v vanemmerik.ai / SUPPLY-CHAIN
vanemmerik.ai / supply-chain / 2026-06-02
Supply Chain · Watch Tuesday · 02 June 2026 End-of-day synthesis 4 watches · 10 items

From the watchtower — what crossed the wire today.

A four-times-a-day standing watch on the open-source supply chain. Each pass pulls newly disclosed CVEs, freshly catalogued KEV adds, and active attacks reported in the wild — then ranks them by severity for the day.

The story of the day — Two Vitest CVEs, six praisonai IDORs, and a conda write-anywhere push developer tooling into the day's attack surface while CISA stacks three KEV adds on top.

The day's vulnerabilities live one hop from a developer's keyboard. Vitest's UI server (CVE-2026-47429, CVSS 9.8) reads files and executes code on Windows when the API host binds externally; @vitest/browser (CVE-2026-47428) reflects an OpenTelemetry carrier query parameter into an inline script. praisonai-platform shipped six concurrent broken-access-control advisories — any member can promote themselves to owner, delete the workspace, or read other tenants' projects by guessing object IDs. rattler's noarch:python entry-point handler writes outside the package prefix on malicious conda packages, and Siemens kas treats SHA-named branches as valid commits.

On top of all that, CISA stacked three operational clocks. Yesterday's CVE-2024-21182 Oracle WebLogic T3/IIOP unauthenticated RCE is still the two-day fire drill (due 2026-06-04); today's adds — CVE-2022-0492 (Linux Kernel cgroups v1 release_agent container escape) and CVE-2025-48595 (Android Framework integer overflow code execution) — both carry a Friday 2026-06-05 deadline. Yesterday's Miasma worm in @redhat-cloud-services keeps spreading; cross-check any lock file pinning that namespace against the disclosed bad-version list before tomorrow morning. Bright spot: every Vitest, praisonai, rattler, and kas bug already has a fixed version — none of today's developer-tool CVEs need defensive workarounds, just upgrades.

→ Operational priority for the night patch Oracle WebLogic to the July 2024 CPU (or block T3/IIOP at the perimeter) before tomorrow's CISA deadline, and upgrade Vitest to 4.1.0+ on any CI that runs `vitest --ui` against a network-reachable port.

18:00 ET · First Watch
Critical · CISA KEV · CVE-2022-0492 · Linux Kernel · added 2026-06-02 ·added 18:00 ET

Linux Kernel cgroups v1 release_agent improper-authentication container escape added to CISA KEV — patch due 2026-06-05

CISA added the four-year-old cgroups v1 release_agent privilege-escalation bug to KEV today with a 2026-06-05 deadline. The vulnerable shape is a container that holds CAP_SYS_ADMIN and can write to a cgroup v1 release_agent file in an unprivileged user namespace — the kernel runs the configured agent as root on the host when the cgroup empties. This is the canonical container-escape primitive that has been in offensive tradecraft since 2022; the KEV add likely reflects a fresh campaign chaining it after an initial RCE. If you still run cgroup v1 hosts (older RHEL, custom kernels), audit for containers running with CAP_SYS_ADMIN and migrate to cgroup v2 where the release_agent surface no longer exists.

Critical · CISA KEV · CVE-2025-48595 · Android Framework · added 2026-06-02 ·added 18:00 ET

Android Framework integer overflow code-execution / LPE added to CISA KEV — patch due 2026-06-05

An Android Framework integer overflow that enables code execution and local privilege escalation has been catalogued by CISA today, due 2026-06-05. The pattern is a length field truncating during a framework IPC, letting a malicious app step outside its expected memory region and execute code at a higher privilege level. The KEV add means CISA has evidence of exploitation in the wild — the realistic delivery vector is a sideloaded or commercially-compromised app on managed-device fleets. Push the corresponding monthly Android Security Bulletin patch to managed devices via MDM and check for any sideload allowlist exceptions before the Friday deadline.

Context · The Hacker News · 2026-06-02 ·added 18:00 ET

Gamaredon (Russia) continues weaponising WinRAR CVE-2025-8088 to drop GammaWorm and GammaSteel against Ukrainian targets

Per Sekoia, Gamaredon is still actively exploiting the WinRAR path-traversal CVE-2025-8088 to drop a GammaPhish HTA stager, which in turn fetches GammaWorm (USB-propagating worm) and GammaSteel (credential and document exfil). Not a supply-chain attack on the registries themselves, but it rhymes: a long-tail unpatched archive utility on developer endpoints is still the dropper of choice for at least one nation-state crew. If your dev fleet hasn't pushed the WinRAR fix for CVE-2025-8088 yet, treat it as the same hygiene problem as today's Vitest upgrades — old desktop utilities that nobody owns.

12:00 ET · Forenoon Watch
Critical · The Hacker News + BleepingComputer · 2026-06-01 ·added 12:00 ET

Miasma campaign backdoors 30+ @redhat-cloud-services npm packages with credential-stealing worm

A new campaign dubbed Miasma has compromised more than 30 packages under the @redhat-cloud-services npm namespace, injecting a variant of the Shai-Hulud credential-stealing malware that also self-propagates as a worm — harvesting tokens, SSH keys, and CI/CD secrets from developer machines and infected CI environments. Tactics are install-time execution, encrypted exfiltration, and lateral movement through discovered CI runner credentials; The Hacker News notes this shares core TTP fingerprints with earlier Shai-Hulud Mini campaigns. If you depend on any @redhat-cloud-services package, audit your lock files against the known compromised version list (BleepingComputer has a running list), rotate any credentials that touched an affected environment, and inspect CI runner home directories for the worm's persistence artifacts.

Critical · CISA KEV · CVE-2024-21182 · Oracle WebLogic Server · added 2026-06-01 ·added 12:00 ET

Oracle WebLogic Server unspecified unauthenticated RCE via T3/IIOP added to CISA KEV — patch due 2026-06-04

CISA catalogued CVE-2024-21182 on June 1 with a BOD 22-01 remediation deadline of June 4 — two days from now. The vulnerability allows an unauthenticated attacker with network access via T3 or IIOP to fully compromise Oracle WebLogic Server and read all accessible data; no authentication required, no user interaction. T3/IIOP exposure is the standard WebLogic attack surface; if your WebLogic instances aren't firewalled off from untrusted networks, treat this as a fire drill and patch today. Apply Oracle's July 2024 CPU or block T3/IIOP at the perimeter immediately.

Critical · GHSA · GHSA-5xrq-8626-4rwp · vitest < 4.1.0 · CVE-2026-47429 · CVSS 9.8 ·added 12:00 ET

Vitest UI server (< 4.1.0) allows arbitrary file read and remote code execution when server is network-exposed (CVE-2026-47429)

When Vitest is run with `--ui` and the API server is exposed to the network (via `--api.host` or a misconfigured trusted-origins allowlist), an attacker can read arbitrary files from the host and execute code on Windows targets. CVSS 9.8 — no auth, network-reachable, full file read plus RCE on Windows. The realistic exposure is CI pipelines that run `vitest --ui` in a container that accidentally binds to 0.0.0.0, or dev machines that expose the Vite dev server through ngrok or a misconfigured tunnel. Upgrade to vitest 4.1.0; audit your CI configs for `--api.host` flags or any setup that routes external traffic to the Vitest port.

High · GHSA · GHSA-2h32-95rg-cppp · @vitest/browser · CVE-2026-47428 · CVSS 9.6 ·added 12:00 ET

Vitest browser mode (< 4.1.6, < 5.0.0-beta.3) reflects otelCarrier query parameter as unsanitized inline script — script injection (CVE-2026-47428)

Vitest browser mode served the `otelCarrier` query parameter directly into an inline `<script>` module on `/__vitest_test__/` without encoding it; an attacker who can control that URL — by phishing a developer whose browser test runner is live, or via a CSRF-style redirect — gets arbitrary JavaScript execution in the Vitest browser context. The practical blast radius is credential and token theft from a developer's test session. Upgrade @vitest/browser to 4.1.6 or 5.0.0-beta.3; this is the lower-urgency Vitest fix for today, but both should be applied in the same upgrade.

High · GHSA · praisonai-platform < 0.1.4 · 6 advisories · published 2026-06-01 ·added 12:00 ET

praisonai-platform < 0.1.4: six broken-access-control issues — any member can escalate to owner, delete workspace, and read/write cross-tenant objects (CVE-2026-47411 through CVE-2026-47418)

Six GHSA advisories dropped simultaneously for praisonai-platform, covering a coherent failure mode: the platform's API enforces workspace membership but not workspace ownership on every destructive or privileged endpoint. Any member can add an arbitrary user (including themselves on a second account) as owner (GHSA-8g2p-pqm3-fcfh, CVSS 9.6), delete the entire workspace (GHSA-g8rr-7rj2-f627), and read or write issues, comments, and projects that belong to other workspaces by guessing object IDs (GHSA-xwq8-frcg-77q8, GHSA-cp4f-5m9r-5jc2, GHSA-943m-6wx2-rc2j). The workspace-rename/settings bypass is the sixth (GHSA-rcmc-q9rj-4wmq, CVSS 6.5). praisonai-platform is a multi-agent AI orchestration backend; the authorization model appears to have been bolted on after the data model was built, which is the common root cause for IDOR clusters like this. Upgrade to 0.1.4; if you run a self-hosted instance, restrict access to trusted networks until you can patch.

Medium · GHSA · GHSA-q53q-5r4j-5729 · rattler < 0.43.2 · CVE-2026-47425 ·added 12:00 ET

rattler < 0.43.2: entry-point path traversal in noarch:python install allows arbitrary file write outside prefix (CVE-2026-47425)

rattler (the Rust-based conda package manager used by pixi and rattler-build) fails to sanitize the `command` field in `info/link.json` entry-point definitions before constructing the on-disk path, allowing a malicious `noarch:python` conda package to write a file to any location writable by the installing user. This is the standard conda malicious-package arbitrary-write pattern — same shape as older pip `entry_points.txt` attacks, just a different toolchain. If you install conda packages from untrusted channels, this is a supply chain vector. Upgrade rattler to 0.43.2; if you use pixi, check for a pixi release that bundles the fixed rattler.

06:00 ET · Morning Watch
Context · GHSA · GHSA-qjwp-hrq6-r26r · kas (Siemens Yocto build tool) < 5.3 · CVE-2026-47191 ·added 06:00 ET

kas < 5.3 treats SHA-like git branches as valid commits — supply chain integrity check defeated by upstream takeover (CVE-2026-47191)

Siemens kas, a widely-used Yocto/OpenEmbedded build orchestrator for embedded Linux, used the git commit SHA in its configuration as the integrity anchor for upstream repositories; an attacker who takes over an upstream repo can create a branch whose name is the expected SHA, and kas will check that branch out as if it were the pinned commit. SHA-1 commits can additionally be defeated via hash collision; SHA-256 commits are vulnerable only to the branch-name trick. This is the classic embedded build-chain integrity gap — the repo-pinning convention assumes the upstream is honest, and that assumption fails the moment an upstream account is compromised. Upgrade to kas 5.3; for defence-in-depth, switch your kas configurations to validate cryptographically signed tags or mirror upstream repos to a controlled location before building.