PoC Week 2026-05-04
The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.
For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. I don’t vouch for any links in this list: follow them with caution.
CVE-2026-31431 NEW
- Severity: 7.8 HIGH
- Impacted Products: All major Linux distros since 2017
- Description: This local privilege escalation is rated as Important severity. Part of the Linux kernel’s cryptographic interface contains an incorrect in-place operation, where source and destination data mappings differ. This could lead to data integrity issues, including the escalation to root privileges.
- Remediation:
- More Info: NVD - CVE-2026-31431
- PoC:
CVE-2026-41940 NEW
- Severity: 9.8 CRITICAL
- Impacted Products: cPanel and WHM versions after 11.40
- Description: cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
- Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
- More Info: NVD - CVE-2026-41940
- PoC:
CVE-2026-33634
- Severity: 8.8 HIGH
- Impacted Products: Aqua Security Trivy v0.69.4, aquasecurity/trivy-action (versions 0.0.1 – 0.34.2), aquasecurity/setup-trivy (versions 0.2.0 – 0.2.6)
- Description: Aqua Security Trivy and its associated GitHub Actions were affected by a supply chain compromise where a threat actor published malicious releases containing embedded malware. This incident allowed for the execution of credential-stealing code within environments using the affected software.
- Remediation:
- More Info: NVD - CVE-2026-33634
- PoC:
CVE-2026-41679 NEW
- Severity: 10.0 CRITICAL
- Impacted Products: Paperclip, prior to version 2026.416.0
- Description: Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in
authenticatedmode with default configuration. No user interaction, no credentials, just the target’s address. The chain consists of six API calls. The attack is fully automated, requires no user interaction, and works against the default depl… - Remediation:
- More Info: NVD - CVE-2026-41679
- PoC:
CVE-2026-41651 NEW
- Severity: 8.8 HIGH
- Impacted Products: PackageKit
- Description: PackageKit is affected by a time-of-check time-of-use (TOCTOU) race condition vulnerability that allows a local unprivileged user to escalate privileges to root. This flaw exists due to improper synchronization and validation of transaction flags within the D-Bus abstraction layer.
- Remediation:
- More Info: NVD - CVE-2026-41651
- PoC:
CVE-2026-3854 NEW
- Severity: 8.8 HIGH
- Impacted Products: GitHub Enterprise Server
- Description: GitHub Enterprise Server is affected by a command injection vulnerability that allows an authenticated attacker with push access to a repository to achieve remote code execution. This issue stems from the improper neutralization of special elements within Git push options during internal service communication.
- Remediation:
- More Info: NVD - CVE-2026-3854
- PoC:
CVE-2026-33656 NEW
- Severity: 9.1 CRITICAL
- Impacted Products: EspoCRM, prior to version 9.3.4
- Description: EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, EspoCRM’s built-in formula scripting engine allowing updating attachment’s sourceId thus allowing an authenticated admin to overwrite the
sourceIdfield onAttachmententities. BecausesourceIdis concatenated directly into a file path with no sanitization inEspoUploadDir::getFilePath(), an attacker can redirect any file read or write operation to an arbitrary path within the web server’s … - Remediation:
- More Info: NVD - CVE-2026-33656
- PoC:
CVE-2024-46636 NEW
- Severity: 9.4 CRITICAL
- Impacted Products: NASA Earth Observing System Data and Information System (EOSDIS) MODAPS v8.1
- Description: NASA Earth Observing System Data and Information System (EOSDIS) MODAPS v8.1 was discovered to contain a SQL injection vulnerability in the category parameter
- Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
- More Info: NVD - CVE-2024-46636
- PoC:
CVE-2026-21852 NEW
- Severity: 7.5 HIGH
- Impacted Products: Claude Code 2.0.65
- Description: Claude Code, an agentic coding tool for Node.js developed by Anthropic, is affected by an information disclosure vulnerability in versions prior to 2.0.65 that allows malicious repositories to exfiltrate sensitive data, including Anthropic API keys. This issue occurs because the application processes project-level configuration settings and initiates network requests before the user is prompted to trust the repository.
- Remediation:
- More Info: NVD - CVE-2026-21852
- PoC:
CVE-2025-68664 NEW
- Severity: 8.2 HIGH
- Impacted Products: langchain-core
- Description: LangChain is affected by a serialization injection vulnerability in the langchain-core library’s
dumps()anddumpd()functions. This flaw allows an attacker to craft malicious data that is misinterpreted as a legitimate internal object during deserialization. - Remediation:
- More Info: NVD - CVE-2025-68664
- PoC:
References
This list was scraped from the quite amazing and highly recommended newsletters below:
Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.