all protobuf compilation paths
- CVE-2026-40892 — PJSIP (CVSS 9.8) — Stack buffer overflow in digest authentication with pre-computed credentials — Implement bounds checking in pjsip_auth_create_digest2()
- CVE-2026-40459 — PAC4J (CVSS 8.8) — LDAP injection in ID-based search parameters — Update to versions 4.5.10, 5.7.10, or 6.4.1
- CVE-2026-41445 — KissFFT (CVSS 8.8) — Integer overflow in allocation size calculation causes undersized malloc — Apply commit 8a8e66e with proper size validation
- CVE-2026-40614 — PJSIP (CVSS 8.8) — Buffer overflow in Opus decode path due to insufficient FEC buffer sizing — Increase FEC buffer allocation to handle maximum frame sizes
Run This Audit On Your Stack
This recipe runs against your repo, in your agent of choice (Claude, ChatGPT, Cursor, Copilot — anything with file access). It uses osv.dev as the source of truth, not a JSON from us. Run it once after every dependency bump, or wire it into your own weekly schedule — your call.
The recipe
List every dependency manifest in this repo (package.json, requirements.txt,
go.mod, Cargo.toml, pom.xml, Gemfile, composer.json — whichever apply). For
each declared package and version, query osv.dev for known vulnerabilities.
For every match, show the CVE id, severity, the affected version range, and
the fixed version. Draft the version bump and either open a PR (if you have
repo write access) or summarize the diff in a comment. If nothing matches,
reply: "Clean run — no advisories matched."