ELEVATED 4 min read 29 Jun 2026

CVE-2026-55200 libssh2 Leads 29 June Developer and Component Patch Routing

Today’s intelligence renders 26 findings: 23 new action items and 3 updates to ongoing supply-chain stories. The emphasis is component patching, developer tooling, AI artefact intake and frontend trust controls. 18 further items tracked below.

Key findings
01
CVE-2026-55200 libssh2 unchecked packet_length out-of-bounds write
CRITICAL
CVSS 9.2 critical · CWE-680 Integer Overflow to Buffer Overflow · EPSS 56th percentile. CVE-2026-55200 is newly promoted in today’s intelligence as a libssh2 unchecked packet_length out-of-bounds write. The brief routes this to Linux, container base-image, appliance and embedded-product owners that ship libssh2.
CVE-2026-55200
02
JetBrains Hub fixed builds close account-linking privilege escalation
CRITICAL
CVSS 9.6 critical · CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes · EPSS 34th percentile. JetBrains Hub fixed builds are newly promoted for closing an account-linking privilege escalation. This is a NEW finding in the brief, not one of today’s UPDATED items.
CVE-2026-56142
03
Azure AD OAuth implementation weakness affects state handling and audit integrity
CRITICAL
CVSS 9.3 critical · CWE-384 Session Fixation · EPSS 17th percentile. The Azure AD OAuth implementation weakness is newly promoted for state handling and audit integrity concerns. The brief routes it to applications matching the affected implementation.
CVE-2026-56425
04
picklescan bypass cluster misses malicious pickle payloads used in ML artifacts
HIGH
CVSS 7.6 high · CWE-502 Deserialization of Untrusted Data · EPSS 32th percentile. picklescan bypasses are newly promoted because the cluster can miss malicious pickle payloads used in ML artefacts. The brief routes this to model-ingestion pipelines.
CVE-2025-71348
05
CVE-2026-3195/CVE-2026-3196 QEMU-KVM virtio-snd memory issues
HIGH
CVSS 7.4 high · CWE-122 Heap-based Buffer Overflow · EPSS 2th percentile. CVE-2026-3195 and CVE-2026-3196 are newly promoted as QEMU-KVM virtio-snd memory issues. The brief asks virtualisation owners to validate whether virtio-snd is enabled in hosted VM profiles.
CVE-2026-3195
06
qSnapper privileged D-Bus flaws can bypass polkit or cross user/auth boundaries
HIGH
CVSS 8.1 high · CWE-367 Time-of-check Time-of-use Race Condition · EPSS 3th percentile. qSnapper privileged D-Bus flaws are newly promoted because they can bypass polkit or cross user/auth boundaries. The brief routes this to privileged Linux desktop and admin workstation exposure.
CVE-2026-41045
07
radvd 2.21 patches radvdump stack overflow in IPv6 Route Information parsing
HIGH
CVSS 7.7 high · CWE-121 Stack-based Buffer Overflow · EPSS 10th percentile. radvd 2.21 is newly promoted because it patches a radvdump stack overflow in IPv6 Route Information parsing. The brief names radvd 2.21 and upstream commit 068bde13e3fd6a5fcdb6859e6a2acd293a325dc5 as routing points.
CVE-2026-48715
08
Angular Language Service VS Code extension exposes developer-host command execution
HIGH
CVSS 8.7 high · CWE-79 Cross-site Scripting · EPSS 16th percentile. The Angular Language Service VS Code extension is newly promoted for developer-host command execution exposure. The brief routes the item to extension-version audit and update work.
CVE-2026-50178
09
JetBrains GoLand 2026.1.3 fixes untrusted-project remote code execution
HIGH
CVSS 7.1 high · CWE-73 · EPSS 17th percentile. JetBrains GoLand 2026.1.3 is newly promoted for fixing untrusted-project remote code execution. The brief routes this to developer workstation owners.
CVE-2026-53915
10
Angular common DatePipe denial-of-service needs framework patch routing
HIGH
CVSS 8.2 high · CWE-400 Uncontrolled Resource Consumption · EPSS 25th percentile. Angular common DatePipe denial-of-service is newly promoted for framework patch routing. The brief routes it to applications using affected Angular versions and user-controlled format strings.
CVE-2026-54268
11
CISA sets urgent deadline to fix Cisco flaw exploited in attacks
MEDIUM
[Medium] The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is giving federal agencies until Sunday to patch a vulnerability in Cisco Unified Communications Manager Server that is being actively exploited.
12
Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack
MEDIUM
[Medium] Cybersecurity researchers have flagged yet another evolution of the supply chain attack linked to the Mini Shai-Hulud, Miasma, and Hades malware family that has compromised a new set of npm packages, even as it has propagated to the Go ecosystem.
13
Polymarket customers lose $3 million in supply-chain attack
MEDIUM
[Medium] Polymarket says it will fully reimburse customers who lost an estimated $3 million after hackers injected a malicious script into the platform's frontend following a breach at a third-party vendor.

CVE-2026-55200 libssh2 unchecked packetlength out-of-bounds write

CVE-2026-55200 is newly promoted in today’s intelligence as a libssh2 unchecked packetlength out-of-bounds write. The brief routes this to Linux, container base-image, appliance and embedded-product owners that ship libssh2.

Recommended action: identify libssh2 exposure in packaged products and base images, then track vendor package updates.

Identifiers: CVE-2026-55200

Sources: [Microsoft Security Update Guide](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55200)

JetBrains Hub fixed builds close account-linking privilege escalation

JetBrains Hub fixed builds are newly promoted for closing an account-linking privilege escalation. This is a NEW finding in the brief, not one of today’s UPDATED items.

Recommended action: update Hub to a fixed build and review recent account-linking or authentication-detail attachment events.

Identifiers: CVE-2026-56142

Sources: [NVD vulnerability record](https://nvd.nist.gov/vuln/detail/CVE-2026-56142); [JetBrains fixed issues page](https://www.jetbrains.com/privacy-security/issues-fixed/)

Azure AD OAuth implementation weakness affects state handling and audit integrity

The Azure AD OAuth implementation weakness is newly promoted for state handling and audit integrity concerns. The brief routes it to applications matching the affected implementation.

Recommended action: replace session-derived state values and sanitise OAuth error logging where the implementation matches.

Identifiers: CVE-2026-56425, GHSA-ch28-mjgc-m4wr

Sources: [NVD vulnerability record](https://nvd.nist.gov/vuln/detail/CVE-2026-56425); [GitHub advisory for Azure AD OAuth implementation](https://github.com/advisories/GHSA-ch28-mjgc-m4wr)

picklescan bypass cluster misses malicious pickle payloads used in ML artifacts

picklescan bypasses are newly promoted because the cluster can miss malicious pickle payloads used in ML artefacts. The brief routes this to model-ingestion pipelines.

Recommended action: upgrade picklescan to 0.0.30 where possible and verify that model-ingestion controls reject malicious pickle canaries.

Identifiers: CVE-2025-71348, CVE-2025-71357, CVE-2025-71378, GHSA-vv6j-3g6g-2pvj

Sources: [NVD vulnerability record](https://nvd.nist.gov/vuln/detail/CVE-2025-71348); [NVD vulnerability record](https://nvd.nist.gov/vuln/detail/CVE-2025-71357); [NVD vulnerability record](https://nvd.nist.gov/vuln/detail/CVE-2025-71378); [picklescan security advisory](https://github.com/mmaitre314/picklescan/security/advisories/GHSA-vv6j-3g6g-2pvj)

CVE-2026-3195/CVE-2026-3196 QEMU-KVM virtio-snd memory issues

CVE-2026-3195 and CVE-2026-3196 are newly promoted as QEMU-KVM virtio-snd memory issues. The brief asks virtualisation owners to validate whether virtio-snd is enabled in hosted VM profiles.

Recommended action: confirm virtio-snd exposure and track distribution package updates.

Identifiers: CVE-2026-3195, CVE-2026-3196

Sources: [Microsoft Security Update Guide](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3195); [Microsoft Security Update Guide](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3196)

qSnapper privileged D-Bus flaws can bypass polkit or cross user/auth boundaries

qSnapper privileged D-Bus flaws are newly promoted because they can bypass polkit or cross user/auth boundaries. The brief routes this to privileged Linux desktop and admin workstation exposure.

Recommended action: update qSnapper to 1.3.3 or later and restrict privileged workstation exposure until patched.

Identifiers: CVE-2026-41045, CVE-2026-41046, GHSA-3hfq-9fxf-h35p

Sources: [NVD vulnerability record](https://nvd.nist.gov/vuln/detail/CVE-2026-41045); [NVD vulnerability record](https://nvd.nist.gov/vuln/detail/CVE-2026-41046); [oss-sec qSnapper disclosure](https://seclists.org/oss-sec/2026/q2/702); [GitHub advisory for qSnapper](https://github.com/advisories/GHSA-3hfq-9fxf-h35p)

radvd 2.21 patches radvdump stack overflow in IPv6 Route Information parsing

radvd 2.21 is newly promoted because it patches a radvdump stack overflow in IPv6 Route Information parsing. The brief names radvd 2.21 and upstream commit 068bde13e3fd6a5fcdb6859e6a2acd293a325dc5 as routing points.

Recommended action: patch to radvd 2.21 or carry the upstream commit, and restrict radvdump to trusted local-link diagnostics.

Identifiers: CVE-2026-48715, GHSA-52px-gh9p-m379

Sources: [NVD vulnerability record](https://nvd.nist.gov/vuln/detail/CVE-2026-48715); [radvd security advisory](https://github.com/radvd-project/radvd/security/advisories/GHSA-52px-gh9p-m379); [radvd upstream commit](https://github.com/radvd-project/radvd/commit/068bde13e3fd6a5fcdb6859e6a2acd293a325dc5)

Angular Language Service VS Code extension exposes developer-host command execution

The Angular Language Service VS Code extension is newly promoted for developer-host command execution exposure. The brief routes the item to extension-version audit and update work.

Recommended action: update Angular.ng-template to 21.2.4 or later and audit extension versions on developer hosts.

Identifiers: CVE-2026-50178

Sources: [NVD vulnerability record](https://nvd.nist.gov/vuln/detail/CVE-2026-50178); [Penligent Angular Language Service research](https://www.penligent.ai/hackinglabs/cve-2026-50178/)

JetBrains GoLand 2026.1.3 fixes untrusted-project remote code execution

JetBrains GoLand 2026.1.3 is newly promoted for fixing untrusted-project remote code execution. The brief routes this to developer workstation owners.

Recommended action: update GoLand developer workstations to 2026.1.3 or later and avoid opening untrusted repositories on unpatched IDE builds.

Identifiers: CVE-2026-53915

Sources: [NVD vulnerability record](https://nvd.nist.gov/vuln/detail/CVE-2026-53915); [JetBrains fixed issues page](https://www.jetbrains.com/privacy-security/issues-fixed/)

Angular common DatePipe denial-of-service needs framework patch routing

Angular common DatePipe denial-of-service is newly promoted for framework patch routing. The brief routes it to applications using affected Angular versions and user-controlled format strings.

Recommended action: update Angular to 22.0.1, 21.2.17 or 20.3.25 and review user-controlled format strings.

Identifiers: CVE-2026-54268, GHSA-48r7-hpm6-gfxm

Sources: [NVD vulnerability record](https://nvd.nist.gov/vuln/detail/CVE-2026-54268); [GitHub advisory for Angular DatePipe](https://github.com/advisories/GHSA-48r7-hpm6-gfxm)

Also tracked

  • CVE-2026-57456 Vim arbitrary code execution via Python omni-completion docstrings · CVE-2026-57456 · High
  • MSRC adds Linux kernel media/dvb-core race condition advisory · CVE-2024-24864 · Medium
  • vLLM ReDoS flaws can degrade exposed model-serving endpoints · CVE-2025-71379 · Medium
  • CVE-2026-46448 OpenStack Nova server create API hidden-property handling · CVE-2026-46448 · Medium
  • CVE-2026-48142 NGINX ngxhttpcharsetmodule vulnerability · CVE-2026-48142 · Medium
  • CVE-2026-53655 node-tar PAX file-smuggling parser differential · CVE-2026-53655 · Medium
  • pnpm: Repository config can expand victim environment secrets into registry requ · CVE-2026-55180 · Medium
  • CVE-2026-55655 OpenSSH X11 forwarding local MITM issue · CVE-2026-55655 · Medium
  • CVE-2026-56131/CVE-2026-56132 libexpat before 2.8.2 parser memory-safety batch · CVE-2026-56131 · Medium
  • ImageMagick PCD decoder heap read reaches media-ingestion patch queue · CVE-2026-56378 · Medium
  • IBM Datacap can expose passwords and cryptographic keys from memory · CVE-2026-8636 · Medium
  • MSRC adds Linux Bluetooth MGMT crash advisory · CVE-2025-40213 · Notscored
  • Miasma expands from npm/GitHub Actions into Go module compromise
  • Amazon Q Developer MCP config flaw patch reaches developer-control-plane queue
  • Polymarket names frontend supply-chain incident with estimated $3M user loss
  • Turla STOCKSTAY backdoor disclosed for Ukraine and Italy-policy espionage
  • pnpm patch-remove deletion-scope flaw fixed
  • CISA sets urgent deadline to fix Cisco flaw exploited in attacks

CISA sets urgent deadline to fix Cisco flaw exploited in attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is giving federal agencies until Sunday to patch a vulnerability in Cisco Unified Communications Manager Server that is being actively exploited. [...]

Sources: https://www.bleepingcomputer.com/news/security/cisa-sets-urgent-deadline-to-fix-cisco-flaw-exploited-in-attacks/

Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack

Cybersecurity researchers have flagged yet another evolution of the supply chain attack linked to the Mini Shai-Hulud, Miasma, and Hades malware family that has compromised a new set of npm packages, even as it has propagated to the Go ecosystem. "The latest activity includes malicious npm releases

Sources: https://thehackernews.com/2026/06/miasma-malware-targets-npm-packages-and.html

Polymarket customers lose $3 million in supply-chain attack

Polymarket says it will fully reimburse customers who lost an estimated $3 million after hackers injected a malicious script into the platform's frontend following a breach at a third-party vendor. [...]

Sources: https://www.bleepingcomputer.com/news/security/polymarket-customers-lose-3-million-in-supply-chain-attack/

angularcve-2025-71348cve-2026-3195cve-2026-41045cve-2026-48715cve-2026-50178cve-2026-53915cve-2026-54268cve-2026-55200cve-2026-56142

Act on this brief

Map detection coverage gaps for the techniques above, or generate Sigma rules from the named CVEs.

Try DCV Try CloudSigma ← Back to feed