{"vulnerability": "cve-2026-5054", "sightings": [{"uuid": "81754fd7-ca7d-4fee-94e1-20b6fddf42ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5054", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mj6szey3qd2z", "content": "", "creation_timestamp": "2026-04-11T02:45:39.990715Z"}, {"uuid": "7ab11f8d-2a87-4bc4-9198-c02087716d70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5054", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mj75vq3bbj2m", "content": "", "creation_timestamp": "2026-04-11T06:00:30.715184Z"}, {"uuid": "be5ebb11-a6d1-469b-9926-9519961ad6fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5054", "type": "seen", "source": "Telegram/oNJqzE-05Z_hzc8NPQW-z5MMZ2uUFxP7FYrJiMTOKneUM6w", "content": "", "creation_timestamp": "2026-04-11T03:21:45.000000Z"}, {"uuid": "179515a0-fc6c-48a5-98c0-af73db37c151", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50545", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnxgurkwmi2m", "content": "CVE-2026-50545 - Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover\nCVE ID : CVE-2026-50545\n \n Published : June 10, 2026, 6:17 p.m. | 23\u00a0minutes ago\n \n Description : Fission is an open-source, Kubernetes-native serverless framework that simpl...", "creation_timestamp": "2026-06-10T19:26:35.272959Z"}, {"uuid": "3bbdd1ca-1992-4a6a-8fca-3c5cf05ebc6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5054", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mnzaj66i6v2c", "content": "\ud83d\udccc CVE-2026-5054 - NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on ... https://www.cyberhub.blog/cves/CVE-2026-5054", "creation_timestamp": "2026-06-11T12:37:08.323965Z"}, {"uuid": "41665066-62c8-4954-82b5-64925c46d925", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50545", "type": "seen", "source": "https://bsky.app/profile/attrition.org/post/3mog7m2jsis2z", "content": "@f5labs.bsky.social re: www.f5.com/labs/article...  Are you using \"AI\" to do these? e.g. \"Threat Details and IOCs\" and \"CVE-2026-35273, CVE-2026-46695, CVE-2026-46703, CVE-2026-48558, CVE-2026-50545\" has nothing to do with the section above, and those CVEs are largely not for the software listed.", "creation_timestamp": "2026-06-16T16:25:31.611613Z"}, {"uuid": "beb86783-bd02-4b9e-9adf-c6b01ea38ef1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50549", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp5s4fr4f42x", "content": "CVE-2026-50549 - Cursor Desktop sandbox escape via symlink and failed path canonicalization\nCVE ID : CVE-2026-50549\n \n Published : June 25, 2026, 6:47 p.m. | 6\u00a0hours, 23\u00a0minutes ago\n \n Description : Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor ru...", "creation_timestamp": "2026-06-26T01:27:58.306903Z"}, {"uuid": "fc4f588b-dafc-413e-b4d2-3680a491175a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50548", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp5saapazc2a", "content": "CVE-2026-50548 - Cursor Desktop sandbox escape via agent-controlled working directory\nCVE ID : CVE-2026-50548\n \n Published : June 25, 2026, 6:47 p.m. | 6\u00a0hours, 23\u00a0minutes ago\n \n Description : Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs age...", "creation_timestamp": "2026-06-26T01:30:06.844638Z"}, {"uuid": "51389a47-63ce-47a1-8b98-a230fe164865", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50548", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mpbyqcckd52g", "content": "\ud83d\udccc CVE-2026-50548 - Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default, and the sandbox gran... https://www.cyberhub.blog/cves/CVE-2026-50548", "creation_timestamp": "2026-06-27T17:37:06.843828Z"}, {"uuid": "b62e5d71-e0c3-4a7f-9da1-439dbbfdf9f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50549", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mpc2fwtsnn2g", "content": "\ud83d\udccc CVE-2026-50549 - Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default. Before a Write, the ... https://www.cyberhub.blog/cves/CVE-2026-50549", "creation_timestamp": "2026-06-27T18:07:06.797902Z"}, {"uuid": "c6e64647-47c8-4b78-a989-e5a56e947cd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50548", "type": "seen", "source": "https://bsky.app/profile/newssecia.bsky.social/post/3mpm2pf23vm2u", "content": "\ud83e\udd16 CVE-2026-50548/50549 (CVSS 9.8): Prompt injection in Cursor AI editor allows sandbox escape and arbitrary command execution via a crafted prompt. Dubbed \"DuneSlide\" by Cato AI Labs.\nhttps://thehackernews.com/2026/07/critical-cursor-flaws-could-let-prompt.html", "creation_timestamp": "2026-07-01T17:39:00.830596Z"}, {"uuid": "92afac53-4c82-403c-82f4-a94fc502f3de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50548", "type": "seen", "source": "https://thehackernews.com/2026/07/critical-cursor-flaws-could-let-prompt.html", "content": "Two flaws in Cursor, an AI code editor, could let a single, ordinary-looking prompt break out of the editor's safety sandbox and run any command on a developer's computer. There is no click to fall for and no approval box to ignore.\n\nCato AI Labs&nbsp;found the pair and named them DuneSlide. They are tracked as&nbsp;CVE-2026-50548&nbsp;and&nbsp;CVE-2026-50549, both rated 9.8 out of 10 (or 9.3", "creation_timestamp": "2026-07-01T19:00:56.233889Z"}, {"uuid": "928e5f6a-8cd3-455b-a5c6-38da0672083d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50549", "type": "seen", "source": "https://thehackernews.com/2026/07/critical-cursor-flaws-could-let-prompt.html", "content": "Two flaws in Cursor, an AI code editor, could let a single, ordinary-looking prompt break out of the editor's safety sandbox and run any command on a developer's computer. There is no click to fall for and no approval box to ignore.\n\nCato AI Labs&nbsp;found the pair and named them DuneSlide. They are tracked as&nbsp;CVE-2026-50548&nbsp;and&nbsp;CVE-2026-50549, both rated 9.8 out of 10 (or 9.3", "creation_timestamp": "2026-07-01T19:00:56.294422Z"}, {"uuid": "905fd6cd-c14b-4297-ad02-01fa9387fee6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50548", "type": "seen", "source": "https://thehackernews.com/2026/07/critical-cursor-flaws-could-let-prompt.html", "content": "Two flaws in Cursor, an AI code editor, could let a single, ordinary-looking prompt break out of the editor's safety sandbox and run any command on a developer's computer. There is no click to fall for and no approval box to ignore.\n\nCato AI Labs&nbsp;found the pair and named them DuneSlide. They are tracked as&nbsp;CVE-2026-50548&nbsp;and&nbsp;CVE-2026-50549, both rated 9.8 out of 10 (or 9.3", "creation_timestamp": "2026-07-02T01:00:45.709253Z"}, {"uuid": "a2eeba95-9d72-4cfd-93a2-fa88a1a3349c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50549", "type": "seen", "source": "https://thehackernews.com/2026/07/critical-cursor-flaws-could-let-prompt.html", "content": "Two flaws in Cursor, an AI code editor, could let a single, ordinary-looking prompt break out of the editor's safety sandbox and run any command on a developer's computer. There is no click to fall for and no approval box to ignore.\n\nCato AI Labs&nbsp;found the pair and named them DuneSlide. They are tracked as&nbsp;CVE-2026-50548&nbsp;and&nbsp;CVE-2026-50549, both rated 9.8 out of 10 (or 9.3", "creation_timestamp": "2026-07-02T01:00:45.767561Z"}, {"uuid": "a13308e6-d3e5-48a4-b0e6-94cbef24c277", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50548", "type": "seen", "source": "https://bsky.app/profile/suriq.io/post/3mpq5twsw3725", "content": "Cursor's AI agent had a sandbox. Two flaws (DuneSlide, CVSS 9.8) let a poisoned MCP server or web result overwrite it and run code.\n\nNo login, no click.\n\nFixed in Cursor 3.0. (CVE-2026-50548/50549)", "creation_timestamp": "2026-07-03T08:45:54.459771Z"}, {"uuid": "c267207e-056a-474a-bc50-eb259c918cdc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50548", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116855225036326256", "content": "DuneSlide (CVE-2026-50548/50549): CRITICAL zero-click RCE in Cursor AI editor &lt;3.0. Flaws in sandbox &amp; symlink handling enable attackers to escape IDE, compromise OS. Upgrade to v3.0+ now. https://radar.offseq.com/threat/critical-cursor-ai-code-editor-flaws-could-lead-to-2cf2d4969fcd376b #OffSeq #Infosec #Vuln #RCE", "creation_timestamp": "2026-07-03T09:00:30.418575Z"}, {"uuid": "fcaf51f9-469b-4782-a875-ab90d0456695", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50548", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mpq6o42rfy2l", "content": "CRITICAL: DuneSlide (CVE-2026-50548/50549) in Cursor AI editor &lt;3.0 enables zero-click RCE via sandbox escape. Upgrade to 3.0+ to patch. Details: https://radar.offseq.com/threat/critical-cursor-ai-code-editor-flaws-could-lead-to-2cf2d4969fcd376b #OffSeq #security #RCE", "creation_timestamp": "2026-07-03T09:00:59.464164Z"}, {"uuid": "b3f96b4b-107a-4c0d-bff1-76ec549dfe15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50548", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mpqb6fecso2u", "content": "Critical Cursor AI editor flaws, CVE-2026-50548 and CVE-2026-50549, can trigger OS-level remote code execution outside the IDE sandbox. Patched in Cursor 3.0. #Cursor #CatoNetworks #DuneSlide", "creation_timestamp": "2026-07-03T09:45:26.136237Z"}, {"uuid": "5b1b4b2f-39fa-4cf1-b8f9-565ccf70e54d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50549", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mpqb6fecso2u", "content": "Critical Cursor AI editor flaws, CVE-2026-50548 and CVE-2026-50549, can trigger OS-level remote code execution outside the IDE sandbox. Patched in Cursor 3.0. #Cursor #CatoNetworks #DuneSlide", "creation_timestamp": "2026-07-03T09:45:26.174396Z"}, {"uuid": "10b06075-3080-4507-ae2b-a4b3a9b90d55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50548", "type": "seen", "source": "https://bsky.app/profile/pondero-ai.bsky.social/post/3mpqh2hpzka2m", "content": "CVE-2026-50548 abused the working_directory parameter on Cursor's terminal tool. When the agent sets a non-default directory, Cursor adds that path to its allowed-write list without validating it. Injected instructions aimed that parameter at a system path instead.", "creation_timestamp": "2026-07-03T11:30:36.588743Z"}, {"uuid": "f9d7984e-3839-4296-8595-f16a232b0067", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50549", "type": "seen", "source": "https://bsky.app/profile/pondero-ai.bsky.social/post/3mpqh2hzomx2t", "content": "That let an attacker overwrite the sandbox helper itself, or shell startup files like ~/.zshrc, disabling all containment for every command that followed. A second flaw, CVE-2026-50549, opened a separate route through the same underlying trust model.", "creation_timestamp": "2026-07-03T11:30:37.191693Z"}, {"uuid": "a7bc7588-24db-4e5d-bdb7-72dce3533bb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50548", "type": "seen", "source": "https://bsky.app/profile/securityonline.bsky.social/post/3mpyc7trc5l2r", "content": "Discover the new Cursor IDE RCE vulnerability called DuneSlide. This critical sandbox escape flaw assigned CVE-2026-50548 threatens developer environments.\n\n#CursorIDE #RCE #DuneSlide #CyberSecurity #CVE202650548", "creation_timestamp": "2026-07-06T14:25:26.897018Z"}, {"uuid": "c94d0f9d-d6e3-48c9-a2fa-d4381ceb2d59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50548", "type": "seen", "source": "https://bsky.app/profile/securitylab-jp.bsky.social/post/3mq3xaldgj226", "content": "AI \u30b3\u30fc\u30c7\u30a3\u30f3\u30b0\u30a8\u30c7\u30a3\u30bf Cursor\u306b\u6df1\u523b\u306a\u8106\u5f31\u6027(CVE-2026-50548\u3001CVE-2026-50549)-DuneSlide\nrocket-boys.co.jp/security-mea...\n\n#\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56Lab #security #securitynews", "creation_timestamp": "2026-07-08T01:19:43.035790Z"}, {"uuid": "aee82343-fea6-4d99-bc20-97f3c4f3b2f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50549", "type": "seen", "source": "https://bsky.app/profile/securitylab-jp.bsky.social/post/3mq3xaldgj226", "content": "AI \u30b3\u30fc\u30c7\u30a3\u30f3\u30b0\u30a8\u30c7\u30a3\u30bf Cursor\u306b\u6df1\u523b\u306a\u8106\u5f31\u6027(CVE-2026-50548\u3001CVE-2026-50549)-DuneSlide\nrocket-boys.co.jp/security-mea...\n\n#\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56Lab #security #securitynews", "creation_timestamp": "2026-07-08T01:19:43.090376Z"}, {"uuid": "4f654722-47ad-4755-9a9e-0658a08d0638", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50548", "type": "seen", "source": "https://t.me/true_secator/8376", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0442\u0440\u0435\u043d\u0434\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u0443\u0433\u0440\u043e\u0437\u044b, \u043d\u0430 \u0442\u0435\u043a\u0443\u0449\u0438\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 \u0440\u0430\u0441\u043a\u043b\u0430\u0434 \u0442\u0430\u043a\u043e\u0439:\n\n1. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 Android \u0438 Apple, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430\u0445 AirDrop \u0438 Quick Share.\n\n\u0414\u043b\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u044c\u0441\u044f \u043d\u0430 \u0440\u0430\u0441\u0441\u0442\u043e\u044f\u043d\u0438\u0438 \u043e\u0442 10 \u0434\u043e 30 \u043c\u0435\u0442\u0440\u043e\u0432 \u043e\u0442 \u0446\u0435\u043b\u0438. \u0421\u043e\u043f\u0440\u044f\u0436\u0435\u043d\u0438\u0435, \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u0438\u043b\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u044e\u0442\u0441\u044f.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e\u0441\u0442\u0438 \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044e\u0442\u0441\u044f \u043f\u0440\u0438 \u043f\u0440\u0438\u0431\u043b\u0438\u0436\u0435\u043d\u0438\u0438 \u043d\u043e\u0432\u043e\u0433\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430. \u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0443\u0436\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b, \u0440\u0430\u0431\u043e\u0442\u0430 \u043d\u0430\u0434 \u043e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442\u0441\u044f.\n\n2. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0435 Apple \u00ab\u0421\u043a\u0440\u044b\u0442\u044c \u043c\u043e\u044e \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u0443\u044e\u00a0\u043f\u043e\u0447\u0442\u0443\u00bb \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u043c\u0443 \u0430\u0434\u0440\u0435\u0441\u0443 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f. \u041f\u0440\u0438\u0447\u0435\u043c Apple \u043d\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u044d\u0442\u0443 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0443\u0436\u0435 \u0431\u043e\u043b\u0435\u0435 \u0433\u043e\u0434\u0430.\n\n3. Rubrik \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0430 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0447\u0435\u0442\u044b\u0440\u0435\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u0432 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0435 \u0434\u043b\u044f \u0441\u0431\u043e\u0440\u043a\u0438 \u0418\u0418 Langflow, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u0440\u0430\u043d\u0435\u0435 \u0432 \u044d\u0442\u043e\u043c \u0433\u043e\u0434\u0443. \u0412\u0441\u0435 \u043e\u043d\u0438 \u0431\u044b\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0432 \u043c\u0430\u0435, \u0438 \u0434\u0432\u0435 \u0438\u0437 \u043d\u0438\u0445 \u0438\u043c\u0435\u044e\u0442 \u043e\u0446\u0435\u043d\u043a\u0438 CVSS 9,6 \u0438 9,8.\n\n4. \u0412 Cursor 3.0, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u043e\u043c \u0432 \u0430\u043f\u0440\u0435\u043b\u0435, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0434\u0432\u0435 RCE-\u043e\u0448\u0438\u0431\u043a\u0438 DuneSlide (CVE-2026-50548 \u0438 CVE-2026-50549, CVSS 9,8), \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u0438\u0437\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u044b IDE. \u0422\u0435\u043f\u0435\u0440\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0431\u0435\u0438\u0445 \u043e\u0448\u0438\u0431\u043e\u043a.\n\n5. SafeBreach \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u043d\u043e\u0432\u044b\u0435 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043c\u0435\u0442\u043e\u0434\u0430 \u043e\u0442\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f Endpoint Mapper (EPM) \u0434\u043b\u044f \u043d\u043e\u0432\u044b\u0445 \u0430\u0442\u0430\u043a \u043d\u0430 Windows LPE. \n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442, \u0447\u0442\u043e \u0434\u0430\u0436\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0435 \u0432 \u0441\u0442\u0440\u043e\u0433\u043e \u0438\u0437\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u0435, \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, \u0435\u0441\u043b\u0438 \u0438\u043c \u0443\u0434\u0430\u0441\u0442\u0441\u044f \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 RPC-\u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u043a \u0441\u0435\u0440\u0432\u0435\u0440\u0443, \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c.\n\n6. \u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u043b\u0443\u0447\u0448\u0438\u0445 \u0441\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 \u043c\u043e\u0434\u0435\u043b\u0435\u0439 \u0418\u0418 \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u0441 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435\u043c \u043f\u043e\u0434\u0441\u043a\u0430\u0437\u043e\u043a, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 \u0442\u0435\u043a\u0441\u0442, \u0441\u043a\u0440\u044b\u0442\u044b\u0439 \u0432\u043d\u0443\u0442\u0440\u0438 \u0444\u0430\u0439\u043b\u043e\u0432 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0439.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c DeepKeep, \u043d\u043e\u0432\u0430\u044f \u0430\u0442\u0430\u043a\u0430 InkJect \u0438\u043c\u0435\u0435\u0442 \u0434\u0432\u0430 \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u0430. \u041f\u0435\u0440\u0432\u044b\u0439 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0431\u0435\u043b\u043e\u0433\u043e \u0442\u0435\u043a\u0441\u0442\u0430 \u043d\u0430 \u0431\u0435\u043b\u043e\u043c \u0444\u043e\u043d\u0435, \u0430 \u0432\u0442\u043e\u0440\u043e\u0439 \u0438\u0441\u043a\u0430\u0436\u0430\u0435\u0442 \u0438 \u0434\u0435\u0444\u043e\u0440\u043c\u0438\u0440\u0443\u0435\u0442 \u0442\u0435\u043a\u0441\u0442 \u043f\u043e\u0434 \u0440\u0430\u0437\u043d\u044b\u043c\u0438 \u0443\u0433\u043b\u0430\u043c\u0438.\n\n\u041c\u043e\u0434\u0435\u043b\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u0434\u0430\u0435\u0442\u0441\u044f \u043a\u043e\u043c\u0430\u043d\u0434\u0430 \u0437\u0430\u0433\u0440\u0443\u0437\u0438\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0435 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0438, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0435 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f, \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u043e\u0447\u0438\u0442\u0430\u0442\u044c \u0442\u0435\u043a\u0441\u0442, \u0430 \u0437\u0430\u0442\u0435\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b.\n\n7. Sysdig \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u043f\u0435\u0440\u0432\u0443\u044e \u0430\u0442\u0430\u043a\u0443 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c ransomware, \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0418\u0418. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b \u0418\u0418-\u0430\u0433\u0435\u043d\u0442\u0430 \u0434\u043b\u044f \u0432\u0437\u043b\u043e\u043c\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 Langflow, \u043a\u0440\u0430\u0436\u0438 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u0430 \u0437\u0430\u0442\u0435\u043c \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044f.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Sysdig, \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0443-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c \u0431\u044b\u043b\u043e \u043d\u0435\u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e \u0440\u0430\u0441\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u0442\u044c, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0418\u0418-\u0430\u0433\u0435\u043d\u0442 \u043d\u0438\u0433\u0434\u0435 \u043d\u0435 \u0445\u0440\u0430\u043d\u0438\u043b \u043a\u043b\u044e\u0447 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f. \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442 \u044d\u0442\u0443 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044e \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c JADEPUFFER.\n\n\u0418\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u043c \u043f\u0440\u043e\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u044f \u0441\u0442\u0430\u043b\u0430 \u0441\u0442\u0430\u0440\u0430\u044f, \u0443\u0436\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f CVE-2025-3248, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 Langflow, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u044e\u0431\u043e\u043c\u0443, \u043a\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0435\u0440\u0432\u0435\u0440\u0443, \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043d\u0430 \u043d\u0435\u043c \u0441\u0432\u043e\u0439 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 Python \u0431\u0435\u0437 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 Langflow 1.3.0 \u0438 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0441\u043f\u0438\u0441\u043e\u043a \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 CISA \u0432 \u043c\u0430\u0435 2025 \u0433\u043e\u0434\u0430, \u043d\u043e \u043c\u043d\u043e\u0433\u0438\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u044b \u0442\u0430\u043a \u0438 \u043d\u0435 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u044b.\n\n8. Argo CD, \u0448\u0438\u0440\u043e\u043a\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0439 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u0434\u043b\u044f \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u041f\u041e \u0432 Kubernetes, \u0438\u043c\u0435\u0435\u0442 \u043d\u0435\u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 repo-server, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043a\u043e\u0434 \u043f\u0440\u0438 \u0443\u0441\u043b\u043e\u0432\u0438\u0438, \u0447\u0442\u043e \u043e\u043d \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0435\u043c\u0443 \u0441\u0435\u0442\u0435\u0432\u043e\u043c\u0443 \u043f\u043e\u0440\u0442\u0443 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 Synacktiv, \u0437\u0430\u044f\u0432\u043b\u044f\u044f, \u0447\u0442\u043e \u043e\u043d\u0430 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043f\u043e\u043b\u043d\u043e\u043c\u0443 \u0437\u0430\u0445\u0432\u0430\u0442\u0443 \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u0430. \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430 \u043e \u043d\u0435\u0439 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430\u043c \u0432 \u044f\u043d\u0432\u0430\u0440\u0435 2025. \u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u043d\u0435\u0442, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0437\u0430\u0449\u0438\u0442\u0430 \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0438\u0437\u043e\u043b\u044f\u0446\u0438\u0438.\u00a0", "creation_timestamp": "2026-07-13T13:00:05.091566Z"}, {"uuid": "0981e9fe-7409-475d-8bc6-32b5146ee133", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50549", "type": "seen", "source": "https://t.me/true_secator/8376", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0442\u0440\u0435\u043d\u0434\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u0443\u0433\u0440\u043e\u0437\u044b, \u043d\u0430 \u0442\u0435\u043a\u0443\u0449\u0438\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 \u0440\u0430\u0441\u043a\u043b\u0430\u0434 \u0442\u0430\u043a\u043e\u0439:\n\n1. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 Android \u0438 Apple, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430\u0445 AirDrop \u0438 Quick Share.\n\n\u0414\u043b\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u044c\u0441\u044f \u043d\u0430 \u0440\u0430\u0441\u0441\u0442\u043e\u044f\u043d\u0438\u0438 \u043e\u0442 10 \u0434\u043e 30 \u043c\u0435\u0442\u0440\u043e\u0432 \u043e\u0442 \u0446\u0435\u043b\u0438. \u0421\u043e\u043f\u0440\u044f\u0436\u0435\u043d\u0438\u0435, \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u0438\u043b\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u044e\u0442\u0441\u044f.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e\u0441\u0442\u0438 \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044e\u0442\u0441\u044f \u043f\u0440\u0438 \u043f\u0440\u0438\u0431\u043b\u0438\u0436\u0435\u043d\u0438\u0438 \u043d\u043e\u0432\u043e\u0433\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430. \u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0443\u0436\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b, \u0440\u0430\u0431\u043e\u0442\u0430 \u043d\u0430\u0434 \u043e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442\u0441\u044f.\n\n2. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0435 Apple \u00ab\u0421\u043a\u0440\u044b\u0442\u044c \u043c\u043e\u044e \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u0443\u044e\u00a0\u043f\u043e\u0447\u0442\u0443\u00bb \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u043c\u0443 \u0430\u0434\u0440\u0435\u0441\u0443 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f. \u041f\u0440\u0438\u0447\u0435\u043c Apple \u043d\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u044d\u0442\u0443 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0443\u0436\u0435 \u0431\u043e\u043b\u0435\u0435 \u0433\u043e\u0434\u0430.\n\n3. Rubrik \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0430 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0447\u0435\u0442\u044b\u0440\u0435\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u0432 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0435 \u0434\u043b\u044f \u0441\u0431\u043e\u0440\u043a\u0438 \u0418\u0418 Langflow, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u0440\u0430\u043d\u0435\u0435 \u0432 \u044d\u0442\u043e\u043c \u0433\u043e\u0434\u0443. \u0412\u0441\u0435 \u043e\u043d\u0438 \u0431\u044b\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0432 \u043c\u0430\u0435, \u0438 \u0434\u0432\u0435 \u0438\u0437 \u043d\u0438\u0445 \u0438\u043c\u0435\u044e\u0442 \u043e\u0446\u0435\u043d\u043a\u0438 CVSS 9,6 \u0438 9,8.\n\n4. \u0412 Cursor 3.0, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u043e\u043c \u0432 \u0430\u043f\u0440\u0435\u043b\u0435, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0434\u0432\u0435 RCE-\u043e\u0448\u0438\u0431\u043a\u0438 DuneSlide (CVE-2026-50548 \u0438 CVE-2026-50549, CVSS 9,8), \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u0438\u0437\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u044b IDE. \u0422\u0435\u043f\u0435\u0440\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0431\u0435\u0438\u0445 \u043e\u0448\u0438\u0431\u043e\u043a.\n\n5. SafeBreach \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u043d\u043e\u0432\u044b\u0435 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043c\u0435\u0442\u043e\u0434\u0430 \u043e\u0442\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f Endpoint Mapper (EPM) \u0434\u043b\u044f \u043d\u043e\u0432\u044b\u0445 \u0430\u0442\u0430\u043a \u043d\u0430 Windows LPE. \n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442, \u0447\u0442\u043e \u0434\u0430\u0436\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0435 \u0432 \u0441\u0442\u0440\u043e\u0433\u043e \u0438\u0437\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u0435, \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, \u0435\u0441\u043b\u0438 \u0438\u043c \u0443\u0434\u0430\u0441\u0442\u0441\u044f \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 RPC-\u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u043a \u0441\u0435\u0440\u0432\u0435\u0440\u0443, \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c.\n\n6. \u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u043b\u0443\u0447\u0448\u0438\u0445 \u0441\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 \u043c\u043e\u0434\u0435\u043b\u0435\u0439 \u0418\u0418 \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u0441 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435\u043c \u043f\u043e\u0434\u0441\u043a\u0430\u0437\u043e\u043a, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 \u0442\u0435\u043a\u0441\u0442, \u0441\u043a\u0440\u044b\u0442\u044b\u0439 \u0432\u043d\u0443\u0442\u0440\u0438 \u0444\u0430\u0439\u043b\u043e\u0432 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0439.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c DeepKeep, \u043d\u043e\u0432\u0430\u044f \u0430\u0442\u0430\u043a\u0430 InkJect \u0438\u043c\u0435\u0435\u0442 \u0434\u0432\u0430 \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u0430. \u041f\u0435\u0440\u0432\u044b\u0439 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0431\u0435\u043b\u043e\u0433\u043e \u0442\u0435\u043a\u0441\u0442\u0430 \u043d\u0430 \u0431\u0435\u043b\u043e\u043c \u0444\u043e\u043d\u0435, \u0430 \u0432\u0442\u043e\u0440\u043e\u0439 \u0438\u0441\u043a\u0430\u0436\u0430\u0435\u0442 \u0438 \u0434\u0435\u0444\u043e\u0440\u043c\u0438\u0440\u0443\u0435\u0442 \u0442\u0435\u043a\u0441\u0442 \u043f\u043e\u0434 \u0440\u0430\u0437\u043d\u044b\u043c\u0438 \u0443\u0433\u043b\u0430\u043c\u0438.\n\n\u041c\u043e\u0434\u0435\u043b\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u0434\u0430\u0435\u0442\u0441\u044f \u043a\u043e\u043c\u0430\u043d\u0434\u0430 \u0437\u0430\u0433\u0440\u0443\u0437\u0438\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0435 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0438, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0435 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f, \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u043e\u0447\u0438\u0442\u0430\u0442\u044c \u0442\u0435\u043a\u0441\u0442, \u0430 \u0437\u0430\u0442\u0435\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b.\n\n7. Sysdig \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u043f\u0435\u0440\u0432\u0443\u044e \u0430\u0442\u0430\u043a\u0443 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c ransomware, \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0418\u0418. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b \u0418\u0418-\u0430\u0433\u0435\u043d\u0442\u0430 \u0434\u043b\u044f \u0432\u0437\u043b\u043e\u043c\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 Langflow, \u043a\u0440\u0430\u0436\u0438 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u0430 \u0437\u0430\u0442\u0435\u043c \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044f.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Sysdig, \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0443-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c \u0431\u044b\u043b\u043e \u043d\u0435\u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e \u0440\u0430\u0441\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u0442\u044c, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0418\u0418-\u0430\u0433\u0435\u043d\u0442 \u043d\u0438\u0433\u0434\u0435 \u043d\u0435 \u0445\u0440\u0430\u043d\u0438\u043b \u043a\u043b\u044e\u0447 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f. \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442 \u044d\u0442\u0443 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044e \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c JADEPUFFER.\n\n\u0418\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u043c \u043f\u0440\u043e\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u044f \u0441\u0442\u0430\u043b\u0430 \u0441\u0442\u0430\u0440\u0430\u044f, \u0443\u0436\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f CVE-2025-3248, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 Langflow, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u044e\u0431\u043e\u043c\u0443, \u043a\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0435\u0440\u0432\u0435\u0440\u0443, \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043d\u0430 \u043d\u0435\u043c \u0441\u0432\u043e\u0439 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 Python \u0431\u0435\u0437 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 Langflow 1.3.0 \u0438 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0441\u043f\u0438\u0441\u043e\u043a \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 CISA \u0432 \u043c\u0430\u0435 2025 \u0433\u043e\u0434\u0430, \u043d\u043e \u043c\u043d\u043e\u0433\u0438\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u044b \u0442\u0430\u043a \u0438 \u043d\u0435 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u044b.\n\n8. Argo CD, \u0448\u0438\u0440\u043e\u043a\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0439 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u0434\u043b\u044f \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u041f\u041e \u0432 Kubernetes, \u0438\u043c\u0435\u0435\u0442 \u043d\u0435\u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 repo-server, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043a\u043e\u0434 \u043f\u0440\u0438 \u0443\u0441\u043b\u043e\u0432\u0438\u0438, \u0447\u0442\u043e \u043e\u043d \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0435\u043c\u0443 \u0441\u0435\u0442\u0435\u0432\u043e\u043c\u0443 \u043f\u043e\u0440\u0442\u0443 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 Synacktiv, \u0437\u0430\u044f\u0432\u043b\u044f\u044f, \u0447\u0442\u043e \u043e\u043d\u0430 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043f\u043e\u043b\u043d\u043e\u043c\u0443 \u0437\u0430\u0445\u0432\u0430\u0442\u0443 \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u0430. \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430 \u043e \u043d\u0435\u0439 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430\u043c \u0432 \u044f\u043d\u0432\u0430\u0440\u0435 2025. \u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u043d\u0435\u0442, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0437\u0430\u0449\u0438\u0442\u0430 \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0438\u0437\u043e\u043b\u044f\u0446\u0438\u0438.\u00a0", "creation_timestamp": "2026-07-13T13:00:05.142623Z"}, {"uuid": "25df66cd-2b59-413e-a2f2-7bcabc89d2f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50548", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/8376", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0442\u0440\u0435\u043d\u0434\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u0443\u0433\u0440\u043e\u0437\u044b, \u043d\u0430 \u0442\u0435\u043a\u0443\u0449\u0438\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 \u0440\u0430\u0441\u043a\u043b\u0430\u0434 \u0442\u0430\u043a\u043e\u0439:\n\n1. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 Android \u0438 Apple, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430\u0445 AirDrop \u0438 Quick Share.\n\n\u0414\u043b\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u044c\u0441\u044f \u043d\u0430 \u0440\u0430\u0441\u0441\u0442\u043e\u044f\u043d\u0438\u0438 \u043e\u0442 10 \u0434\u043e 30 \u043c\u0435\u0442\u0440\u043e\u0432 \u043e\u0442 \u0446\u0435\u043b\u0438. \u0421\u043e\u043f\u0440\u044f\u0436\u0435\u043d\u0438\u0435, \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u0438\u043b\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u044e\u0442\u0441\u044f.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e\u0441\u0442\u0438 \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044e\u0442\u0441\u044f \u043f\u0440\u0438 \u043f\u0440\u0438\u0431\u043b\u0438\u0436\u0435\u043d\u0438\u0438 \u043d\u043e\u0432\u043e\u0433\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430. \u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0443\u0436\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b, \u0440\u0430\u0431\u043e\u0442\u0430 \u043d\u0430\u0434 \u043e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442\u0441\u044f.\n\n2. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0435 Apple \u00ab\u0421\u043a\u0440\u044b\u0442\u044c \u043c\u043e\u044e \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u0443\u044e\u00a0\u043f\u043e\u0447\u0442\u0443\u00bb \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u043c\u0443 \u0430\u0434\u0440\u0435\u0441\u0443 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f. \u041f\u0440\u0438\u0447\u0435\u043c Apple \u043d\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u044d\u0442\u0443 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0443\u0436\u0435 \u0431\u043e\u043b\u0435\u0435 \u0433\u043e\u0434\u0430.\n\n3. Rubrik \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0430 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0447\u0435\u0442\u044b\u0440\u0435\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u0432 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0435 \u0434\u043b\u044f \u0441\u0431\u043e\u0440\u043a\u0438 \u0418\u0418 Langflow, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u0440\u0430\u043d\u0435\u0435 \u0432 \u044d\u0442\u043e\u043c \u0433\u043e\u0434\u0443. \u0412\u0441\u0435 \u043e\u043d\u0438 \u0431\u044b\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0432 \u043c\u0430\u0435, \u0438 \u0434\u0432\u0435 \u0438\u0437 \u043d\u0438\u0445 \u0438\u043c\u0435\u044e\u0442 \u043e\u0446\u0435\u043d\u043a\u0438 CVSS 9,6 \u0438 9,8.\n\n4. \u0412 Cursor 3.0, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u043e\u043c \u0432 \u0430\u043f\u0440\u0435\u043b\u0435, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0434\u0432\u0435 RCE-\u043e\u0448\u0438\u0431\u043a\u0438 DuneSlide (CVE-2026-50548 \u0438 CVE-2026-50549, CVSS 9,8), \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u0438\u0437\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u044b IDE. \u0422\u0435\u043f\u0435\u0440\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0431\u0435\u0438\u0445 \u043e\u0448\u0438\u0431\u043e\u043a.\n\n5. SafeBreach \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u043d\u043e\u0432\u044b\u0435 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043c\u0435\u0442\u043e\u0434\u0430 \u043e\u0442\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f Endpoint Mapper (EPM) \u0434\u043b\u044f \u043d\u043e\u0432\u044b\u0445 \u0430\u0442\u0430\u043a \u043d\u0430 Windows LPE. \n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442, \u0447\u0442\u043e \u0434\u0430\u0436\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0435 \u0432 \u0441\u0442\u0440\u043e\u0433\u043e \u0438\u0437\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u0435, \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, \u0435\u0441\u043b\u0438 \u0438\u043c \u0443\u0434\u0430\u0441\u0442\u0441\u044f \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 RPC-\u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u043a \u0441\u0435\u0440\u0432\u0435\u0440\u0443, \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c.\n\n6. \u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u043b\u0443\u0447\u0448\u0438\u0445 \u0441\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 \u043c\u043e\u0434\u0435\u043b\u0435\u0439 \u0418\u0418 \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u0441 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435\u043c \u043f\u043e\u0434\u0441\u043a\u0430\u0437\u043e\u043a, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 \u0442\u0435\u043a\u0441\u0442, \u0441\u043a\u0440\u044b\u0442\u044b\u0439 \u0432\u043d\u0443\u0442\u0440\u0438 \u0444\u0430\u0439\u043b\u043e\u0432 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0439.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c DeepKeep, \u043d\u043e\u0432\u0430\u044f \u0430\u0442\u0430\u043a\u0430 InkJect \u0438\u043c\u0435\u0435\u0442 \u0434\u0432\u0430 \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u0430. \u041f\u0435\u0440\u0432\u044b\u0439 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0431\u0435\u043b\u043e\u0433\u043e \u0442\u0435\u043a\u0441\u0442\u0430 \u043d\u0430 \u0431\u0435\u043b\u043e\u043c \u0444\u043e\u043d\u0435, \u0430 \u0432\u0442\u043e\u0440\u043e\u0439 \u0438\u0441\u043a\u0430\u0436\u0430\u0435\u0442 \u0438 \u0434\u0435\u0444\u043e\u0440\u043c\u0438\u0440\u0443\u0435\u0442 \u0442\u0435\u043a\u0441\u0442 \u043f\u043e\u0434 \u0440\u0430\u0437\u043d\u044b\u043c\u0438 \u0443\u0433\u043b\u0430\u043c\u0438.\n\n\u041c\u043e\u0434\u0435\u043b\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u0434\u0430\u0435\u0442\u0441\u044f \u043a\u043e\u043c\u0430\u043d\u0434\u0430 \u0437\u0430\u0433\u0440\u0443\u0437\u0438\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0435 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0438, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0435 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f, \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u043e\u0447\u0438\u0442\u0430\u0442\u044c \u0442\u0435\u043a\u0441\u0442, \u0430 \u0437\u0430\u0442\u0435\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b.\n\n7. Sysdig \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u043f\u0435\u0440\u0432\u0443\u044e \u0430\u0442\u0430\u043a\u0443 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c ransomware, \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0418\u0418. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b \u0418\u0418-\u0430\u0433\u0435\u043d\u0442\u0430 \u0434\u043b\u044f \u0432\u0437\u043b\u043e\u043c\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 Langflow, \u043a\u0440\u0430\u0436\u0438 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u0430 \u0437\u0430\u0442\u0435\u043c \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044f.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Sysdig, \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0443-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c \u0431\u044b\u043b\u043e \u043d\u0435\u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e \u0440\u0430\u0441\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u0442\u044c, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0418\u0418-\u0430\u0433\u0435\u043d\u0442 \u043d\u0438\u0433\u0434\u0435 \u043d\u0435 \u0445\u0440\u0430\u043d\u0438\u043b \u043a\u043b\u044e\u0447 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f. \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442 \u044d\u0442\u0443 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044e \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c JADEPUFFER.\n\n\u0418\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u043c \u043f\u0440\u043e\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u044f \u0441\u0442\u0430\u043b\u0430 \u0441\u0442\u0430\u0440\u0430\u044f, \u0443\u0436\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f CVE-2025-3248, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 Langflow, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u044e\u0431\u043e\u043c\u0443, \u043a\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0435\u0440\u0432\u0435\u0440\u0443, \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043d\u0430 \u043d\u0435\u043c \u0441\u0432\u043e\u0439 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 Python \u0431\u0435\u0437 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 Langflow 1.3.0 \u0438 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0441\u043f\u0438\u0441\u043e\u043a \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 CISA \u0432 \u043c\u0430\u0435 2025 \u0433\u043e\u0434\u0430, \u043d\u043e \u043c\u043d\u043e\u0433\u0438\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u044b \u0442\u0430\u043a \u0438 \u043d\u0435 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u044b.\n\n8. Argo CD, \u0448\u0438\u0440\u043e\u043a\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0439 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u0434\u043b\u044f \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u041f\u041e \u0432 Kubernetes, \u0438\u043c\u0435\u0435\u0442 \u043d\u0435\u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 repo-server, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043a\u043e\u0434 \u043f\u0440\u0438 \u0443\u0441\u043b\u043e\u0432\u0438\u0438, \u0447\u0442\u043e \u043e\u043d \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0435\u043c\u0443 \u0441\u0435\u0442\u0435\u0432\u043e\u043c\u0443 \u043f\u043e\u0440\u0442\u0443 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 Synacktiv, \u0437\u0430\u044f\u0432\u043b\u044f\u044f, \u0447\u0442\u043e \u043e\u043d\u0430 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043f\u043e\u043b\u043d\u043e\u043c\u0443 \u0437\u0430\u0445\u0432\u0430\u0442\u0443 \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u0430. \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430 \u043e \u043d\u0435\u0439 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430\u043c \u0432 \u044f\u043d\u0432\u0430\u0440\u0435 2025. \u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u043d\u0435\u0442, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0437\u0430\u0449\u0438\u0442\u0430 \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0438\u0437\u043e\u043b\u044f\u0446\u0438\u0438.\u00a0", "creation_timestamp": "2026-07-14T00:00:47.354795Z"}, {"uuid": "69e6db78-b2ed-4473-9dde-2a37f5e5420d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50549", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/8376", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0442\u0440\u0435\u043d\u0434\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u0443\u0433\u0440\u043e\u0437\u044b, \u043d\u0430 \u0442\u0435\u043a\u0443\u0449\u0438\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 \u0440\u0430\u0441\u043a\u043b\u0430\u0434 \u0442\u0430\u043a\u043e\u0439:\n\n1. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 Android \u0438 Apple, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430\u0445 AirDrop \u0438 Quick Share.\n\n\u0414\u043b\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u044c\u0441\u044f \u043d\u0430 \u0440\u0430\u0441\u0441\u0442\u043e\u044f\u043d\u0438\u0438 \u043e\u0442 10 \u0434\u043e 30 \u043c\u0435\u0442\u0440\u043e\u0432 \u043e\u0442 \u0446\u0435\u043b\u0438. \u0421\u043e\u043f\u0440\u044f\u0436\u0435\u043d\u0438\u0435, \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u0438\u043b\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u044e\u0442\u0441\u044f.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e\u0441\u0442\u0438 \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044e\u0442\u0441\u044f \u043f\u0440\u0438 \u043f\u0440\u0438\u0431\u043b\u0438\u0436\u0435\u043d\u0438\u0438 \u043d\u043e\u0432\u043e\u0433\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430. \u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0443\u0436\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b, \u0440\u0430\u0431\u043e\u0442\u0430 \u043d\u0430\u0434 \u043e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442\u0441\u044f.\n\n2. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0435 Apple \u00ab\u0421\u043a\u0440\u044b\u0442\u044c \u043c\u043e\u044e \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u0443\u044e\u00a0\u043f\u043e\u0447\u0442\u0443\u00bb \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u043c\u0443 \u0430\u0434\u0440\u0435\u0441\u0443 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f. \u041f\u0440\u0438\u0447\u0435\u043c Apple \u043d\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u044d\u0442\u0443 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0443\u0436\u0435 \u0431\u043e\u043b\u0435\u0435 \u0433\u043e\u0434\u0430.\n\n3. Rubrik \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0430 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0447\u0435\u0442\u044b\u0440\u0435\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u0432 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0435 \u0434\u043b\u044f \u0441\u0431\u043e\u0440\u043a\u0438 \u0418\u0418 Langflow, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u0440\u0430\u043d\u0435\u0435 \u0432 \u044d\u0442\u043e\u043c \u0433\u043e\u0434\u0443. \u0412\u0441\u0435 \u043e\u043d\u0438 \u0431\u044b\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0432 \u043c\u0430\u0435, \u0438 \u0434\u0432\u0435 \u0438\u0437 \u043d\u0438\u0445 \u0438\u043c\u0435\u044e\u0442 \u043e\u0446\u0435\u043d\u043a\u0438 CVSS 9,6 \u0438 9,8.\n\n4. \u0412 Cursor 3.0, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u043e\u043c \u0432 \u0430\u043f\u0440\u0435\u043b\u0435, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0434\u0432\u0435 RCE-\u043e\u0448\u0438\u0431\u043a\u0438 DuneSlide (CVE-2026-50548 \u0438 CVE-2026-50549, CVSS 9,8), \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u0438\u0437\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u044b IDE. \u0422\u0435\u043f\u0435\u0440\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0431\u0435\u0438\u0445 \u043e\u0448\u0438\u0431\u043e\u043a.\n\n5. SafeBreach \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u043d\u043e\u0432\u044b\u0435 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043c\u0435\u0442\u043e\u0434\u0430 \u043e\u0442\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f Endpoint Mapper (EPM) \u0434\u043b\u044f \u043d\u043e\u0432\u044b\u0445 \u0430\u0442\u0430\u043a \u043d\u0430 Windows LPE. \n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442, \u0447\u0442\u043e \u0434\u0430\u0436\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0435 \u0432 \u0441\u0442\u0440\u043e\u0433\u043e \u0438\u0437\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u0435, \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, \u0435\u0441\u043b\u0438 \u0438\u043c \u0443\u0434\u0430\u0441\u0442\u0441\u044f \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 RPC-\u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u043a \u0441\u0435\u0440\u0432\u0435\u0440\u0443, \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c.\n\n6. \u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u043b\u0443\u0447\u0448\u0438\u0445 \u0441\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 \u043c\u043e\u0434\u0435\u043b\u0435\u0439 \u0418\u0418 \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u0441 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435\u043c \u043f\u043e\u0434\u0441\u043a\u0430\u0437\u043e\u043a, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 \u0442\u0435\u043a\u0441\u0442, \u0441\u043a\u0440\u044b\u0442\u044b\u0439 \u0432\u043d\u0443\u0442\u0440\u0438 \u0444\u0430\u0439\u043b\u043e\u0432 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0439.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c DeepKeep, \u043d\u043e\u0432\u0430\u044f \u0430\u0442\u0430\u043a\u0430 InkJect \u0438\u043c\u0435\u0435\u0442 \u0434\u0432\u0430 \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u0430. \u041f\u0435\u0440\u0432\u044b\u0439 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0431\u0435\u043b\u043e\u0433\u043e \u0442\u0435\u043a\u0441\u0442\u0430 \u043d\u0430 \u0431\u0435\u043b\u043e\u043c \u0444\u043e\u043d\u0435, \u0430 \u0432\u0442\u043e\u0440\u043e\u0439 \u0438\u0441\u043a\u0430\u0436\u0430\u0435\u0442 \u0438 \u0434\u0435\u0444\u043e\u0440\u043c\u0438\u0440\u0443\u0435\u0442 \u0442\u0435\u043a\u0441\u0442 \u043f\u043e\u0434 \u0440\u0430\u0437\u043d\u044b\u043c\u0438 \u0443\u0433\u043b\u0430\u043c\u0438.\n\n\u041c\u043e\u0434\u0435\u043b\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u0434\u0430\u0435\u0442\u0441\u044f \u043a\u043e\u043c\u0430\u043d\u0434\u0430 \u0437\u0430\u0433\u0440\u0443\u0437\u0438\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0435 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0438, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0435 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f, \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u043e\u0447\u0438\u0442\u0430\u0442\u044c \u0442\u0435\u043a\u0441\u0442, \u0430 \u0437\u0430\u0442\u0435\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b.\n\n7. Sysdig \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u043f\u0435\u0440\u0432\u0443\u044e \u0430\u0442\u0430\u043a\u0443 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c ransomware, \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0418\u0418. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b \u0418\u0418-\u0430\u0433\u0435\u043d\u0442\u0430 \u0434\u043b\u044f \u0432\u0437\u043b\u043e\u043c\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 Langflow, \u043a\u0440\u0430\u0436\u0438 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u0430 \u0437\u0430\u0442\u0435\u043c \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044f.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Sysdig, \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0443-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c \u0431\u044b\u043b\u043e \u043d\u0435\u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e \u0440\u0430\u0441\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u0442\u044c, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0418\u0418-\u0430\u0433\u0435\u043d\u0442 \u043d\u0438\u0433\u0434\u0435 \u043d\u0435 \u0445\u0440\u0430\u043d\u0438\u043b \u043a\u043b\u044e\u0447 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f. \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442 \u044d\u0442\u0443 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044e \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c JADEPUFFER.\n\n\u0418\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u043c \u043f\u0440\u043e\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u044f \u0441\u0442\u0430\u043b\u0430 \u0441\u0442\u0430\u0440\u0430\u044f, \u0443\u0436\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f CVE-2025-3248, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 Langflow, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u044e\u0431\u043e\u043c\u0443, \u043a\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0435\u0440\u0432\u0435\u0440\u0443, \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043d\u0430 \u043d\u0435\u043c \u0441\u0432\u043e\u0439 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 Python \u0431\u0435\u0437 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 Langflow 1.3.0 \u0438 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0441\u043f\u0438\u0441\u043e\u043a \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 CISA \u0432 \u043c\u0430\u0435 2025 \u0433\u043e\u0434\u0430, \u043d\u043e \u043c\u043d\u043e\u0433\u0438\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u044b \u0442\u0430\u043a \u0438 \u043d\u0435 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u044b.\n\n8. Argo CD, \u0448\u0438\u0440\u043e\u043a\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0439 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u0434\u043b\u044f \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u041f\u041e \u0432 Kubernetes, \u0438\u043c\u0435\u0435\u0442 \u043d\u0435\u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 repo-server, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043a\u043e\u0434 \u043f\u0440\u0438 \u0443\u0441\u043b\u043e\u0432\u0438\u0438, \u0447\u0442\u043e \u043e\u043d \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0435\u043c\u0443 \u0441\u0435\u0442\u0435\u0432\u043e\u043c\u0443 \u043f\u043e\u0440\u0442\u0443 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 Synacktiv, \u0437\u0430\u044f\u0432\u043b\u044f\u044f, \u0447\u0442\u043e \u043e\u043d\u0430 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043f\u043e\u043b\u043d\u043e\u043c\u0443 \u0437\u0430\u0445\u0432\u0430\u0442\u0443 \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u0430. \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430 \u043e \u043d\u0435\u0439 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430\u043c \u0432 \u044f\u043d\u0432\u0430\u0440\u0435 2025. \u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u043d\u0435\u0442, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0437\u0430\u0449\u0438\u0442\u0430 \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0438\u0437\u043e\u043b\u044f\u0446\u0438\u0438.\u00a0", "creation_timestamp": "2026-07-14T00:00:47.387978Z"}, {"uuid": "dbc538d1-023b-486a-9212-101005e32c75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50548", "type": "seen", "source": "https://t.me/bhhub/1200", "content": "Weekly 8 AI &amp; Cyber signals to act on (Jun 25 \u2013 Jul 4, 2026)\n\n#AISecurity@bhhub \n\n\u2728 DuneSlide (CVE-2026-50548 &amp; CVE-2026-50549): Zero-Click Prompt Injection Escapes Cursor IDE Sandbox With CVSS 9.8 RCE\nURL\nCato AI Labs disclosed two independent CVSS 9.8 vulnerabilities in Cursor IDE \u2014 used by 50%+ of Fortune 500 \u2014 that allow a prompt injection delivered via an MCP server or poisoned web search result to escape the editor's sandbox and achieve full OS-level remote code execution with no user interaction beyond making a normal prompt.\n\n\u2728 DGuardFall: Decades-Old Shell Injection Bypasses Command Guards in Popular Open-Source AI Coding Agents\nURL\nAdversa AI disclosed a universal shell injection vulnerability class (GuardFall) in open-source AI coding agents, showing that 30-year-old shell quoting bypass techniques defeat the pattern-based command guards used in popular agents and allow prompt injection to reach bash with the operator's full authority.\n\n\u2728 Agentjacking: Fake Sentry Error Reports Hijack AI Coding Agents With 85% Success Rate Across 2,388 Exposed Organizations\nURL\nTenet Threat Labs demonstrated that an attacker with a target's Sentry DSN key can inject crafted \"error reports\" that AI coding agents (Claude Code, Cursor, Codex) interpret as legitimate diagnostic guidance and execute \u2014 achieving 85% exploitation success in controlled testing and identifying 2,388 organizations with exposed DSNs.\n\n#AppSec@bhhub \n\n\u2728 Fake AI Agent Skill Cleared Every Security Scanner and Reportedly Reached 26,000 Agents via Mutable External Link\nURL\nSecurity firm AIR built a fake AI agent skill that passed Cisco and NVIDIA scanners by deferring payload delivery to a mutable external link \u2014 scanners approved the skill clean, and the link's target was swapped post-review \u2014 reportedly reaching 26,000 agents including corporate accounts before AIR pulled it.\n\n\u2728 Microsoft Documents MCP Tool-Poisoning Kill Chain Against Copilot Studio Finance Agent and Maps Defenses to Each Stage\nURL\nMicrosoft's Security Blog documented a complete MCP tool-poisoning attack chain against a Copilot Studio finance agent, tracing how a poisoned tool description causes the agent to silently exfiltrate company data, and mapping Microsoft's Prompt Shields, Purview DLP, and runtime monitoring controls to each stage of the kill chain.\n\n#RedTeam@bhhub \n\n\u2728 Collaborative-Adversarial Jailbreaking: IMA Attack Achieves 89% Success Against Multi-Agent Systems at Scale\nURL\nA peer-reviewed study in Neural Networks introduces the IMA (Injection via Multi-Agent) attack, which achieves 89% jailbreak success against multi-agent code generation systems including MetaGPT and CrewAI \u2014 significantly outperforming single-agent baselines \u2014 by exploiting the fact that multi-agent collaboration amplifies harm propagation rather than containing it.\n\n#BlueTeam@bhhub\n\n\u2728 Google DeepMind AI Control Roadmap v0.1: Structural Containment Framework for Potentially Misaligned Internal AI Agents\nURL\nGoogle DeepMind published its AI Control Roadmap v0.1, treating AI agent misbehavior as an engineering requirement rather than an alignment failure \u2014 and mapping defense-in-depth controls (Detection D1\u2013D4, Prevention/Response R1\u2013R3) specifically for internal agents that must be assumed potentially misaligned.", "creation_timestamp": "2026-07-14T12:00:05.022362Z"}, {"uuid": "7d3b3468-dfac-4fa8-af17-55f84acd5bb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50549", "type": "seen", "source": "https://t.me/bhhub/1200", "content": "Weekly 8 AI &amp; Cyber signals to act on (Jun 25 \u2013 Jul 4, 2026)\n\n#AISecurity@bhhub \n\n\u2728 DuneSlide (CVE-2026-50548 &amp; CVE-2026-50549): Zero-Click Prompt Injection Escapes Cursor IDE Sandbox With CVSS 9.8 RCE\nURL\nCato AI Labs disclosed two independent CVSS 9.8 vulnerabilities in Cursor IDE \u2014 used by 50%+ of Fortune 500 \u2014 that allow a prompt injection delivered via an MCP server or poisoned web search result to escape the editor's sandbox and achieve full OS-level remote code execution with no user interaction beyond making a normal prompt.\n\n\u2728 DGuardFall: Decades-Old Shell Injection Bypasses Command Guards in Popular Open-Source AI Coding Agents\nURL\nAdversa AI disclosed a universal shell injection vulnerability class (GuardFall) in open-source AI coding agents, showing that 30-year-old shell quoting bypass techniques defeat the pattern-based command guards used in popular agents and allow prompt injection to reach bash with the operator's full authority.\n\n\u2728 Agentjacking: Fake Sentry Error Reports Hijack AI Coding Agents With 85% Success Rate Across 2,388 Exposed Organizations\nURL\nTenet Threat Labs demonstrated that an attacker with a target's Sentry DSN key can inject crafted \"error reports\" that AI coding agents (Claude Code, Cursor, Codex) interpret as legitimate diagnostic guidance and execute \u2014 achieving 85% exploitation success in controlled testing and identifying 2,388 organizations with exposed DSNs.\n\n#AppSec@bhhub \n\n\u2728 Fake AI Agent Skill Cleared Every Security Scanner and Reportedly Reached 26,000 Agents via Mutable External Link\nURL\nSecurity firm AIR built a fake AI agent skill that passed Cisco and NVIDIA scanners by deferring payload delivery to a mutable external link \u2014 scanners approved the skill clean, and the link's target was swapped post-review \u2014 reportedly reaching 26,000 agents including corporate accounts before AIR pulled it.\n\n\u2728 Microsoft Documents MCP Tool-Poisoning Kill Chain Against Copilot Studio Finance Agent and Maps Defenses to Each Stage\nURL\nMicrosoft's Security Blog documented a complete MCP tool-poisoning attack chain against a Copilot Studio finance agent, tracing how a poisoned tool description causes the agent to silently exfiltrate company data, and mapping Microsoft's Prompt Shields, Purview DLP, and runtime monitoring controls to each stage of the kill chain.\n\n#RedTeam@bhhub \n\n\u2728 Collaborative-Adversarial Jailbreaking: IMA Attack Achieves 89% Success Against Multi-Agent Systems at Scale\nURL\nA peer-reviewed study in Neural Networks introduces the IMA (Injection via Multi-Agent) attack, which achieves 89% jailbreak success against multi-agent code generation systems including MetaGPT and CrewAI \u2014 significantly outperforming single-agent baselines \u2014 by exploiting the fact that multi-agent collaboration amplifies harm propagation rather than containing it.\n\n#BlueTeam@bhhub\n\n\u2728 Google DeepMind AI Control Roadmap v0.1: Structural Containment Framework for Potentially Misaligned Internal AI Agents\nURL\nGoogle DeepMind published its AI Control Roadmap v0.1, treating AI agent misbehavior as an engineering requirement rather than an alignment failure \u2014 and mapping defense-in-depth controls (Detection D1\u2013D4, Prevention/Response R1\u2013R3) specifically for internal agents that must be assumed potentially misaligned.", "creation_timestamp": "2026-07-14T12:00:05.077589Z"}, {"uuid": "2239c4c5-b5dd-4189-ab5e-70ea6e188f15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50548", "type": "seen", "source": "https://t.me/bhhub/1200", "content": "Weekly 8 AI &amp; Cyber signals to act on (Jun 25 \u2013 Jul 4, 2026)\n\n#AISecurity@bhhub \n\n\u2728 DuneSlide (CVE-2026-50548 &amp; CVE-2026-50549): Zero-Click Prompt Injection Escapes Cursor IDE Sandbox With CVSS 9.8 RCE\nURL\nCato AI Labs disclosed two independent CVSS 9.8 vulnerabilities in Cursor IDE \u2014 used by 50%+ of Fortune 500 \u2014 that allow a prompt injection delivered via an MCP server or poisoned web search result to escape the editor's sandbox and achieve full OS-level remote code execution with no user interaction beyond making a normal prompt.\n\n\u2728 DGuardFall: Decades-Old Shell Injection Bypasses Command Guards in Popular Open-Source AI Coding Agents\nURL\nAdversa AI disclosed a universal shell injection vulnerability class (GuardFall) in open-source AI coding agents, showing that 30-year-old shell quoting bypass techniques defeat the pattern-based command guards used in popular agents and allow prompt injection to reach bash with the operator's full authority.\n\n\u2728 Agentjacking: Fake Sentry Error Reports Hijack AI Coding Agents With 85% Success Rate Across 2,388 Exposed Organizations\nURL\nTenet Threat Labs demonstrated that an attacker with a target's Sentry DSN key can inject crafted \"error reports\" that AI coding agents (Claude Code, Cursor, Codex) interpret as legitimate diagnostic guidance and execute \u2014 achieving 85% exploitation success in controlled testing and identifying 2,388 organizations with exposed DSNs.\n\n#AppSec@bhhub \n\n\u2728 Fake AI Agent Skill Cleared Every Security Scanner and Reportedly Reached 26,000 Agents via Mutable External Link\nURL\nSecurity firm AIR built a fake AI agent skill that passed Cisco and NVIDIA scanners by deferring payload delivery to a mutable external link \u2014 scanners approved the skill clean, and the link's target was swapped post-review \u2014 reportedly reaching 26,000 agents including corporate accounts before AIR pulled it.\n\n\u2728 Microsoft Documents MCP Tool-Poisoning Kill Chain Against Copilot Studio Finance Agent and Maps Defenses to Each Stage\nURL\nMicrosoft's Security Blog documented a complete MCP tool-poisoning attack chain against a Copilot Studio finance agent, tracing how a poisoned tool description causes the agent to silently exfiltrate company data, and mapping Microsoft's Prompt Shields, Purview DLP, and runtime monitoring controls to each stage of the kill chain.\n\n#RedTeam@bhhub \n\n\u2728 Collaborative-Adversarial Jailbreaking: IMA Attack Achieves 89% Success Against Multi-Agent Systems at Scale\nURL\nA peer-reviewed study in Neural Networks introduces the IMA (Injection via Multi-Agent) attack, which achieves 89% jailbreak success against multi-agent code generation systems including MetaGPT and CrewAI \u2014 significantly outperforming single-agent baselines \u2014 by exploiting the fact that multi-agent collaboration amplifies harm propagation rather than containing it.\n\n#BlueTeam@bhhub\n\n\u2728 Google DeepMind AI Control Roadmap v0.1: Structural Containment Framework for Potentially Misaligned Internal AI Agents\nURL\nGoogle DeepMind published its AI Control Roadmap v0.1, treating AI agent misbehavior as an engineering requirement rather than an alignment failure \u2014 and mapping defense-in-depth controls (Detection D1\u2013D4, Prevention/Response R1\u2013R3) specifically for internal agents that must be assumed potentially misaligned.", "creation_timestamp": "2026-07-15T00:00:24.938889Z"}, {"uuid": "9295d679-310c-466a-b031-259dface298e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50549", "type": "seen", "source": "https://t.me/bhhub/1200", "content": "Weekly 8 AI &amp; Cyber signals to act on (Jun 25 \u2013 Jul 4, 2026)\n\n#AISecurity@bhhub \n\n\u2728 DuneSlide (CVE-2026-50548 &amp; CVE-2026-50549): Zero-Click Prompt Injection Escapes Cursor IDE Sandbox With CVSS 9.8 RCE\nURL\nCato AI Labs disclosed two independent CVSS 9.8 vulnerabilities in Cursor IDE \u2014 used by 50%+ of Fortune 500 \u2014 that allow a prompt injection delivered via an MCP server or poisoned web search result to escape the editor's sandbox and achieve full OS-level remote code execution with no user interaction beyond making a normal prompt.\n\n\u2728 DGuardFall: Decades-Old Shell Injection Bypasses Command Guards in Popular Open-Source AI Coding Agents\nURL\nAdversa AI disclosed a universal shell injection vulnerability class (GuardFall) in open-source AI coding agents, showing that 30-year-old shell quoting bypass techniques defeat the pattern-based command guards used in popular agents and allow prompt injection to reach bash with the operator's full authority.\n\n\u2728 Agentjacking: Fake Sentry Error Reports Hijack AI Coding Agents With 85% Success Rate Across 2,388 Exposed Organizations\nURL\nTenet Threat Labs demonstrated that an attacker with a target's Sentry DSN key can inject crafted \"error reports\" that AI coding agents (Claude Code, Cursor, Codex) interpret as legitimate diagnostic guidance and execute \u2014 achieving 85% exploitation success in controlled testing and identifying 2,388 organizations with exposed DSNs.\n\n#AppSec@bhhub \n\n\u2728 Fake AI Agent Skill Cleared Every Security Scanner and Reportedly Reached 26,000 Agents via Mutable External Link\nURL\nSecurity firm AIR built a fake AI agent skill that passed Cisco and NVIDIA scanners by deferring payload delivery to a mutable external link \u2014 scanners approved the skill clean, and the link's target was swapped post-review \u2014 reportedly reaching 26,000 agents including corporate accounts before AIR pulled it.\n\n\u2728 Microsoft Documents MCP Tool-Poisoning Kill Chain Against Copilot Studio Finance Agent and Maps Defenses to Each Stage\nURL\nMicrosoft's Security Blog documented a complete MCP tool-poisoning attack chain against a Copilot Studio finance agent, tracing how a poisoned tool description causes the agent to silently exfiltrate company data, and mapping Microsoft's Prompt Shields, Purview DLP, and runtime monitoring controls to each stage of the kill chain.\n\n#RedTeam@bhhub \n\n\u2728 Collaborative-Adversarial Jailbreaking: IMA Attack Achieves 89% Success Against Multi-Agent Systems at Scale\nURL\nA peer-reviewed study in Neural Networks introduces the IMA (Injection via Multi-Agent) attack, which achieves 89% jailbreak success against multi-agent code generation systems including MetaGPT and CrewAI \u2014 significantly outperforming single-agent baselines \u2014 by exploiting the fact that multi-agent collaboration amplifies harm propagation rather than containing it.\n\n#BlueTeam@bhhub\n\n\u2728 Google DeepMind AI Control Roadmap v0.1: Structural Containment Framework for Potentially Misaligned Internal AI Agents\nURL\nGoogle DeepMind published its AI Control Roadmap v0.1, treating AI agent misbehavior as an engineering requirement rather than an alignment failure \u2014 and mapping defense-in-depth controls (Detection D1\u2013D4, Prevention/Response R1\u2013R3) specifically for internal agents that must be assumed potentially misaligned.", "creation_timestamp": "2026-07-15T00:00:24.964124Z"}, {"uuid": "fed9beec-233b-4aef-a5f1-dcf6ffb7bc0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50548", "type": "published-proof-of-concept", "source": "https://t.me/thehackernews/9385", "content": "\ud83d\uded1 Two Cursor vulnerabilities could let hidden prompt-injection instructions escape the editor\u2019s terminal sandbox and run commands on a developer\u2019s machine.\n\nTracked as CVE-2026-50548 and CVE-2026-50549, they affect versions before 3.0.\n\nSee how it works: https://thehackernews.com/2026/07/critical-cursor-flaws-could-let-prompt.html", "creation_timestamp": "2026-07-15T12:00:03.655703Z"}, {"uuid": "08755357-cf77-4bd9-8cfa-0ae4b18dea56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50549", "type": "published-proof-of-concept", "source": "https://t.me/thehackernews/9385", "content": "\ud83d\uded1 Two Cursor vulnerabilities could let hidden prompt-injection instructions escape the editor\u2019s terminal sandbox and run commands on a developer\u2019s machine.\n\nTracked as CVE-2026-50548 and CVE-2026-50549, they affect versions before 3.0.\n\nSee how it works: https://thehackernews.com/2026/07/critical-cursor-flaws-could-let-prompt.html", "creation_timestamp": "2026-07-15T12:00:03.699315Z"}, {"uuid": "005cc1f4-88f2-4ada-bdb3-98b8f2946ec8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50548", "type": "published-proof-of-concept", "source": "https://t.me/thehackernews/9385", "content": "\ud83d\uded1 Two Cursor vulnerabilities could let hidden prompt-injection instructions escape the editor\u2019s terminal sandbox and run commands on a developer\u2019s machine.\n\nTracked as CVE-2026-50548 and CVE-2026-50549, they affect versions before 3.0.\n\nSee how it works: https://thehackernews.com/2026/07/critical-cursor-flaws-could-let-prompt.html", "creation_timestamp": "2026-07-16T00:00:19.425327Z"}, {"uuid": "980e32f5-f220-4438-9443-a12c3212a427", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50549", "type": "published-proof-of-concept", "source": "https://t.me/thehackernews/9385", "content": "\ud83d\uded1 Two Cursor vulnerabilities could let hidden prompt-injection instructions escape the editor\u2019s terminal sandbox and run commands on a developer\u2019s machine.\n\nTracked as CVE-2026-50548 and CVE-2026-50549, they affect versions before 3.0.\n\nSee how it works: https://thehackernews.com/2026/07/critical-cursor-flaws-could-let-prompt.html", "creation_timestamp": "2026-07-16T00:00:19.453902Z"}]}