Skip to dossier
Archived issue · 05-29-2026
View latest issue
fruition.net
verified 2w ago
The Perimeter · Issue 05-29-2026

Drupal SQLi in KEV, AntV/durabletask npm worm spreads, Twig sandbox shattered

This week the Perimeter is dominated by two things teams running production stacks need to act on: a highly critical SQL injection in Drupal core (CVE-2026-9082, now in CISA KEV and exploitable by anonymous users on PostgreSQL) and a continuing wave of npm/PyPI supply-chain compromises. The Shai-Hulud worm extended to AntV (300+ malicious npm versions), then to Microsoft's `durabletask` PyPI package, and a separate Laravel Lang Packagist republish put Composer installs at risk. On the application layer, Symfony's Twig shipped a fix-bundle for seven sandbox-bypass and RCE-class issues, including PHP code injection via `{% use %}` template names — anyone exposing Twig to user-authored templates needs to look at this today. Containerd published a `runAsNonRoot` bypass that matters if you accept third-party images, and CISA added Cisco Catalyst SD-WAN auth bypass, Langflow CORS, and Trend Micro Apex One traversal to KEV. Recalculate: if you run Drupal on Postgres, treat patching as a Friday deadline; if you have a CI/CD that auto-pulls npm or Composer, assume maintainer compromise is the default threat model now.
Published
Friday, May 29, 2026
Entries
12
Cadence
Weekly · Fridays
Curator
Brad Anderson
Wire
cisa.gov New addition to the Known Exploited Vulnerabilities catalog ·
github.com GHSA: critical npm package compromise affecting CI pipelines ·
wordfence.com WordPress plugin vulnerability with active exploitation ·
drupal.org Highly critical core security advisory published ·
aws.amazon.com AWS security bulletin: IAM policy evaluation update ·
unit42.paloaltonetworks.com Threat actor expands toolkit targeting public-facing PHP apps ·
krebsonsecurity.com Breach disclosure with named victim and confirmed initial vector ·
snyk.io Composer dependency advisory affecting production framework versions ·
cisa.gov New addition to the Known Exploited Vulnerabilities catalog ·
github.com GHSA: critical npm package compromise affecting CI pipelines ·
wordfence.com WordPress plugin vulnerability with active exploitation ·
drupal.org Highly critical core security advisory published ·
aws.amazon.com AWS security bulletin: IAM policy evaluation update ·
unit42.paloaltonetworks.com Threat actor expands toolkit targeting public-facing PHP apps ·
krebsonsecurity.com Breach disclosure with named victim and confirmed initial vector ·
snyk.io Composer dependency advisory affecting production framework versions ·
01

Web Application

frameworks · browsers · authentication flows

github.com 2w

Twig batch: PHP code injection and multiple sandbox bypasses

Symfony's Twig shipped fixes for seven advisories including PHP code injection via `{% use %}` template names (compiler single-quote escaping bug, CVE-2026-46633), sandbox bypass via `_self.(<string>)` macro references (CVE-2026-46640), object-destructuring sandbox bypass (CVE-2026-46639), `column` filter property bypass, and incomplete fix for CVE-2024-45411 in `{% sandbox %}{% include %}`.

CVE-2026-46633 CVE-2026-46640 CVE-2026-46639 +4 more Twig (twig/twig) twig/markdown-extra Symfony
Fruition take

Anyone running Twig with user-authored templates (CMS theming, email builders, multi-tenant Symfony) should patch immediately — several of these defeat SandboxExtension entirely. If you can't patch, audit who can write to template sources.

02

Supply Chain

packages · build systems · dependency attacks

snyk.io 2w
▲ headline

Shai-Hulud worm spreads from AntV npm to Microsoft's durabletask PyPI

After a compromised AntV maintainer account auto-published 300+ malicious versions across 323 npm packages, the same campaign hit `durabletask`, a Microsoft-associated PyPI package. Payloads steal credentials and tokens from the build environment. Snyk and Sonatype both confirm the maintainer-account vector and ongoing automated republishing.

@antv/* npm packages durabletask (PyPI) npm registry PyPI
Fruition take

Pin or hash-lock npm and pip dependencies in CI, and rotate any npm/PyPI publish tokens that touched build runners in the past 14 days. If you ingest @antv/* or `durabletask`, audit lockfiles for installs between May 18–20.

snyk.io 2w

Laravel Lang Packagist releases republished with malicious code

Snyk reports hundreds of historical Laravel Lang releases on Packagist were republished with malicious code that exfiltrates secrets and credentials during Composer install. Any Composer install or `composer update` pulling affected versions during the window is exposed.

laravel-lang/* Composer packages Packagist
Fruition take

Audit `composer.lock` for `laravel-lang/*` entries and rebuild from a known-good cached vendor tree. Add Packagist publish-time anomaly checks to your dependency review — historical-release republishing defeats simple version pins.

03

Infrastructure

kubernetes · cloud · network · ingress

github.com 2w

containerd runAsNonRoot bypass via numeric User overflow

containerd treats numeric `User` directives that overflow a 32-bit int as usernames, so a crafted image that maps the oversized numeric string to root in `/etc/passwd` runs as UID 0. Kubernetes `runAsNonRoot` PodSecurity restrictions are bypassed. Fixed in containerd 2.3.1, 2.2.4, 2.0.9, 1.7.32; 2.1.x is EOL with no fix.

CVE-2026-46680 containerd 1.7.x/2.0.x/2.2.x/2.3.x Kubernetes PodSecurity
Fruition take

If you rely on `runAsNonRoot` as a defense-in-depth control on shared Kubernetes clusters, patch containerd on every node and add an admission policy that rejects images where the resolved UID is 0 regardless of declaration.

04

PHP & CMS

wordpress · drupal · plugins · php frameworks

drupal.org 2w KEV
▲ headline

Drupal core SQL injection (SA-CORE-2026-004) added to CISA KEV

Drupal core's database abstraction API has a SQL injection (CVE-2026-9082) exploitable by anonymous users against sites on PostgreSQL, with potential for privilege escalation and RCE. Drupal rates it 23/25 highly critical; CISA added it to KEV on May 22. Affected: 8.9+ through 11.3.x prior to 11.3.10, plus 10.5/10.6/11.0/11.2 branches.

CVE-2026-9082 Drupal core 8.9–11.3 PostgreSQL backends
Fruition take

If you run Drupal on PostgreSQL — patch this week, no exceptions. Anonymous-user exploitation plus KEV status means automated scanning is already underway. MySQL/MariaDB sites should still patch on the normal cycle.

wordfence.com 3w

Burst Statistics WordPress plugin: critical authentication bypass on 200K sites

Wordfence's PRISM platform found a critical authentication bypass in Burst Statistics (200,000+ installs). An unauthenticated attacker can gain administrator-level access on unpatched sites. Patched version is available; details published May 13.

Burst Statistics WordPress plugin
Fruition take

Auto-update Burst Statistics across managed WordPress fleets and audit `wp_users` for unexpected admin role assignments in the past two weeks. This is the second high-install analytics plugin to ship an auth-bypass this year — consider whether you actually need server-side analytics inside the CMS.

wordfence.com 3w

Avada Builder: arbitrary file read and SQL injection on 1M WordPress sites

Wordfence disclosed an Arbitrary File Read and SQL Injection in Avada Builder, installed on roughly 1,000,000 WordPress sites. Both issues are reachable in default configurations on affected versions; patched releases are available from ThemeFusion.

Avada Builder WordPress plugin
Fruition take

If you manage Avada-based sites, push the patched Builder release this week and check access logs for unusual `wp-admin/admin-ajax.php` parameters before assuming nothing happened.

05

Identity & Auth

oauth · saml · iam · session attacks

therecord.media 2w

FBI flags Kali365 phishing-as-a-service capturing M365 OAuth tokens

FBI advisory describes Kali365, a Telegram-based PhaaS that captures legitimate Microsoft 365 OAuth tokens — bypassing MFA and granting persistent Graph-level access to mailboxes, SharePoint, and Teams. Tied to April 2026 M365 incident wave.

Microsoft 365 Entra ID OAuth
Fruition take

For any client portal federated to Entra ID or using M365 for staff, enforce token-binding/Conditional Access location and device checks, and review consented OAuth apps weekly. MFA alone no longer stops this class of AiTM kit.

cloud.google.com 3w

Mandiant: UNC6671 'BlackFile' vishing operation pivots through Okta and M365

Google Threat Intelligence Group details UNC6671/BlackFile, an extortion crew that combines voice phishing with adversary-in-the-middle MFA capture to compromise Okta SSO and Microsoft 365 tenants, then exfiltrates data via Python and PowerShell from authenticated cloud sessions.

Okta Microsoft 365 Entra ID
Fruition take

Treat help-desk password and MFA reset workflows as the most-attacked identity surface you operate — require callback verification on a second channel and disable SMS/voice MFA fallback for admins. Hunt for unexpected `New-MailboxExportRequest` and Graph `/users` enumeration in Okta and M365 logs.

06

Threat Intel

active exploitation · breaches · ransomware

nvd.nist.gov 2w KEV

Langflow CORS misconfig with SameSite=None refresh token added to KEV

CVE-2025-34291: Langflow's overly permissive CORS combined with a `SameSite=None` refresh-token cookie lets a malicious page perform credentialed cross-origin calls to the refresh endpoint, obtaining tokens that enable RCE on the host. Now in CISA KEV.

CVE-2025-34291 Langflow
Fruition take

Self-hosted Langflow instances should be taken off the public internet behind an authenticating proxy until patched. This is a textbook reminder to audit any CORS `Access-Control-Allow-Origin` reflection on internal AI tooling.

nvd.nist.gov 3w KEV

Cisco Catalyst SD-WAN auth bypass added to KEV under Emergency Directive 26-03

CVE-2026-20182 lets an unauthenticated remote attacker bypass authentication and obtain admin privileges on Cisco Catalyst SD-WAN Controller and Manager. CISA issued Emergency Directive 26-03 with hardening guidance for federal SD-WAN deployments.

CVE-2026-20182 Cisco Catalyst SD-WAN Controller Cisco Catalyst SD-WAN Manager
Fruition take

If you operate Cisco SD-WAN as part of any client's network edge, follow ED 26-03 hunt guidance now — admin-level pre-auth on the management plane is a tenant-wide compromise. Treat any anomalous controller logins in the last 30 days as IR.

krebsonsecurity.com 2w

CISA contractor leaked AWS GovCloud keys and agency secrets on public GitHub

KrebsOnSecurity reported, and Congress is now demanding answers, that a CISA contractor intentionally published AWS GovCloud access keys and a large trove of CISA secrets to a public GitHub account. CISA is still working to invalidate the leaked credentials.

AWS GovCloud GitHub
Fruition take

Useful prompt to verify that your own GitHub org has push protection and secret scanning enabled across every repo — including contractor-owned forks — and that any AWS keys discovered in commits trigger automatic IAM disablement, not just a Slack alert.