#argument-injection

[ follow ]
#path-traversal #cve-2026-24061 #telnetd #root-privilege-escalation #mcp-server-git #prompt-injection #commvault
Information security
fromTheregister
1 week ago

Ancient telnet bug happily hands out root to attackers

A trivial argument-injection in GNU InetUtils telnetd (CVE-2026-24061) allows remote attackers to bypass authentication and gain root access; active exploitation observed.
Information security
fromThe Hacker News
1 week ago

Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution

Three mcp-server-git vulnerabilities enable prompt-injection attackers to read or delete arbitrary files, execute code, and manipulate repositories unless updated to fixed versions.
fromTheregister
5 months ago

Commvault releases patches for two pre-auth RCE bug chains

The first chain involves two vulnerabilities ( CVE-2025-57791 and CVE-2025-57790), an argument injection in CommServe and a path traversal bug respectively. The severity scores for the flaws are not especially concerning on their own, but chained together they become more dangerous. In Commvault's advisory, it describes CVE-2025-57791 as a vulnerability that allows attackers to retrieve a valid user session for a low-privilege role, assigning it a CVSS score of 6.9 (medium severity).
Information security
[ Load more ]