Carlos Vieira's banner
Carlos Vieira's profile picture

Carlos Vieira

@carlos_crowsec3,183 subscribers

Founder @quimerax_intel | Partner @Hakaioffsec

Shorts

Our team has just successfully reproduced the IngressNightmare vulnerability (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974) and created a custom exploit achieving RCE. It's a Pre-Auth RCE affecting Ingress NGINX that allows complete cluster takeover. We'll share our exploit soon. In the original post from the Wiz team, they didn't mention the path traversal technique used to load a malicious library via /proc. Hakai Offsec @quimerax_asm

Our team has just successfully reproduced the IngressNightmare vulnerability (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974) and created a custom exploit achieving RCE. It's a Pre-Auth RCE affecting Ingress NGINX that allows complete cluster takeover. We'll share our exploit soon. In the original post from the Wiz team, they didn't mention the path traversal technique used to load a malicious library via /proc. Hakai Offsec @quimerax_asm

81,336 görüntüleme

Videos

LIVE
1.2k

Anya Rossi

sweetdream.ai

SweetDream.aiSponsoredLivecam
Streaming Now

Watch Anya Live

Anya is streaming live right now! Join her private show and enjoy exclusive content.

HD live stream
Exclusive private shows
1.2k viewers online

Free preview available • Premium content

We just received a bounty reward from UniFi for reporting a vulnerability affecting UniFi OS devices. As part of the Hakai Labs (Hakai Offsec) research team at QuimeraX Intelligence, we independently identified a Path Traversal vulnerability (CVE-2026-34911) that allowed an attacker with network access to access internal routes on the underlying system without a valid token, exposing a sensitive information. Our research was conducted independently, but the vulnerability we reported could be chained with other vulnerabilities disclosed during the same period, including Improper Access Control and Command Injection flaws reported by other researchers. When combined, these issues lead to a pre-auth RCE affecting multiple UniFi OS products. Affected products include UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, EFG, UDW, UDR, UDR7, Express 7, UNVR, UNVR-Pro, UNVR-Instant, ENVR, UCG-Ultra, UCG-Max, UCG-Fiber, and several other UniFi OS devices. We strongly recommend updating affected systems to the latest available version. Technical details remain under coordinated disclosure, and the only public information currently available is UniFi’s Security Advisory Bulletin.
1:13
carlos_crowsec's profile picture

We just received a bounty reward from UniFi for reporting a vulnerability affecting UniFi OS devices. As part of the Hakai Labs (Hakai Offsec) research team at QuimeraX Intelligence, we independently identified a Path Traversal vulnerability (CVE-2026-34911) that allowed an attacker with network access to access internal routes on the underlying system without a valid token, exposing a sensitive information. Our research was conducted independently, but the vulnerability we reported could be chained with other vulnerabilities disclosed during the same period, including Improper Access Control and Command Injection flaws reported by other researchers. When combined, these issues lead to a pre-auth RCE affecting multiple UniFi OS products. Affected products include UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, EFG, UDW, UDR, UDR7, Express 7, UNVR, UNVR-Pro, UNVR-Instant, ENVR, UCG-Ultra, UCG-Max, UCG-Fiber, and several other UniFi OS devices. We strongly recommend updating affected systems to the latest available version. Technical details remain under coordinated disclosure, and the only public information currently available is UniFi’s Security Advisory Bulletin.

Carlos Vieira

36,659 görüntüleme • 21 gün önce

Daha fazla içerik yok.