Vendor ID Description CVE Type Date Palo Alto Networks HTAI-017 PAN-OS GlobalProtect deployments using the Cloud Authentication Service (CAS) accept inbound JWTs signed with HS256 using the public CAS token-signing certificate as the HMAC key — classic algorithm confusion. An attacker who can retrieve the public token-signer certificate (reachable via the CAS metadata endpoint using any valid device mTLS cert) can forge tokens for arbitrary users, achieving full VPN authentication bypass with only the target's username.↗ CVE-2026-0265 Auth Bypass May 14, 2026 Sonatype HTAI-016 Pending disclosure↗ Reserved RCE TBD WSO2 HTAI-015 Pending disclosure↗ CVE-2026-5430 Auth Bypass TBD Next.js HTAI-014 App Router applications using CSP nonces deployed behind shared caches are vulnerable to stored XSS. Malformed nonce values derived from request headers can be reflected into rendered HTML, allowing an attacker to poison cached responses and execute script for later visitors.↗ CVE-2026-44581 XSS May 8, 2026 Next.js HTAI-013 Self-hosted Next.js apps using the built-in Node.js server are vulnerable to SSRF via crafted WebSocket upgrade requests. An unauthenticated attacker can cause the server to issue an internal HTTP request to any reachable host/port — including cloud metadata endpoints (AWS IMDSv1, GCP, Azure, OCI) — and read the response. Vercel-hosted deployments are unaffected.↗ CVE-2026-44578 SSRF May 8, 2026 Retool HTAI-012 Pending disclosure↗ Reserved RCE TBD Ghostscript HTAI-011 Pending disclosure↗ Reserved RCE TBD Grafana HTAI-010 Pending disclosure↗ Reserved File Read/Write TBD Next.js HTAI-009 Specially crafted query parameters can alter the dynamic route value seen by the page while leaving the visible path unchanged, allowing protected content to be rendered without passing the expected middleware check. Applications relying on middleware to authorize dynamic routes can be bypassed.↗ CVE-2026-44574 Auth Bypass May 8, 2026 OAuth2 Proxy HTAI-008 When oauth2-proxy is used in auth_request integrations with --ping-user-agent or --gcp-healthchecks enabled, any request bearing the configured health check User-Agent bypasses authentication regardless of the requested path.↗ CVE-2026-34457 Auth Bypass Apr 14, 2026 OAuth2 Proxy HTAI-007 When oauth2-proxy is configured with --reverse-proxy and skip_auth_routes, it may trust a client-supplied X-Forwarded-Uri header, allowing an unauthenticated attacker to spoof the header and bypass authentication on protected routes.↗ CVE-2026-40575 Auth Bypass Apr 14, 2026 OAuth2 Proxy HTAI-006 A configuration-dependent authentication bypass in oauth2-proxy where an attacker can use a # fragment in the request path to widen skip_auth_routes or skip_auth_regex patterns, causing oauth2-proxy to match a public allowlist rule while the backend routes to a protected resource.↗ CVE-2026-41059 Auth Bypass Apr 14, 2026 JetBrains HTAI-005 A sandbox bypass vulnerability in YouTrack allows an attacker with administrator-level permissions to execute arbitrary code. On YouTrack Cloud, this could bypass cross-tenant isolation boundaries for tenants sharing the same hardware.↗ CVE-2026-33392 RCE Apr 9, 2026 JetBrains HTAI-004 Pending disclosure↗ Reserved RCE Mar 14, 2026 OpenAM HTAI-003 Pre-Authentication Remote Code Execution via jato.clientSession Deserialization in OpenAM.↗ CVE-2026-33439 RCE Mar 20, 2026 Metabase HTAI-002 Authenticated users on Metabase Enterprise Edition can achieve Remote Code Execution (RCE) and Arbitrary File Read through the EE Serialization Import endpoint.↗ CVE-2026-33725 RCE Mar 20, 2026 BeyondTrust HTAI-001 Pre-Authentication Remote Code Execution via deserialization vulnerability in BeyondTrust Remote Support and Privileged Remote Access (PRA) products.↗ CVE-2026-1731 RCE Feb 6, 2026
j k navigateenter open/ searchesc close
Palo Alto Networks Auth Bypass
PAN-OS GlobalProtect deployments using the Cloud Authentication Service (CAS) accept inbound JWTs signed with HS256 using the public CAS token-signing certificate as the HMAC key — classic algorithm confusion. An attacker who can retrieve the public token-signer certificate (reachable via the CAS metadata endpoint using any valid device mTLS cert) can forge tokens for arbitrary users, achieving full VPN authentication bypass with only the target's username.
HTAI-017 CVE-2026-0265 May 14, 2026
Sonatype RCE
Pending disclosure
HTAI-016 Reserved TBD
WSO2 Auth Bypass
Pending disclosure
HTAI-015 CVE-2026-5430 TBD
Next.js XSS
App Router applications using CSP nonces deployed behind shared caches are vulnerable to stored XSS. Malformed nonce values derived from request headers can be reflected into rendered HTML, allowing an attacker to poison cached responses and execute script for later visitors.
HTAI-014 CVE-2026-44581 May 8, 2026
Next.js SSRF
Self-hosted Next.js apps using the built-in Node.js server are vulnerable to SSRF via crafted WebSocket upgrade requests. An unauthenticated attacker can cause the server to issue an internal HTTP request to any reachable host/port — including cloud metadata endpoints (AWS IMDSv1, GCP, Azure, OCI) — and read the response. Vercel-hosted deployments are unaffected.
HTAI-013 CVE-2026-44578 May 8, 2026
Retool RCE
Pending disclosure
HTAI-012 Reserved TBD
Ghostscript RCE
Pending disclosure
HTAI-011 Reserved TBD
Grafana File Read/Write
Pending disclosure
HTAI-010 Reserved TBD
Next.js Auth Bypass
Specially crafted query parameters can alter the dynamic route value seen by the page while leaving the visible path unchanged, allowing protected content to be rendered without passing the expected middleware check. Applications relying on middleware to authorize dynamic routes can be bypassed.
HTAI-009 CVE-2026-44574 May 8, 2026
OAuth2 Proxy Auth Bypass
When oauth2-proxy is used in auth_request integrations with --ping-user-agent or --gcp-healthchecks enabled, any request bearing the configured health check User-Agent bypasses authentication regardless of the requested path.
HTAI-008 CVE-2026-34457 Apr 14, 2026
OAuth2 Proxy Auth Bypass
When oauth2-proxy is configured with --reverse-proxy and skip_auth_routes, it may trust a client-supplied X-Forwarded-Uri header, allowing an unauthenticated attacker to spoof the header and bypass authentication on protected routes.
HTAI-007 CVE-2026-40575 Apr 14, 2026
OAuth2 Proxy Auth Bypass
A configuration-dependent authentication bypass in oauth2-proxy where an attacker can use a # fragment in the request path to widen skip_auth_routes or skip_auth_regex patterns, causing oauth2-proxy to match a public allowlist rule while the backend routes to a protected resource.
HTAI-006 CVE-2026-41059 Apr 14, 2026
JetBrains RCE
A sandbox bypass vulnerability in YouTrack allows an attacker with administrator-level permissions to execute arbitrary code. On YouTrack Cloud, this could bypass cross-tenant isolation boundaries for tenants sharing the same hardware.
HTAI-005 CVE-2026-33392 Apr 9, 2026
JetBrains RCE
Pending disclosure
HTAI-004 Reserved Mar 14, 2026
OpenAM RCE
Pre-Authentication Remote Code Execution via jato.clientSession Deserialization in OpenAM.
HTAI-003 CVE-2026-33439 Mar 20, 2026
Metabase RCE
Authenticated users on Metabase Enterprise Edition can achieve Remote Code Execution (RCE) and Arbitrary File Read through the EE Serialization Import endpoint.
HTAI-002 CVE-2026-33725 Mar 20, 2026
BeyondTrust RCE
Pre-Authentication Remote Code Execution via deserialization vulnerability in BeyondTrust Remote Support and Privileged Remote Access (PRA) products.
HTAI-001 CVE-2026-1731 Feb 6, 2026
