‘Orca Watch’ Series
Kyverno SSRF: Breaking Kubernetes Namespace Isolation (CVE-2026-4789)
A critical SSRF (Server-Side Request Forgery, where an attacker tricks a server into making HTTP requests on their behalf) vulnerability...
All articles by Igor Stepansky
Discovered Vulnerabilities
CVE-2026-23226: How a Missing Lock in ksmbd’s Channel List Exposes Your Linux SMB3 Server
Table of contentsOverviewWhat Is ksmbd - and Why Does It Matter?Understanding SMB3 MultichannelThe Vulnerability - A Missing LockThe Broken Data...
Application Security
Supply Chain Attack on Axios Delivers Cross-Platform RAT via Compromised npm Account
Table of contentsQuick OverviewWhat is Axios?Technical AnalysisHow the account was compromisedThe phantom dependency trickInside the dropperPlatform-specific payloadsAnti-forensic evidence destructionAttack FlowAffected...
Discovered Vulnerabilities
Pickle in the Pipeline: Critical RCE Vulnerabilities in SGLang’s LLM Serving Framework
Table of contentsQuick OverviewCVSS RationaleWhat Is SGLang?Technical AnalysisRoot Cause: Python's pickle on Untrusted Network DataHow Pickle Deserialization Becomes Code ExecutionProposed...
‘Orca Watch’ Series
Critical CVE-2026-1731 Vulnerability in BeyondTrust Remote Support and PRA Exposes Systems to Remote Code Execution
Introduction A critical vulnerability (CVE-2026-1731, CVSS 9.9) was publicly disclosed on February 6, 2026 affecting BeyondTrust Remote Support (RS) and...
‘Orca Watch’ Series
Path Traversal in Rancher Local Path Provisioner Enables Host Filesystem Compromise Across K3s Clusters
Introduction A critical vulnerability (CVE-2025-62878, CVSS 10.0) was disclosed on February 4, 2026 affecting all versions of Rancher's Local Path...
‘Orca Watch’ Series
Critical RCE in vLLM Allows Server Takeover via Malicious Video URL (CVE-2026-22778)
Introduction A critical vulnerability (CVE-2026-22778, CVSS 9.8) was disclosed on February 2, 2026, affecting vLLM, a widely-deployed Python library for...
‘Orca Watch’ Series
Notepad++ Update Mechanism Hijacked by State-Sponsored Actors for Six Months
Introduction State-sponsored attackers compromised Notepad++'s hosting infrastructure from June through December 2025, hijacking the application's update mechanism to deliver malicious...
‘Orca Watch’ Series
Critical n8n Sandbox Escape Enables Remote Code Execution
A critical vulnerability (CVE-2026-1470, CVSS 9.9) was disclosed on January 27, 2026 affecting n8n, the popular open-source workflow automation platform....
Personalized Demo
See Orca Security in Action
Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.
Chat with Us
See Orca Security in Action
Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.
Chat with an Orca ExpertNo Slack account required.