This archive includes all published incident pages. Page 9 of 18.
Each page is intended to help a security team answer three questions quickly: why the issue is AI-relevant, what part of the workflow may be exposed, and what actions should happen first.
Selection criteria and correction policy are documented in Methodology & Editorial Policy.
Incident date: February 19, 2026 | Published: February 25, 2026
Description The zumba/json-serializer library allows deserialization of PHP objects from JSON using a special @type field. Prior to version 3.2.
Incident date: February 19, 2026 | Published: February 25, 2026
Summary Dagu's default configuration ships with authentication completely disabled. The POST /api/v2/dag-runs endpoint accepts an inline YAML spec and executes its shell commands immediately — no credentials, no token, nothing.
Incident date: February 19, 2026 | Published: February 25, 2026
Summary In affected versions, when apply_patch was enabled and the agent ran without filesystem sandbox containment, crafted paths could cause file writes/deletes outside the configured workspace directory.
Incident date: February 19, 2026 | Published: February 25, 2026
The origin validation uses startsWith() for comparison, allowing attackers to bypass the check by registering a domain that shares a common prefix with an allowed origin.
Incident date: February 19, 2026 | Published: February 25, 2026
Description The redirect query parameter is appended to the base origin without validation, allowing attackers to steal access tokens via URL authority injection.
Incident date: February 19, 2026 | Published: February 25, 2026
Summary The application fails to properly enforce role-based authorization during account creation. Although the system validates that the specified role exists, it does not verify whether the current user has sufficient privileges to...
Incident date: February 19, 2026 | Published: February 25, 2026
Summary htmlEscaped in leaf-kit will only escape html special characters if the extended grapheme clusters match, which allows bypassing escaping by using an extended grapheme cluster containing both the special html character and some...
Incident date: February 19, 2026 | Published: February 25, 2026
Impact [Host Policies](https://docs.cilium.io/en/stable/security/policy/language/#host-policies) will incorrectly permit traffic from Pods on other nodes when all of the following configurations are enabled: * [Native Routing](https://docs.
Incident date: February 19, 2026 | Published: February 20, 2026
Skill Scanner is a security scanner for AI Agent Skills that detects prompt injection, data exfiltration, and malicious code patterns.
Incident date: February 19, 2026 | Published: February 25, 2026
A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled.