Authlib CVE-2026-28802 API Security Vulnerability Patched

Four chained vulnerabilities in CrewAI’s Python multi-agent framework allow sandbox escape, arbitrary code execution, SSRF, and local file access. Fixes include blocking risky modules and stricter defaults. #CrewAI #CodeInterp #CVE2026 ➡️ https://ift.tt/lz1wADt

⚠️ Medium Risk Vulnerability Alert! The Claude SDK for Python has a memory tool path validation race condition that allows sandbox escape. This issue is related to API security and can lead to unrestricted resource consumption. It's been patched in version 0.87.0. Stay safe and keep your systems updated! #ClaudeSDK #Python #APIsecurity #OWASP #CVE2026-34452 https://lnkd.in/g26q6ZAn

🚨 High risk vulnerability in Langflow! CVE-2026-33873 is an authenticated code execution flaw that can result in arbitrary server-side Python execution. This highlights the importance of API security and proper function level authorization. Stay safe and update to Langflow version 1.9.0 to fix the issue. #Langflow #APIsecurity #OWASP #CVE202633873 https://lnkd.in/g9i5zgT6

Imagine this: your scanners flag a high-severity CVE in a Python application… right before a major release. Updating the dependency isn’t safe, but shipping with the vulnerability isn’t an option either. Sound familiar? You're not alone. 🥹 In our latest blog post, Wesley Wiedenmeier shares how the Chainguard Factory backports security patches for our Python Libraries, helping teams stay secure without breaking their builds. Backporting at scale raises some tough questions: • How do you verify a backported patch matches upstream? • How do you confirm the patch truly fixes the vulnerability? • How do you ensure it actually comes from the real upstream project? We'll address these challenges and share how we’re solving them. https://lnkd.in/gFazFWs4

🚨 Telnyx Python SDK compromised. TeamPCP's 5th supply chain attack in 9 days. PyPI versions 4.87.1 and 4.87.2 hide payloads inside valid WAV audio files. Our AI threat agent detected it this morning. We wrote up the technical breakdown. If you run Telnyx, check your version now. Full writeup here: https://lnkd.in/dZ6C3hFm #SupplyChainSecurity #InfoSec #PyPI #Python #DevSecOps #AppSec #ThreatIntel, #AISecurity, #CISO

🚨Medium Risk Vulnerability🚨 in Claude SDK for Python! A security misconfiguration (CVE-2026-34450) could allow local attackers to read or modify memory files, potentially influencing model behavior. This highlights the importance of #APISecurity. The issue has been patched in version 0.87.0, so please update if you're using this SDK. #ClaudeSDK #Python #OWASP #SecurityMisconfiguration https://lnkd.in/g6dJ-sea

My first CVE is here: CVE-2026-32722 I identified and responsibly disclosed a stored XSS vulnerability in Bloomberg Memray’s HTML report generation flow. Root cause: unescaped command-line metadata rendered into generated reports. Fix: released by the maintainers in v1.19.2. Appreciate the maintainers for the quick triage, fix, and coordination. More technical details on my site: https://lnkd.in/dkGps-CW #CVE #AppSec #SecurityResearch #ResponsibleDisclosure #Python #VulnerabilityResearch

I've just published a small tool that gathers a few pieces of OSINT information about a domain or an IP address, named 𝐰𝐡𝐨-𝐝𝐢𝐬. This is a very early version of the tool, and I'll be working on expanding its capabilities. If you have a free API key from ipinfo .io, the tool can get you some IP geolocation information as well. As always, contributors are always welcomed. https://lnkd.in/gXXCVZEE #osint #python #opensource

CVE-2026-33017 is an unauthenticated remote code execution flaw in Langflow’s public flow build endpoint, exploited within 20 hours to run arbitrary Python and steal credentials via multi-stage attacks. #Langflow #RemoteCode #Exploit2026 ➡️ https://ift.tt/Rkc8mxl