Parse Server Authentication Bypass via partial authData; Successful exploitation Lead to Creating Valid User Session
Continue Reading
Microsoft Tuesday Patch March 2026 fixes 83 Vulnerabilities Including 2 Actively Exploited Zero-Days
Continue Reading
Summary : YARA is an open-source pattern matching engine widely used by malware researchers, SOC teams, and threat intelligence platforms to identify and classify malware using detection rules. It plays a critical role in malware analysis pipelines, endpoint detection systems, and threat hunting operations.
Kamil Frankowicz discovered that a number of YARA’s functions generated memory exceptions when processing specially crafted rules or files. A remote attacker could possibly use these issues to cause YARA to crash, resulting in a denial of service.
| OEM | Virus Total / YARA Project (Tool) |
| Severity | Critical |
| CVSS Score | 9.1 |
| CVEs | CVE-2021-3402, CVE-2021-45429, CVE-2019-19648, CVE-2018-19974, 2018-19975, 2018-19976 |
| POC Available | No |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
Ubuntu has released a security advisory addressing multiple vulnerabilities in YARA that could allow attackers to cause denial-of-service conditions, disclose sensitive information, or potentially execute arbitrary code when processing specially crafted files or rules.
These vulnerabilities affect Ubuntu 16.04 LTS, 18.04 LTS, and 20.04 LTS depending on the specific issue. Organizations using YARA in security monitoring systems, malware sandboxes, or automated threat detection workflows should apply the security updates immediately.
| Vulnerability Name | CVE ID | Product Affected | Severity | CVSS Score | Fixed Version |
| Mach-O Parser Overflow Read Vulnerability | CVE-2021-3402 | YARA | Critical | 9.1 | Updated Ubuntu packages |
| Mach-O File Parsing Out-of-Bounds Access | CVE-2019-19648 | YARA | High | 7.8 | Updated Ubuntu packages |
Technical Summary
The most critical vulnerability CVE-2021-3402 exists in the macho.c implementation used by YARA to parse Mach-O files.
The flaw allows specially crafted Mach-O files to trigger overflow reads, which could result in denial of service or potential information disclosure. Given its high CVSS score, this issue represents the most severe risk addressed in this advisory.
Another high-severity vulnerability CVE-2019-19648 affects the macho_parse_file() function. When parsing specially crafted Mach-O files, the function may trigger out-of-bounds memory access, potentially leading to application crashes or execution of malicious code in certain scenarios.
Because YARA is frequently integrated into malware analysis platforms and automated threat detection pipelines, successful exploitation could disrupt security monitoring operations or compromise malware analysis environments.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2021-3402 | YARA (Ubuntu 20.04) | Overflow read vulnerability in Mach-O parsing implementation | DoS, potential information disclosure |
| CVE-2019-19648 | YARA (Ubuntu 20.04) | Out-of-bound memory access during Mach-O file parsing | DoS or possible code execution |
Additional Vulnerabilities
The advisory also includes several medium-severity vulnerabilities affecting YARA components.
| CVE ID | Vulnerability Details | Impact |
| CVE-2021-45429 | Buffer overflow in yr_set_configuration() when parsing crafted rules | Denial of Service |
| CVE-2018-19976 | YARA virtual machine sandbox escape | Possible code execution |
| CVE-2018-19975 | VM sandbox escape vulnerability | Possible code execution |
| CVE-2018-19974 | Virtual machine security bypass | Possible code execution |
Potential Consequences
Remediation
Upgrade affected packages immediately to the patched versions provided by Ubuntu are mentioning below-
Released patches
| Ubuntu Release | Package | Fixed Version |
| Ubuntu 20.04 LTS | libyara3 | 3.9.0-1ubuntu0.1 esm1 |
| yara | 3.9.0-1ubuntu0.1 esm1 | |
| Ubuntu 18.04 LTS | libyara3 | 3.7.1-1ubuntu2+esm1 |
| yara | 3.7.1-1ubuntu2+esm1 | |
| Ubuntu 16.04 LTS | libyara3 | 3.4.0+dfsg-2ubuntu0.1 esm1 |
| python-yara | 3.4.0+dfsg-2ubuntu0.1 esm1 | |
| python3-yara | 3.4.0+dfsg-2ubuntu0.1 esm1 | |
| yara | 3.4.0+dfsg-2ubuntu0.1 esm1 |
If immediate patching is not possible, apply the following temporary mitigations –
You can follow the recommendations below as the best practice.
Conclusion:
Multiple vulnerabilities in YARA could allow attackers to disrupt malware detection processes or compromise analysis environments. The critical vulnerability CVE-2021-3402 and high-severity vulnerability CVE-2019-19648 pose the greatest risk and should be prioritized for remediation.
Organizations using YARA in SOC operations, malware analysis pipelines, or threat intelligence systems should apply the latest Ubuntu security updates immediately to maintain reliable threat detection capabilities.
References:
Summary: USN-8018-1 fixed vulnerabilities in python3. That update introduced regressions. The patches for CVE-2025-15366 and CVE-2025-15367 caused behavior regressions in IMAP and POP3 handling, which upstream chose to avoid by not backporting them.
| OEM | Python |
| Severity | Medium |
| CVSS Score | 6.5 |
| CVEs | CVE-2026-0865, CVE-2025-15366, CVE-2025-15367 |
| POC Available | No |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
Python is a widely used high-level programming language that powers many enterprise applications, automation frameworks, DevOps pipelines, web platforms and email-processing services. Many Linux distributions – Ubuntu provide Python runtime packages as core system components.
Ubuntu released USN-8018-2 to address regressions introduced in the previous security update USN-8018-1. The earlier update attempted to fix vulnerabilities related to email header parsing and input validation but unintentionally introduced compatibility issues affecting IMAP, POP3, and WSGI header processing.
The new advisory prioritizes the fix for CVE-2026-0865, while also addressing issues related to CVE-2025-15366 and CVE-2025-15367.
| Vulnerability Name | CVE ID | Product Affected | Severity | CVSS Score | Fixed Version |
| WSGI Header Parsing Regression Vulnerability | CVE-2026-0865 | Python | Medium | 6.5 | Updated Python packages |
| Email Header Injection Vulnerability | CVE-2025-15366 | Python | Medium | 5.9 | Updated Python packages |
| Improper Email Header Parsing Vulnerability | CVE-2025-15367 | Python | Medium | 5.9 | Updated Python packages |
Technical Summary
These vulnerabilities affect multiple Python versions distributed within Ubuntu systems.
The original security update introduced patches intended to address email header parsing vulnerabilities. However, those fixes resulted in unintended behavioural regressions.
The CVE-2026-0865 patch incorrectly rejected horizontal tab characters in WSGI headers, potentially causing web applications relying on Python frameworks to malfunction.
Additionally, patches for CVE-2025-15366 and CVE-2025-15367 affected IMAP and POP3 email processing behavior, which allow upstream developers to avoid backporting those changes due to compatibility concerns.
Ubuntu released updated packages to resolve these regressions while maintaining protection against the underlying vulnerabilities.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2026-0865 | Python (multiple Ubuntu packages) | Incorrect rejection of horizontal tabs in WSGI headers after patch | Web application compatibility issues |
| CVE-2025-15366 | Python email parsing library | Improper parsing allowing email header injection | Email spoofing or message manipulation |
| CVE-2025-15367 | Python email processing modules | Improper validation of message headers | Header manipulation in email processing |
Affected Packages
The following Python packages are affected –
python3.4 python3.5 python3.6 python3.7 python3.8
python3.10 python3.12 python3.13 python3.14
Remediation:
Apply the latest Ubuntu security updates immediately-
Fixed Package Versions
| Ubuntu Release | Fixed Package Version |
| Ubuntu 25.10 | python3.13 – 3.13.7-1ubuntu0.4 / python3.14 – 3.14.0-1ubuntu0.3 |
| Ubuntu 24.04 LTS | python3.12 – 3.12.3-1ubuntu0.12 |
| Ubuntu 22.04 LTS | python3.10 – 3.10.12-1 22.04.15 |
| Ubuntu 20.04 LTS | python3.8 – 3.8.10-0ubuntu1 20.04.18 |
| Ubuntu 18.04 LTS | Updated ESM packages |
| Ubuntu 16.04 LTS | Updated ESM packages |
| Ubuntu 14.04 LTS | Updated ESM packages |
If immediate patching is not possible, apply the following temporary mitigations-
You can follow the recommendations below as a best practice-
Conclusion:
The vulnerabilities addressed in USN-8018-2 highlight the risks associated with improper email header parsing and regression issues in widely used programming libraries such as Python. The primary concern, CVE-2026-0865, affects WSGI header handling and could disrupt web applications, while CVE-2025-15366 and CVE-2025-15367 relate to email header parsing weaknesses.
Organizations using Python-based applications or email processing services should prioritize updating affected Ubuntu packages to ensure both security and application stability.
References:
CISA emphasized the urgency of addressing these vulnerabilities
Continue Reading
Cisco Released Emergency Patch
Continue Reading
LexisNexis Confirms Data Breach that leaked 2GB data
Continue Reading
Google Chrome emergency security update tracked as CVE-2026-2441; Highlights Browser Security
Continue Reading
Summary : SolarWinds has fixed four critical vulnerabilities in its popular Serv-U file transfer solution, which is used by businesses and organizations of all sizes. vulnerabilities impact SolarWinds Serv-U Managed File Transfer, a platform frequently deployed as an internet-facing FTP/FTPS/SFTP gateway or as an internal file exchange service handling sensitive data.
| OEM | SolarWinds |
| Severity | Critical |
| CVSS Score | 9.1 |
| CVEs | CVE-2025-40538, CVE-2025-40539, CVE-2025-40540, CVE-2025-40541 |
| POC Available | No |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
SolarWinds stated that there are no confirmed reports of active exploitation at this time. However, given previous Serv-U vulnerabilities were exploited by advanced threat actors.
SolarWinds Serv-U
is a secure file transfer server used by organizations to manage FTP, FTPS, SFTP, and HTTP/S file transfers across enterprise environments. It is commonly deployed on Windows and Linux servers to securely exchange sensitive business data.
SolarWinds fixed four critical remote code execution vulnerabilities in Serv-U 15.5. These vulnerabilities could allow an attacker with administrative privileges to execute arbitrary native code as root on the affected server.
| Vulnerability Name | CVE ID | Product Affected | Severity | CVSS Score | Fixed Version |
| Broken Access Control Remote Code Execution Vulnerability | CVE-2025-40538 | Serv-U | Critical | 9.1 | Serv-U 15.5.4 |
| Type Confusion Remote Code Execution Vulnerability | CVE-2025-40539 | Serv-U | Critical | 9.1 | Serv-U 15.5.4 |
| Type Confusion Remote Code Execution Vulnerability | CVE-2025-40540 | Serv-U | Critical | 9.1 | Serv-U 15.5.4 |
| Insecure Direct Object Reference (IDOR) Remote Code Execution Vulnerability | CVE-2025-40541 | Serv-U | Critical | 9.1 | Serv-U 15.5.4 |
Technical Summary
These critical vulnerabilities affect SolarWinds Serv-U version 15.5 and arise from weaknesses such as improper access control checks, type confusion errors, and insecure object reference handling.
If exploited, they may allow an attacker to run arbitrary native code with root-level privileges on the affected server.
Successful exploitation requires administrative access. Once obtained, an attacker could create unauthorized administrator accounts, and execute malicious code, potentially resulting in complete system compromise and further movement across the network.
SolarWinds strongly advises upgrading to Serv-U version 15.5.4 to address these security risks.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-40538 | Serv-U 15.5 | Improper access control enabling admin creation and root-level code execution | Admin account creation, full system compromise |
| CVE-2025-40539 | Serv-U 15.5 | Type confusion enabling arbitrary native code execution as root | Arbitrary native code execution |
| CVE-2025-40540 | Serv-U 15.5 | Type confusion leading to root-level native code execution | Root-level execution |
| CVE-2025-40541 | Serv-U 15.5 | IDOR enabling unauthorized access and root-level code execution | Remote code execution as root |
Potential Consequences
Remediation:
Upgrade immediately to Serv-U product with below mentioning fixed version-
If immediate patching is not possible, apply the following temporary mitigations-
You can follow the recommendations below as a best practice-
Conclusion:
These four newly disclosed vulnerabilities in SolarWinds Serv-U represent critical remote code execution risks. Although exploitation has not been confirmed, Serv-U’s history of targeted attacks increases the urgency for patching.
Organizations should treat this as a priority patching event and immediately upgrade to Serv-U 15.5.4 to prevent potential root-level compromise.
References:
Cisco SD-WAN Authentication Bypass Zero-Day
Continue Reading
Recent Comments