OdiVex Research
Security Advisories
Vulnerability disclosures and security research from our team.
CVE-2026-4412May 18, 2026
CVE-2026-4412: Authentication Bypass via Asymmetric Key Confusion in TitanWorkflow
TitanWorkflow Suite v5.xAsymmetric key confusion vulnerability in token verification filters allowing authentication bypass and admin token forgery.
SeverityHigh (8.1)
→CVE-2026-3391May 2, 2026
CVE-2026-3391: Blind SSRF in CloudSync PDF Engine exposing AWS Metadata
CloudSync Enterprise v1.1Blind SSRF via PDF rendering engine leading to AWS IAM credential theft.
SeverityHigh (8.2)
→CVE-2026-1034March 15, 2026
CVE-2026-1034: Unauthenticated RCE in DataStream Enterprise Router via Insecure Deserialization
DataStream Enterprise Router v4.xPre-authentication remote code execution (RCE) via insecure XML deserialization in the management interface.
SeverityCritical (9.8)
→CVE-2025-9921February 1, 2026
CVE-2025-9921: Container Escape and Host Takeover in KubeOrchestrator v3
KubeOrchestrator v3.0 - v3.1Improper volume mounting configuration allowing full container escape and host node compromise.
SeverityHigh (8.8)
→CVE-2025-8492November 20, 2025
CVE-2025-8492: SAML Signature Wrapping leading to Auth Bypass in CoreIdentity SSO
CoreIdentity SSO v2.2XML Signature Wrapping (XSW) vulnerability allowing low-privileged users to forge SAML assertions and escalate privileges.
SeverityCritical (9.4)
→