Vulnerability Research

Intelligence & Disclosure

Our offensive security engineers actively hunt for zero-days and vulnerabilities in popular software to keep the community safe and informed.

CVE-2026-9912March 15, 2026

Authentication Bypass in Global Gateway Enterprise

Global Gateway Enterprise v3.2.1

An improper authentication verification flaw in the Global Gateway Enterprise management portal allows unauthenticated remote attackers to bypass login controls and gain administrative access via a crafted HTTP header injection.

SeverityCritical (9.8)

→

CVE-2026-7741February 28, 2026

SSRF via Misconfigured OAuth Callback

AuthLib v2.1.0–2.4.2

A Server-Side Request Forgery vulnerability in the OAuth callback handler of AuthLib allows attackers to redirect callback URLs to internal network endpoints, exposing cloud metadata services.

SeverityHigh (8.1)

→

CVE-2026-5580January 19, 2026

JWT Algorithm Confusion in FastAPI-Security

FastAPI-Security v0.5.0–0.6.3

A vulnerability in the JWT validation logic allows attackers to bypass signature verification by switching the algorithm from RS256 to HS256 and using the public key as the secret.

SeverityHigh (7.5)

→

Establishing Connection...