<![CDATA[VulnWatch — AI Security Tracker]]>

<![CDATA[VulnWatch — AI Security Tracker]]> en-US Wed, 22 Apr 2026 18:00:07 +0000 <![CDATA[CVE-2026-35366: The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences.]]> https://nvd.nist.gov/vuln/detail/CVE-2026-35366 Wed, 22 Apr 2026 18:00:07 +0000 <![CDATA[CVE-2026-6859: A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from]]> https://nvd.nist.gov/vuln/detail/CVE-2026-6859 Wed, 22 Apr 2026 18:00:07 +0000 <![CDATA[CVE-2026-31507: In the Linux kernel, the following vulnerability has been resolved: net/smc: fix double-free of smc_spd_priv when tee()]]> https://nvd.nist.gov/vuln/detail/CVE-2026-31507 smc pointer: BUG: KASAN: slab-use-after-free in smc_rx_pipe_buf_release+0x78/0x2a0 Read of size 8 at addr ffff888004a45740 by task smc_splice_tee_/74 Call Trace: dump_stack_lvl+0x53/0x70 print_report+0xce/0x650 kasan_report+0xc6/0x100 smc_rx_pipe_buf_release+0x78/0x2a0 free_pipe_info+0xd4/0x130 pipe_release+0x142/0x160 __fput+0x1c6/0x490 __x64_sys_close+0x4f/0x90 do_syscall_64+0xa6/0x1a0 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: kernel NULL pointer dereference, address: 0000000000000020 RIP: 0010:smc_rx_update_consumer+0x8d/0x350 Call Trace: smc_rx_pipe_buf_release+0x121/0x2a0 free_pipe_info+0xd4/0x130 pipe_release+0x142/0x160 __fput+0x1c6/0x490 __x64_sys_close+0x4f/0x90 do_syscall_64+0xa6/0x1a0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Kernel panic - not syncing: Fatal exception Beyond the memory-safety problem, duplicating an SMC splice buffer is semantically questionable: smc_rx_update_cons() would advance the consumer cursor twice for the same data, corrupting receive-window accounting. A refcount on smc_spd_priv could fix the double-free, but the cursor-accounting issue would still need to be addressed separately. The .get callback is invoked by both tee(2) and splice_pipe_to_pipe() for partial transfers; both will now return -EFAULT. Users who need to duplicate SMC socket data must use a copy-based read path.]]> Wed, 22 Apr 2026 18:00:07 +0000 <![CDATA[CVE-2026-31504: In the Linux kernel, the following vulnerability has been resolved: net: fix fanout UAF in packet_release() via NETDEV_]]> https://nvd.nist.gov/vuln/detail/CVE-2026-31504 num` in its `bind_lock` section. After releasing `bind_lock`, `po->num` is still non-zero and `po->ifindex` still matches the bound device. A concurrent `packet_notifier(NETDEV_UP)` that already found the socket in `sklist` can re-register the hook. For fanout sockets, this re-registration calls `__fanout_link(sk, po)` which adds the socket back into `f->arr[]` and increments `f->num_members`, but does NOT increment `f->sk_ref`. The fix sets `po->num` to zero in `packet_release` while `bind_lock` is held to prevent NETDEV_UP from linking, preventing the race window. This bug was found following an additional audit with Claude Code based on CVE-2025-38617.]]> Wed, 22 Apr 2026 18:00:07 +0000 <![CDATA[CVE-2026-31464: In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Fix OOB access in ibmvfc_discover_tar]]> https://nvd.nist.gov/vuln/detail/CVE-2026-31464 num_targets without validation, and is then used as the loop bound in ibmvfc_alloc_targets() to index into disc_buf[], which is only allocated for max_targets entries. Indices at or beyond max_targets access kernel memory outside the DMA-coherent allocation. The out-of-bounds data is subsequently embedded in Implicit Logout and PLOGI MADs that are sent back to the VIO server, leaking kernel memory. Fix by clamping num_written to max_targets before storing it.]]> Wed, 22 Apr 2026 18:00:07 +0000 <![CDATA[CVE-2026-31436: In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible wrong descriptor comp]]> https://nvd.nist.gov/vuln/detail/CVE-2026-31436 Wed, 22 Apr 2026 18:00:07 +0000 <![CDATA[Claude Mythos Finds 271 Firefox Vulnerabilities]]> https://www.securityweek.com/claude-mythos-finds-271-firefox-vulnerabilities/ Wed, 22 Apr 2026 18:00:01 +0000 <![CDATA[Toxic Combinations: When Cross-App Permissions Stack into Risk]]> https://thehackernews.com/2026/04/toxic-combinations-when-cross-app.html Wed, 22 Apr 2026 18:00:00 +0000 <![CDATA[Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape]]> https://thehackernews.com/2026/04/cohere-ai-terrarium-sandbox-flaw.html Wed, 22 Apr 2026 18:00:00 +0000 <![CDATA[CVE-2026-40933: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe s]]> https://nvd.nist.gov/vuln/detail/CVE-2026-40933 Wed, 22 Apr 2026 18:00:07 +0000 <![CDATA[CVE-2026-22016: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE]]> https://nvd.nist.gov/vuln/detail/CVE-2026-22016 Wed, 22 Apr 2026 18:00:07 +0000 <![CDATA[CVE-2026-40608: Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams. Prior to 0.4.15, the]]> https://nvd.nist.gov/vuln/detail/CVE-2026-40608 Wed, 22 Apr 2026 18:00:07 +0000 <![CDATA[Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution]]> https://thehackernews.com/2026/04/google-patches-antigravity-ide-flaw.html Wed, 22 Apr 2026 18:00:00 +0000 <![CDATA[QIMMA قِمّة ⛰: A Quality-First Arabic LLM Leaderboard]]> https://huggingface.co/blog/tiiuae/qimma-arabic-leaderboard Wed, 22 Apr 2026 18:00:01 +0000 <![CDATA[SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files]]> https://thehackernews.com/2026/04/sglang-cve-2026-5760-cvss-98-enables.html Wed, 22 Apr 2026 18:00:00 +0000 <![CDATA[Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain]]> https://thehackernews.com/2026/04/anthropic-mcp-design-vulnerability.html Wed, 22 Apr 2026 18:00:00 +0000 <![CDATA[[Webinar] Eliminate Ghost Identities Before They Expose Your Enterprise Data]]> https://thehackernews.com/2026/04/webinar-find-and-eliminate-orphaned-non.html Wed, 22 Apr 2026 18:00:00 +0000 <![CDATA[Training and Finetuning Multimodal Embedding & Reranker Models with Sentence Transformers]]> https://huggingface.co/blog/train-multimodal-sentence-transformers Wed, 22 Apr 2026 18:00:01 +0000 <![CDATA[Inside VAKRA: Reasoning, Tool Use, and Failure Modes of Agents]]> https://huggingface.co/blog/ibm-research/vakra-benchmark-analysis Wed, 22 Apr 2026 18:00:01 +0000 <![CDATA[Deterministic + Agentic AI: The Architecture Exposure Validation Requires]]> https://thehackernews.com/2026/04/deterministic-agentic-ai-architecture.html Wed, 22 Apr 2026 18:00:00 +0000 <![CDATA[OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams]]> https://thehackernews.com/2026/04/openai-launches-gpt-54-cyber-with.html Wed, 22 Apr 2026 18:00:00 +0000 <![CDATA[Multimodal Embedding & Reranker Models with Sentence Transformers]]> https://huggingface.co/blog/multimodal-sentence-transformers Wed, 22 Apr 2026 18:00:01 +0000 <![CDATA[Safetensors is Joining the PyTorch Foundation]]> https://huggingface.co/blog/safetensors-joins-pytorch-foundation Wed, 22 Apr 2026 18:00:01 +0000 <![CDATA[State of Open Source on Hugging Face: Spring 2026]]> https://huggingface.co/blog/huggingface/state-of-os-hf-spring-2026 Wed, 22 Apr 2026 18:00:01 +0000 <![CDATA[Introducing Storage Buckets on the Hugging Face Hub]]> https://huggingface.co/blog/storage-buckets Wed, 22 Apr 2026 18:00:01 +0000 <![CDATA[Introducing Modular Diffusers - Composable Building Blocks for Diffusion Pipelines]]> https://huggingface.co/blog/modular-diffusers Wed, 22 Apr 2026 18:00:01 +0000 <![CDATA[Mixture of Experts (MoEs) in Transformers]]> https://huggingface.co/blog/moe-transformers Wed, 22 Apr 2026 18:00:01 +0000 <![CDATA[GGML and llama.cpp join HF to ensure the long-term progress of Local AI]]> https://huggingface.co/blog/ggml-joins-hf Wed, 22 Apr 2026 18:00:01 +0000 <![CDATA[Train AI models with Unsloth and Hugging Face Jobs for FREE]]> https://huggingface.co/blog/unsloth-jobs Wed, 22 Apr 2026 18:00:01 +0000 <![CDATA[Custom Kernels for All from Codex and Claude]]> https://huggingface.co/blog/custom-cuda-kernels-agent-skills Wed, 22 Apr 2026 18:00:01 +0000 <![CDATA[Transformers.js v4: Now Available on NPM!]]> https://huggingface.co/blog/transformersjs-v4 Wed, 22 Apr 2026 18:00:01 +0000 <![CDATA[The Future of the Global Open-Source AI Ecosystem: From DeepSeek to AI+]]> https://huggingface.co/blog/huggingface/one-year-since-the-deepseek-moment-blog-3 Wed, 22 Apr 2026 18:00:01 +0000 <![CDATA[We Got Claude to Build CUDA Kernels and teach open models!]]> https://huggingface.co/blog/upskill Wed, 22 Apr 2026 18:00:01 +0000 <![CDATA[Architectural Choices in China's Open-Source AI Ecosystem: Building Beyond DeepSeek ]]> https://huggingface.co/blog/huggingface/one-year-since-the-deepseek-moment-blog-2 Wed, 22 Apr 2026 18:00:01 +0000 <![CDATA[Alyah ⭐️: Toward Robust Evaluation of Emirati Dialect Capabilities in Arabic LLMs]]> https://huggingface.co/blog/tiiuae/emirati-benchmarks Wed, 22 Apr 2026 18:00:01 +0000 <![CDATA[Unlocking Agentic RL Training for GPT-OSS: A Practical Retrospective]]> https://huggingface.co/blog/LinkedIn/gpt-oss-agentic-rl Wed, 22 Apr 2026 18:00:01 +0000 <![CDATA[AssetOpsBench: Bridging the Gap Between AI Agent Benchmarks and Industrial Reality]]> https://huggingface.co/blog/ibm-research/assetopsbench-playground-on-hugging-face Wed, 22 Apr 2026 18:00:01 +0000 <![CDATA[One Year Since the “DeepSeek Moment”]]> https://huggingface.co/blog/huggingface/one-year-since-the-deepseek-moment Wed, 22 Apr 2026 18:00:01 +0000