This archive includes all published incident pages. Page 10 of 18.
Each page is intended to help a security team answer three questions quickly: why the issue is AI-relevant, what part of the workflow may be exposed, and what actions should happen first.
Selection criteria and correction policy are documented in Methodology & Editorial Policy.
Incident date: February 19, 2026 | Published: February 25, 2026
Summary An issue in Kata with Cloud Hypervisor allows a user of the container to modify the file system used by the Guest micro VM ultimately achieving arbitrary code execution as root in said VM.
Incident date: February 19, 2026 | Published: February 25, 2026
Description On February 17, 2026 at 3:26 AM PT, an unauthorized party used a compromised npm publish token to publish an update to Cline CLI on the NPM registry: cline@2.3.0. The published package contains a modified package.
Incident date: February 19, 2026 | Published: February 25, 2026
Summary The batch resource creation endpoints of both Kargo's legacy gRPC API and newer REST API accept multi-document YAML payloads.
Incident date: February 19, 2026 | Published: February 25, 2026
Summary Kargo's authorization model includes a promote verb -- a non-standard Kubernetes ["dolphin verb"](https://www.aquasec.com/blog/kubernetes-verbs/) -- that gates the ability to advance Freight through a promotion pipeline.
Incident date: February 18, 2026 | Published: February 25, 2026
fabric.js applies escapeXml() to text content during SVG export ( src/shapes/Text/TextSVGExportMixin.ts:186 ) but fails to apply it to other user-controlled string values that are interpolated into SVG attribute markup.
Incident date: February 18, 2026 | Published: February 25, 2026
Vulnerability In some shared-agent deployments, OpenClaw session tools ( sessions_list , sessions_history , sessions_send ) allowed broader session targeting than some operators intended.
Incident date: February 18, 2026 | Published: February 25, 2026
Summary A configuration injection issue in the Docker tool sandbox could allow dangerous Docker options (bind mounts, host networking, unconfined profiles) to be applied, enabling container escape or host data access.
Incident date: February 18, 2026 | Published: February 25, 2026
Summary TensorFlow / Keras continues to honor HDF5 “external storage” and ExternalLink features when loading weights. A malicious .weights.h5 (or a .
Incident date: February 18, 2026 | Published: February 25, 2026
Summary A query injection vulnerability exists in the @langchain/langgraph-checkpoint-redis package's filter handling.
Incident date: February 18, 2026 | Published: February 25, 2026
Summary minimatch is vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn't appear in the test string.