This archive includes all published incident pages. Page 8 of 16.
Each page is intended to help a security team answer three questions quickly: why the issue is AI-relevant, what part of the workflow may be exposed, and what actions should happen first.
Selection criteria and correction policy are documented in Methodology & Editorial Policy.
Incident date: February 19, 2026 | Published: February 25, 2026
Description The redirect query parameter is appended to the base origin without validation, allowing attackers to steal access tokens via URL authority injection.
Incident date: February 19, 2026 | Published: February 25, 2026
Summary The application fails to properly enforce role-based authorization during account creation. Although the system validates that the specified role exists, it does not verify whether the current user has sufficient privileges to...
Incident date: February 19, 2026 | Published: February 25, 2026
Summary htmlEscaped in leaf-kit will only escape html special characters if the extended grapheme clusters match, which allows bypassing escaping by using an extended grapheme cluster containing both the special html character and some...
Incident date: February 19, 2026 | Published: February 25, 2026
Impact [Host Policies](https://docs.cilium.io/en/stable/security/policy/language/#host-policies) will incorrectly permit traffic from Pods on other nodes when all of the following configurations are enabled: * [Native Routing](https://docs.
Incident date: February 19, 2026 | Published: February 20, 2026
Skill Scanner is a security scanner for AI Agent Skills that detects prompt injection, data exfiltration, and malicious code patterns.
Incident date: February 19, 2026 | Published: February 25, 2026
A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled.
Incident date: February 19, 2026 | Published: February 25, 2026
Summary An issue in Kata with Cloud Hypervisor allows a user of the container to modify the file system used by the Guest micro VM ultimately achieving arbitrary code execution as root in said VM.
Incident date: February 19, 2026 | Published: February 25, 2026
Description On February 17, 2026 at 3:26 AM PT, an unauthorized party used a compromised npm publish token to publish an update to Cline CLI on the NPM registry: cline@2.3.0. The published package contains a modified package.
Incident date: February 19, 2026 | Published: February 25, 2026
Summary The batch resource creation endpoints of both Kargo's legacy gRPC API and newer REST API accept multi-document YAML payloads.
Incident date: February 19, 2026 | Published: February 25, 2026
Summary Kargo's authorization model includes a promote verb -- a non-standard Kubernetes ["dolphin verb"](https://www.aquasec.com/blog/kubernetes-verbs/) -- that gates the ability to advance Freight through a promotion pipeline.