Just once I'd like to review an architecture where config parsers don't hand out root and audio drivers don't compromise the hypervisor.
๐ช Zero-Auth RCE by Default
MCP Connect ships with auth so broken that a missing token evaluates to an empty string and waves you right in. Worse, it binds to `0.0.0.0` out of the box with an ngrok script to aggressively maximize exposure. Hit port 3000, hit `/bridge`, get instant RCE. Enforce your `AUTH_TOKEN` and read the advisory.
๐ Weaponized Config Files
Dynaconf turns variable parsing into a trivial compromise by evaluating templates without a sandbox. Slip a malicious Jinja payload into a `.env` file, and the `@jinja` resolver blindly executes it on startup. Stop trusting external config and upgrade before your environment variables root your microservices. Patch details: GitHub alert.
๐ Audio-Triggered VM Escapes
Why anyone attaches sound devices to server infrastructure is beyond me. An uncontrolled heap overflow in QEMU's `virtio-snd` lets a malicious guest OS escape the hypervisor entirely. One malformed audio request drops attackers straight onto the physical host. Disable and detach `virtio-snd` across all QEMU instances.
๐ค 90s SQLi Returns
We're speed-running legacy web vulnerabilities to justify bloated budgets. Spring's MariaDB integration blindly trusts unvalidated metadata filters (CVE-2026-22730). Attackers just inject basic SQL syntax to shatter tenant isolation and dump cross-tenant proprietary data. Stop leaking your databases and upgrade to version 1.0.4 or 1.1.3.
๐ References:
โข OpenSIPS SQL Injection to Authentication Bypass (CVE-2026-25554)