"That 'responsible disclosure' Thing"

A post with the details of CVE-2026-23918, the double free vulnerability fixed in Apache httpd 2.4.67.

#apache
https://eissing.org/icing/posts/responsible-disclosure/

DigitalOcean: Hey that Apache vuln thing needs upgrade on your droplet.

Me: Thanks! Are your distro repos updated to contain the patched version?

DO: lol no

[Edit: to be fair, this is Debian's fault, not DOs (see screenshot). At least DO told me!]

[Edit 2: that specific vuln was quietly fixed on Debian specifically well before this version?? Would be advisable for them to have said that now?
https://infosec.exchange/@tychotithonus/116527548611779862 ]

#CVE_2026_23918

#Debian stable #apache2 package 2.4.66-1~deb13u2 already includes the fix for CVE-2026-23918.

You an verify this by apt-get source apache2 and then checking out apache2-2.4.66/debian/patches/bug1125368.patch

The security tracker at https://security-tracker.debian.org/tracker/CVE-2026-23918 currently has wrong information. This is likely due to automation based on version numbers alone.

#CVE_2026_23918

RE: https://chaos.social/@icing/116526903529846107

Aftermath: people, running Debian httpd 2.4.66, started complaining when they’ll get the 2.4.67 update to fix this RCE vulnerability. Which they already were protected from, but did not know. Because the CVE was not public at the time the fix was shipped.

[...]

Two security researchers found the vulnerability independently. Just scanning the 2.4.66 source code. This means the bad guys can no longer be kept in the dark. Coordinated disclosure no longer works.

#CVE_2026_23918

Yang masih pakai #httpd nya #apache silahkan dicek, kena impact-nya gak

Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE https://thehackernews.com/2026/05/critical-apache-http2-flaw-cve-2026.html

#cve #infosec

Mocne odkrycie - RCE bez uwierzytelnienia w serwerze Apache znalezione przez Bartłomieja Dmitruka ze striga.ai (detektor błędów oparty na AI) oraz Stanisława Strzałkowskiego z ISEC.pl. Na serwerze musi być włączone mod_http2 - ale na wielu jest.

https://www.cve.org/CVERecord?id=CVE-2026-23918
https://httpd.apache.org/security/vulnerabilities_24.html

@tychotithonus I just love the Debian security tracker, they manage the flood so good https://security-tracker.debian.org/tracker/CVE-2026-23918

Faille Apache : deux simples trames suffisent à faire un déni de service (CVE-2026-23918) https://www.it-connect.fr/faille-apache-deux-simples-trames-suffisent-a-faire-un-deni-de-service-cve-2026-23918/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Apache

@Andres4NY Parent post updated, apparently CVE-2026-23918 was fixed much earlier?

Está a ser uns dias complicados para muitos... 🫠

https://support.cpanel.net/hc/en-us/articles/40229402602519-Security-CVE-2026-23918

Doubling the Trouble

CVE-2026-23918 double free vulnerability PoC for Apache httpd <=2.4.66. Fixed in >=2.4.67
https://github.com/nflatrea/playground/tree/main/cve/CVE-2026-23918

📰 Critical RCE Flaw in Apache HTTP Server's HTTP/2 Module Patched

🚨 CRITICAL APACHE FLAW: A double-free bug (CVE-2026-23918) in Apache HTTP Server's http2 module allows for DoS and potential RCE. A PoC exploit exists. Upgrade to version 2.4.67 immediately! #Apache #CyberSecurity #Vulnerability #RCE

🔗 https://cyber.netsecops.io

Whoopsie

https://security.paloaltonetworks.com/CVE-2026-0300

...sigh...
<insert HereWeGoAgain.gif meme>

~~~~~~~~~~~

Urgent Palo Alto Networks Security Advisory - Severity 9.3 · CRITICAL

Palo Alto Networks has published one new Security Advisory for a Critical Unauthenticated User initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal. This is available at https://security.paloaltonetworks.com/CVE-2026-0300

We strongly advise PAN-OS customers to read the advisory and take appropriate action immediately to protect their devices.

#PaloAlto #Cybersecurity #SysAdmin #Infosec

So this PAN-OS bug, CVE-2026-0300.

Is there a good reason to expose this User-ID Authentication Portal to the internet in the first place? Yes yes, defend against insider threats and all that, but the opportunistic, across-the-ocean attack seems like it relies more on misconfiguration than anything.

It doesn't seem to be very useful to associate a user identity to an internet-based IP address in the first place, so don't do that? Or am I wildly misunderstanding the utility here? (At first I thought it was like a capture portal like you find on hotel WiFi, but it's more specialized than that I think.)

Regardless, @runZeroInc has a Rapid Response out for it now. No Palo Alto patches available yet.

https://www.runzero.com/blog/palo-alto-networks/

Today in send a packet to a border security appliance and get root.

https://security.paloaltonetworks.com/CVE-2026-0300

📰 Critical Palo Alto Networks Zero-Day (CVE-2026-0300) Actively Exploited for RCE

🚨 CRITICAL ZERO-DAY: Palo Alto Networks warns of an unpatched, actively exploited RCE vulnerability (CVE-2026-0300) in PAN-OS firewalls. The flaw allows root access via the User-ID portal. Mitigate immediately! #CyberSecurity #ZeroDay #PANOS

🔗 https://cyber.netsecops.io

#PaloAlto PAN-OS Vulnerability CVE-2026-0300 Under Active Exploitation - Enables Remote Code Execution (#RCE) - CVSS 9.3 no patch released yet, but expected soon!
👇
https://thehackernews.com/2026/05/palo-alto-pan-os-flaw-under-active.html

PAN-OS zero-day (CVE-2026-0300) exploited.
• Unauth RCE (root)
• Targets exposed portals
• Patches start May 13

https://www.technadu.com/palo-alto-networks-to-patch-exploited-pan-os-zero-day-cve-2026-0300-starting-may-13/627358/

Are you mitigating now?
#InfoSec #CyberSecurity #ZeroDay

CVE Record: CVE-2026-0300 - Title: PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal

https://www.cve.org/CVERecord?id=CVE-2026-0300

Copy Fail CVE-2026-31431

> How they found it
> Taeyang Lee's earlier kernelCTF work had mapped out the AF_ALG attack surface. He realized that AF_ALG + splice creates a path where unprivileged userspace can feed page cache pages directly into the crypto subsystem and suspected that scatterlist page provenance may be an underexplored source of vulnerabilities.

#cve #linux #kernel #security

https://xint.io/blog/copy-fail-linux-distributions#how-we-found-it-9

#OpenShift hosters 🔊 Red Hat has released blocker for copy-fail vulnerability, no reboots needed:

https://access.redhat.com/solutions/7142136

#RedHat #CopyFail #CVE202631431

🚨ATENCIÓN: un bug en #linux lleva escondido 9 años en el sistema, se llama Copy Fail, está asociado a CVE-2026-31431, y afecta a una parte crítica del #kernel relacionada con algif_aead, la interfaz criptográfica usada para mover datos entre espacio de usuario y kernel.

en pocas palabras, un bug de Linux escondido durante 9 años puede permitir que un usuario sin privilegios escale hasta root en segundos.

Aquí en el video lo explica de que trata esta vulnerabilidad.👇 https://www.youtube.com/watch?v=R7_Jrm7zY-0

Sobre a CVE-31431 "Copy Fail":

Escrevi alguma coisa no github: https://github.com/darioomatos/cve-2026-31431-copyfail

Cuidado con este fallo que afecta a los sistemas Linux... https://www.adslzone.net/noticias/seguridad/vulnerabilidad-copy-fail-linux-cve-2026-31431/

Copy Fail: What You Need to Know About the Most Severe Linux Threat in Years

https://unit42.paloaltonetworks.com/cve-2026-31431-copy-fail/

Read on HackerWorkspace: https://hackerworkspace.com/article/copy-fail-what-you-need-to-know-about-the-most-severe-linux-threat-in-years

#cybersecurity #threatintelligence #vulnerability

I just came across another article that was also published yesterday on #podman rootless containers and #copyfail. This one takes a closer look at the exploit itself and how the kernel handles the attempt to escalate privileges. It also draws a similar conclusion regarding the role of user namespaces in limiting exposure in rootless mode.

Great read! https://www.dragonsreach.it/2026/05/04/cve-2026-31431-copy-fail-rootless-containers/

#TUTORIALES

📢 Cómo comprobar y mitigar la vulnerabilidad Copy Fail (CVE-2026-31431) en GNU/Linux

Detecta si tu sistema GNU/Linux es vulnerable a Copy Fail (CVE-2026-31431) y aprende a aplicar el fix correctamente.

https://voidnull.es/como-comprobar-y-mitigar-la-vulnerabilidad-copy-fail-cve-2026-31431-en-gnu-linux/

#Linode (#Akamai Cloud) has published documentation on how to mitigate #CopyFail for both new and existing instances running there:

https://www.linode.com/docs/guides/cve-2026-31431-copy-fail-mitigation/

https://www.dragonsreach.it/2026/05/04/cve-2026-31431-copy-fail-rootless-containers/

Copy.fail: a small Linux kernel bug with an unusually big blast radius https://jorijn.com/en/blog/copy-fail-cve-2026-31431-linux-kernel-bug-explained/

Une analyse bien documentée de cette faille, qui est bien complexe, et basée sur une somme de mauvais comportements dans le noyau https://www.linuxtricks.fr/news/10-logiciels-libres/600-copy-fail-cve-2026-31431-synthese-technique-sur-cette-faille-linux/ #linux #sécurité #faille #analyse

Lmaooo
https://github.com/theori-io/copy-fail-CVE-2026-31431/issues/128

CISA warns: CopyFail Linux vuln exploited.
• Privilege escalation → root
• Impacts major distros
• Patch deadline May 15

https://www.technadu.com/cisa-warns-of-severe-copyfail-linux-vulnerability-under-active-exploitation-cve-2026-31431/627365/

Are you patched?
#InfoSec #Linux #CyberSecurity

CVE-2026-0073 Android adbd TLS client-authentication bypass

https://barghest.asia/blog/cve-2026-0073-adb-tls-auth-bypass/

Read on HackerWorkspace: https://hackerworkspace.com/article/cve-2026-0073-android-adbd-tls-client-authentication-bypass

#cybersecurity #authentication #vulnerability

CVE-2026-0073 affects Android’s System component and it can be exploited without any user interaction. https://www.securityweek.com/critical-remote-code-execution-vulnerability-patched-in-android-2/

So, #GitHub is having a rough go of it lately. With significant instability and frequent outages in the last month and platform uptime dropping below 85%.

But the most fun trick? Any authenticated user could execute arbitrary commands on GitHub's backend servers with a single git push command - using nothing but a standard git client. (Because their architecture didn’t sterilize semicolons, thus prompt injection.)

On GitHub Enterprise Server, the vulnerability grants full server compromise, including access to all hosted repositories and internal secrets.

GitHub Enterprise Server customers should upgrade ASAP. Wiz dot io data indicates that 88% of instances were still vulnerable.

https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

#infosec #live #githubEnterprise #rce

Kaspersky researchers just found and presented a Snapdragon 410/210/617 bootrom exploit - CVE-2026-25262 in this month’s Qualcomm security bulletin.

It’s well known that every forensics tool supported exploiting those SoCs from the bootrom, but for 9 years, nobody knew how they were doing it.

This is some amazing research that finally solves the mystery..

I’m sure the BananaHackers community of Snapdragon 210 flip phone modders will find a use for this.

pyghidra-mcp v0.2.0 is out with new --gui mode. 👀

Your local LLM drives a real Ghidra CodeBrowser, not a plugin.

New blog post shows firmware RE of the CVE-2024-3273 RCE chain with Gemma4.

https://clearbluejar.github.io/posts/pyghidra-mcp-meets-ghidra-gui-drive-project-wide-re-with-local-ai/