CERT Recently Published Vulner... Note

CERT Recently Published Vulnerability Notes

kb.cert.org/vuls is a webpage maintained by the Carnegie Mellon University Software Engineering Institute (SEI) which provides a publicly accessible database of known software vulnerabilities. It lists a vast amount of vulnerability information including identifiers, descriptions, severity ratings, and potential impacts, helping users stay informed about potential security risks.

Thread Of Notes

Adalo's no-code application platform has a significant security flaw that exposes complete user records through its database API for all applications built on both V1 and V2. This issue affects over one million applications, putting developers and their end users at risk of data exposure. The problem arises from a platform-level flaw that allows authenticated users to retrieve full user data belonging to any Adalo application, regardless of configuration. Adalo is a Software-as-a-Service provider for building no-code applications, and each application is supposed to be logically isolated with separate databases, users, and configurations. However, the Adalo database API contains a flaw that allows the backend to return complete user records for every list component request, regardless of which fields the component is configured to display. The database does not enforce ownership-aware, server-side authorization checks, allowing authenticated users of any Adalo application to query database and table identifiers belonging to other applications and retrieve full records. Additionally, Adalo's use of long-lived JWT tokens, which remain valid for approximately twenty days, allows attackers to reuse these tokens to query the database API directly and extract large volumes of user data. The combination of exposed tokens, permissive CORS behavior, and large response limits enables persistent, automated harvesting of entire user databases using only a single token obtained from any visitor session. The vulnerabilities affect all Adalo applications across both V1 and V2, and customers and tenants should assume that data in Adalo collections may be exposed and avoid storing sensitive information there until a patch is deployed. Adalo has acknowledged the issue, but no patch is currently available, and users should remain aware of increased phishing and identity theft risks and monitor their accounts for suspicious activity.
Microsoft is revoking trust for older versions of the open-source shim bootloader due to a Secure Boot bypass vulnerability. This vulnerability allows attackers to execute arbitrary code early in the boot process, circumventing security measures. The affected shim bootloaders, primarily versions 0.9 and earlier, will be added to the Microsoft UEFI Forbidden Signature Database (DBX). Once the DBX is updated, these bootloaders will be disallowed from running.The shim project facilitates Secure Boot for Linux distributions by acting as a bridge between firmware and the operating system. However, vendors who forked older, vulnerable versions without updating created a persistent supply chain risk. Researchers identified specific vulnerable shim bootloaders from various vendors, including Red Hat, baramundi, and Oracle.Exploiting this flaw enables attackers with boot modification privileges to gain persistent control, potentially loading unsigned kernel components that survive reboots. These malicious components can evade operating system security and endpoint detection solutions. To mitigate this, users must apply the latest vendor software and bootloader updates.Additionally, applying Microsoft's DBX update is crucial to block vulnerable bootloaders. Enterprises and developers should test these updates thoroughly before widespread deployment. It is recommended to update the authorized signature database (DB) before applying DBX revocations. Tools are available to audit and verify DBX updates and identify revoked boot components.
The PCTCore64.sys Windows kernel driver from PC Tools Internet Security has a significant security vulnerability. This driver exposes a device interface called \.\PCTCoreDriver without proper access control measures in place. Consequently, any user-mode process can interact with this driver and execute privileged IOCTL commands.In a Bring Your Own Vulnerable Driver (BYOVD) scenario, an attacker with the ability to load a Windows driver can exploit this flaw. They can perform sensitive low-level operations on the target system by invoking the driver's exposed interface. The driver lacks secure descriptor application, allowing unprivileged processes to open device handles and send privileged IOCTL requests.This allows attackers to perform actions like enumerating system-wide handles and manipulating handles across processes. Crucially, it enables credential extraction from sensitive processes like lsass.exe. Arbitrary process termination, including protected processes, is also possible.Although PC Tools Internet Security was discontinued in 2013, the driver remains signed and exploitable in BYOVD attacks. This vulnerability facilitates credential theft, disabling security software, and achieving broader system compromise. The impact includes credential theft, denial-of-service, and system compromise.The solution is to remove and block the vulnerable driver, as it is no longer maintained. Organizations should also implement mitigations against BYOVD attacks, such as restricting admin privileges and enabling Windows security features like HVCI and WDAC.
Terrarium is a platform designed for secure code execution in a sandbox environment. A critical vulnerability has been found within Terrarium, enabling arbitrary code execution with root privileges on the host Node.js process. This exploit stems from an issue within the Pyodide WebAssembly environment.The vulnerability originates from the way jsglobals objects are configured, specifically the mock document object. This object, created from a standard JavaScript object literal, inherits from Object.prototype. This inheritance allows sandboxed code to ascend the prototype chain to the function constructor. From there, attackers can create a function that returns globalThis, granting access to essential Node.js internals like require(). Consequently, an attacker can break out of the sandbox and run any command as root within the container.This sandbox escape vulnerability, identified as CVE-2026-5752, poses significant risks to applications relying on Terrarium. It allows attackers to execute commands as root, access and alter sensitive files, compromise internal network services, and potentially escape the container for further privilege escalation. Unfortunately, a vendor patch is currently unavailable.To mitigate this risk, disabling code submission to the sandbox, if feasible, is recommended. Network segmentation and the use of a Web Application Firewall (WAF) are also crucial to limit the attack surface and detect malicious traffic. Continuous monitoring of container activity for unusual behavior is advised. Furthermore, strict access controls and the use of secure container orchestration tools are essential. Keeping all dependencies updated and patched is a fundamental security practice. This vulnerability was discovered by Jeremy Brown using AI-assisted research.
Malformed ZIP headers enable antivirus and EDR software to produce false negatives, as some extraction software can still decompress the archive. ZIP archives hold crucial metadata like compression method and version information, which antivirus engines use for preprocessing. Attackers can modify the compression method field, preventing proper decompression and analysis of the payload. After evading antivirus systems, the payload can be recovered by a custom loader that bypasses the declared method. This technique allows attackers to conceal malicious content while still being able to retrieve it programmatically. Standard extraction tools, however, often fail with errors when encountering these manipulated archives. This vulnerability is akin to previously identified CVEs. A remote attacker can craft a ZIP archive with tampered metadata to bypass inspection by antivirus or EDR software. While many products may flag the file as corrupted, execution of malicious code still requires user interaction to extract or process the archive. A custom loader that ignores the declared compression method can recover and execute the concealed content. Antivirus and EDR vendors should avoid relying solely on declared archive metadata for content handling. Scanners should implement more aggressive detection modes to validate compression method fields against actual content and flag inconsistencies. Users are advised to contact their antivirus or EDR providers for vulnerability assessment and mitigation guidance.
A command injection vulnerability exists in the MS-Agent framework, allowing arbitrary command execution due to unsanitized prompt input. The MS-Agent framework uses a Shell tool for executing commands on the operating system. The vulnerability arises because the software fails to adequately sanitize external content before execution through this Shell tool.An attacker can use prompt injection techniques to trick the agent into running unintended shell commands. The Shell tool attempts to restrict unsafe commands using a regular expression-based denylist in its check_safe() method. However, this denylist mechanism can be bypassed by crafted input, enabling malicious commands to reach the shell execution layer. This vulnerability, tracked as CVE-2026-2256, allows attackers to execute arbitrary operating system commands. It can be exploited when the agent processes or retrieves attacker-controlled content containing malicious command sequences.Denylist-based filtering is inherently weak and can often be circumvented through various methods like encoding or obfuscation. Successful exploitation grants the attacker the ability to execute commands with the privileges of the MS-Agent process. This could lead to system file modification, lateral movement, persistence, or data exfiltration.No vendor patch or statement was provided during coordination. Users are advised to deploy MS-Agent only in trusted environments with validated input. Agents with shell execution should be sandboxed or run with least-privilege permissions. Replacing denylists with strict allowlists and improving isolation for tool execution are also recommended mitigation strategies.