ZeroPath Blog & Research
Explore our team's latest research and stay up to date with ZeroPath's capabilities.

CVE Analysis
•2026-06-12
•12 min read
vm2 Sandbox Escape to Host RCE (CVE-2026-47131): Technical Breakdown with PoC and Patch Analysis
A brief summary of CVE-2026-47131, a CVSS 10.0 sandbox escape in the vm2 Node.js library that allows full host remote code execution via prototype chain manipulation. Includes PoC details and patch analysis.
ZeroPath CVE Analysis

CVE Analysis
•2026-06-12
•12 min read
vm2 CVE-2026-47135: Brief Summary of a Cross-Realm Symbol Sandbox Escape in Node.js
A brief summary of CVE-2026-47135, a high-severity sandbox escape in the vm2 Node.js library caused by incomplete cross-realm symbol blocking and missing bridge trap checks. Includes patch analysis and mitigation guidance.
ZeroPath CVE Analysis

CVE Analysis
•2026-06-12
•10 min read
vm2 Sandbox Escape CVE-2026-47137: Quick Look at a CVSS 10.0 Patch Bypass Enabling Host RCE
A brief summary of CVE-2026-47137, a CVSS 10.0 sandbox escape in the vm2 Node.js library that bypasses a prior security patch through a strict equality flaw. Includes proof of concept, patch analysis, and affected version details.
ZeroPath CVE Analysis

CVE Analysis
•2026-06-12
•12 min read
vm2 CVE-2026-47139: Underscored Builtin Network Bypass Enables SSRF from Node.js Sandbox — Quick Look with PoC and Detection Guidance
A brief summary of CVE-2026-47139, a high severity sandbox bypass in vm2 for Node.js that allows sandboxed code to make network requests via underscored internal builtins despite explicit network module exclusions. Includes proof of concept details and detection strategies.
ZeroPath CVE Analysis

CVE Analysis
•2026-06-12
•12 min read
vm2 Sandbox Escape via Builtin Denylist Bypass: Overview of CVE-2026-47140 (CVSS 10.0)
A brief summary of CVE-2026-47140, a CVSS 10.0 sandbox escape in the vm2 Node.js library caused by incomplete denylist coverage of the process and inspector/promises builtins. Includes patch details, detection methods, and context on the broader 2026 vm2 CVE wave.
ZeroPath CVE Analysis

CVE Analysis
•2026-06-12
•12 min read
vm2 Sandbox Breakout via Promise Species Hijack (CVE-2026-47208): Technical Breakdown with PoC and Patch Analysis
A brief summary of CVE-2026-47208, a CVSS 10.0 sandbox escape in the vm2 Node.js library that allows full host RCE through a Promise Symbol.species hijack. Includes proof of concept details and patch analysis.
ZeroPath CVE Analysis

CVE Analysis
•2026-06-12
•12 min read
vm2 CVE-2026-47209: Brief Summary of the Bridge Proxy Set Trap Receiver Bypass
A short review of CVE-2026-47209, a high severity sandbox escape in the vm2 Node.js library where the Bridge Proxy set trap ignores the receiver parameter, allowing sandbox code to write properties directly to host objects. Includes patch analysis and affected version details.
ZeroPath CVE Analysis

CVE Analysis
•2026-06-12
•12 min read
vm2 Sandbox Escape via JSPI Promise Species Bypass (CVE-2026-47210): Technical Breakdown with PoC and Patch Analysis
A brief summary of CVE-2026-47210, a critical CVSS 9.8 sandbox escape in the vm2 Node.js library that leverages WebAssembly JSPI to bypass Promise species hardening and achieve arbitrary host process code execution. Includes public PoC details and patch analysis.
ZeroPath CVE Analysis

CVE Analysis
•2026-06-12
•10 min read
Brief Summary: CVE-2026-53787 Unauthenticated File Upload in Amasty Order Attributes for Magento 2
A short review of CVE-2026-53787, a critical unauthenticated arbitrary file upload vulnerability in Amasty Order Attributes for Magento 2 that can lead to remote code execution, stored XSS, and path traversal on affected stores.
ZeroPath CVE Analysis

CVE Analysis
•2026-06-12
•10 min read
GPTranslate WordPress Plugin CVE-2026-9109: Brief Summary of Unauthenticated Stored XSS via Exposed API Key and REST API
A short review of CVE-2026-9109, an unauthenticated stored XSS vulnerability in the GPTranslate WordPress plugin (versions up to 2.31) that leverages a deterministically derived API key exposed on every page. Includes patch details and affected version information.
ZeroPath CVE Analysis

CVE Analysis
•2026-06-12
•9 min read
WP Ticket Plugin CVE-2026-9848: Brief Summary of an Unauthenticated SQL Injection via WordPress Search
A brief summary of CVE-2026-9848, an unauthenticated SQL injection in the WP Ticket WordPress plugin that allows attackers to extract database contents through the standard search parameter without any authentication.
ZeroPath CVE Analysis

CVE Analysis
•2026-06-11
•10 min read
Keras CVE-2026-11816: Path Traversal via CWD Validation Bypass in Archive Extraction — Technical Breakdown with PoC
A brief summary of CVE-2026-11816, a high severity path traversal in Keras archive extraction that bypasses validation when the process working directory is the filesystem root. Includes proof of concept details and mitigation guidance.
ZeroPath CVE Analysis

CVE Analysis
•2026-06-11
•10 min read
MongoDB Server CVE-2026-11933: Use-After-Free in Server-Side JavaScript BSON Conversion — Quick Look
A brief summary of CVE-2026-11933, a high-severity use-after-free vulnerability in MongoDB Server's MozJS BSON binding layer that allows authenticated users with read privileges to disclose process memory or crash the server via $where or $function operators.
ZeroPath CVE Analysis

CVE Analysis
•2026-06-11
•9 min read
Spring Integration CVE-2026-40987: Path Traversal via Malicious Remote File Server — Quick Look
A brief summary of CVE-2026-40987, a high severity path traversal vulnerability in Spring Integration's remote file synchronizer that allows a malicious or compromised FTP, SFTP, or SMB server to write arbitrary files anywhere on the client filesystem.
ZeroPath CVE Analysis

CVE Analysis
•2026-06-11
•8 min read
Brief Summary: CVE-2026-40994 Spring Web Services BSP Enforcement Bypass via Insecure Default Initialization
A short review of CVE-2026-40994, a high severity insecure default in Spring Web Services where Wss4jSecurityInterceptor silently disables WS-I Basic Security Profile enforcement, allowing BSP-violating SOAP messages to pass validation on affected deployments.
ZeroPath CVE Analysis

CVE Analysis
•2026-06-11
•9 min read
Spring Web Services CVE-2026-40998: Brief Summary of the Jaxp13XPathTemplate XXE Bypass
A brief summary of CVE-2026-40998, a high severity XXE vulnerability in Spring Web Services where Jaxp13XPathTemplate bypasses Spring's hardened XML parser configuration when processing StreamSource and SAXSource inputs, exposing applications to file disclosure and SSRF.
ZeroPath CVE Analysis

CVE Analysis
•2026-06-11
•10 min read
Spring Web Services CVE-2026-40999: Brief Summary of a High Severity SSRF via WS-Addressing Headers
A short review of CVE-2026-40999, a high severity SSRF vulnerability in Spring Web Services where unvalidated WS-Addressing ReplyTo and FaultTo headers allow unauthenticated attackers to force outbound connections to arbitrary destinations. Includes patch details and affected version matrix.
ZeroPath CVE Analysis

CVE Analysis
•2026-06-11
•10 min read
Brief Summary: CVE-2026-41700 Cross-Site WebSocket Hijacking in Spring for GraphQL
A short review of CVE-2026-41700, a high severity Cross-Site WebSocket Hijacking vulnerability in Spring for GraphQL that allows attackers to execute arbitrary GraphQL operations using a victim's credentials when WebSocket transport and cookie-based authentication are in use.
ZeroPath CVE Analysis

CVE Analysis
•2026-06-11
•10 min read
Spring for GraphQL CVE-2026-41856: Overview of Authorization Bypass via Annotation Detection Failure in Type Hierarchies
A brief summary of CVE-2026-41856, a high severity authorization bypass in Spring for GraphQL where security annotations are silently ignored in controller type hierarchies. Includes patch details and affected version information.
ZeroPath CVE Analysis

CVE Analysis
•2026-06-11
•10 min read
Netty CVE-2026-44249: Brief Summary of the IPv6 Subnet Filter Bypass in IpSubnetFilterRule
A short review of CVE-2026-44249, a high severity IPv6 subnet filter bypass in Netty's IpSubnetFilterRule caused by incorrect bitwise masking and signed integer interpretation. Includes patch details, detection strategies, and affected version ranges.
ZeroPath CVE Analysis