{"vulnerability": "cve-2026-4721", "sightings": [{"uuid": "d100a1a0-4a57-471a-9956-eab5a280ee40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-47213", "type": "published-proof-of-concept", "source": "https://github.com/boxlite-ai/boxlite/security/advisories/GHSA-xjhv-pp2r-6f82", "content": "", "creation_timestamp": "2026-05-19T13:11:58.000000Z"}, {"uuid": "b6c69c54-21d3-4971-9216-db9e11d62f26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4721", "type": "seen", "source": "https://bsky.app/profile/slackers.it/post/3mhu7d6hbhv2w", "content": "", "creation_timestamp": "2026-03-25T04:01:28.142388Z"}, {"uuid": "f6394fe2-e67c-4541-a98b-b0ce3bf91f0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-4721", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/mozilla-products-multiple-vulnerabilities_20260325", "content": "", "creation_timestamp": "2026-03-25T03:00:00.000000Z"}, {"uuid": "a646519f-1d0a-4037-b73a-c18aa992cad0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-4721", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/actualite/CERTFR-2026-ACT-013/", "content": "", "creation_timestamp": "2026-03-29T17:00:00.000000Z"}, {"uuid": "d323e943-791e-4cdf-a72c-8f57915a633e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-47212", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbqxgdjg72y", "content": "\ud83d\udd10 CVE-2026-47212: Twilio Notifier Webhook Parser Never Verifies the X-Twilio-Signature HMAC: Unauthenticated Webhook Event Injection\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-47212-twilio-notifier-webhook-parser-never-verifies-the-x-twilio-signature-hmac-unauthenticated-webhook-event-injection", "creation_timestamp": "2026-05-20T11:02:20.847497Z"}, {"uuid": "be8cee8b-3998-497c-b020-d2723ee25c48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47212", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mmc3qc4eg22q", "content": "\ud83d\udd17 CVE : CVE-2026-45070, CVE-2026-45077, CVE-2026-45304, CVE-2026-45305, CVE-2026-45753, CVE-2026-45754, CVE-2026-45755, CVE-2026-45756, CVE-2026-46626, CVE-2026-47212", "creation_timestamp": "2026-05-20T14:15:14.032320Z"}, {"uuid": "a3091e50-c006-489a-b7ea-8d0b953a8bf1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-47210", "type": "published-proof-of-concept", "source": "https://github.com/patriksimek/vm2/security/advisories/GHSA-6j2x-vhqr-qr7q", "content": "", "creation_timestamp": "2026-05-18T12:48:20.000000Z"}, {"uuid": "360ec786-5bef-4d67-979b-67e79c91b050", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47213", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mny4w26ina2i", "content": "CVE-2026-47213 - BoxLite: Timeout Bypass Vulnerability\nCVE ID : CVE-2026-47213\n \n Published : June 10, 2026, 11:16 p.m. | 2\u00a0hours, 1\u00a0minute ago\n \n Description : Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI contain...", "creation_timestamp": "2026-06-11T02:00:05.696536Z"}, {"uuid": "5a858e4d-45d3-4bd0-aa2a-765fdf81a0a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47210", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mo44gjbytq2w", "content": "\ud83d\udd34 CVE-2026-47210 - Critical (9.8)\n\nvm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, a sandbox escape vulnerabi...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-47210/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-12T16:02:04.368791Z"}, {"uuid": "1ddf8307-64ef-4663-964a-080a6e0ff0c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47211", "type": "seen", "source": "https://gist.github.com/alon710/27a1a02d7c391b1b2590b0cf7da6fc5e", "content": "# GHSA-JV2H-4P9V-WF5W: GHSA-JV2H-4P9V-WF5W: Arbitrary Remote Code Execution via Incomplete Environment Denylist in Ouroboros AI\n\n> **CVSS Score:** 8.8\n> **Published:** 2026-06-19\n> **Full Report:** https://cvereports.com/reports/GHSA-JV2H-4P9V-WF5W\n\n## Summary\nAn arbitrary Remote Code Execution (RCE) vulnerability exists in ouroboros-ai due to an incomplete fix for CVE-2026-47211. Ouroboros automatically loads environment configurations from local .env files located in the current working directory (CWD) of cloned repositories. Although a denylist (_UNTRUSTED_ENV_DENYLIST) was introduced in version 0.39.0 to filter out execution-routing environment variables, multiple critical configuration variables were omitted, enabling complete sandbox bypass and arbitrary system command execution.\n\n## TL;DR\nOuroboros AI is vulnerable to arbitrary remote code execution via untrusted environment variables and working directory configurations, allowing attackers to run arbitrary system commands by getting a user to execute Ouroboros inside a cloned repository.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **Vulnerability Type**: CWE-426: Untrusted Search Path / CWE-15: External Control of System Configuration\n- **Affected Component**: Environment Staging & MCP Bridge Configuration\n- **Attack Vector**: Network / File system parsing\n- **Exploit Status**: Proof of Concept (PoC) available\n- **Impact**: Remote Code Execution (RCE)\n- **CISA KEV Status**: Not Listed\n\n## Affected Systems\n\n- Ouroboros AI systems utilizing command-line runtimes and local directory loading.\n- **ouroboros-ai**: < 0.42.1 (Fixed in: `0.42.1`)\n\n## Mitigation\n\n- Update ouroboros-ai to version 0.42.1 or newer.\n- Avoid running Ouroboros commands inside untrusted workspace directories.\n- Implement environment-level locks to ignore local .env variables in sensitive workspaces.\n\n**Remediation Steps:**\n1. Check the installed version of ouroboros-ai using pip: `pip show ouroboros-ai`.\n2. Upgrade the dependency package: `pip install --upgrade ouroboros-ai>=0.42.1`.\n3. Remove manual .env files from current working directories before invoking command-line tooling.\n\n## References\n\n- [GitHub Security Advisory GHSA-jv2h-4p9v-wf5w](https://github.com/Q00/ouroboros/security/advisories/GHSA-jv2h-4p9v-wf5w)\n- [Ouroboros Source Repository](https://github.com/Q00/ouroboros)\n- [Fix Pull Request 1078](https://github.com/Q00/ouroboros/pull/1078)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-JV2H-4P9V-WF5W) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-19T16:11:36.000000Z"}]}