RHEL 10 container escape, CitrixBleed-style bypass

Infosec · 2026-06-30

Vulnerabilities & Exploits

IPv6 Fragmentation Bug Enables Reliable Container Escape on RHEL 103 MIN

A newly disclosed IPv6 fragmentation overflow in the Linux kernel 6.12 series lets an unprivileged process inside a RHEL 10 or CentOS 10 container gain a root shell on the host. The proof‑of‑concept exploits a slab overflow to a use‑after‑free, then hijacks page tables to break out of the jail.

OpenReception audit reveals admin takeover and encryption bypass vulnerabilities9 MIN

A security audit of the open-source, end-to-end encrypted appointment system OpenReception uncovered 16 CVEs, four critical, including unauthenticated global admin creation and a flaw that defeats its encryption model. The vulnerabilities gave attackers full control over tenant data and could let them impersonate any user, undermining the platform’s core privacy promise.

Voltage glitch can disable UAV failsafes on PX4 autopilot1 MIN

Researchers at UC demonstrated voltage glitch fault injection on STM32 running PX4 autopilot, bypassing safety checks and skipping control instructions, enabling potential UAV hijack. Attack requires physical access but reveals timing‑sensitive vulnerabilities in failsafe logic, raising concerns for commercial and hobby UAVs.

Citrix patches NetScaler CVE‑2026‑8451, a CitrixBleed‑style auth bypass5 MIN

Citrix released a security bulletin and patches for NetScaler ADC and Gateway addressing CVE‑2026‑8451, a flaw that could let attackers bypass authentication, reminiscent of the 2022 CitrixBleed issue. The vulnerability affects on‑premises appliances and requires an immediate update to the recommended build. Unpatched systems risk remote privilege escalation and data exposure.

Threats & Malware

SimpleHelp OIDC Bypass Fuels Deployment of TaskWeaver Loader and Djinn Credential Stealer1 MIN

A critical authentication bypass (CVE-2026-48558) in SimpleHelp's OIDC flow lets an unauthenticated attacker impersonate a technician and run commands on managed endpoints. Blackpoint observed the flaw being used to drop TaskWeaver, a Node.js loader, and Djinn Stealer, which exfiltrates developer credentials. CISA has added the bug to its KEV catalog, urging immediate patching.

Breaches & Industry News

NAIC breach reveals Oracle PeopleSoft zero‑day stole public financial data10 MIN

The National Association of Insurance Commissioners confirmed that a zero‑day flaw in Oracle PeopleSoft let attackers access a portion of its environment on June 11. The breach exposed only publicly available statutory financial reports and some outdated logs, with no evidence of personal, payment or policyholder data being taken, though rating agencies paused data feeds.

Research & Tools

Python gets post‑quantum crypto via pip, thanks to Trail of Bits4 MIN

Trail of Bits added NIST-standard ML-KEM key-exchange and ML-DSA signature support to pyca/cryptography, making post-quantum algorithms installable with a single pip command. Because the library powers billions of downloads and critical tools like Certbot and Ansible, the update opens the entire Python stack to the U.S. government’s 2030-31 migration deadlines.