CVE-2026-42167 has been reserved by MITRE to track an authentication bypass, privilege escalation, and code execution vulnerability in ProFTPD. The ProFTPD project has made the flaw public and is rolling out a release to address it. Full technical details and POCs will follow.
CVE-2026-42167 has been reserved by MITRE to track this issue. The ProFTPD project has made the flaw public and is rolling out a release to address it. We'll update this blog with full technical details and POCs as soon as it's responsible to do so!
2026-04-20
•12 min read
ZeroPath Research discovered two separate RCE vulnerabilities in Spinnaker (CVE-2026-32604 and CVE-2026-32613) that let low-privilege authenticated users execute code on Clouddriver and Echo, enabling credential theft and pivots into production cloud environments.
John Walker
2026-04-02
•10 min read
We tested Opus 4.6 against 435 known vulnerable C functions from real CVEs. With good prompting and tools, it found up to 28.5% of vulnerabilities — impressive compared to human review, but with high false positive rates and inconsistency that underline the need for more sophisticated systems.
John Walker
2026-03-18
•15 min read
One of ZeroPath's 36 sudo security fixes was rediscovered in Qualys' CrackArmor vulnerability. We share the full list of fixes, including POC for a previously-unpublished RCE targeting sudo's optional log server.
John Walker
