π¨ 14 npm/PyPI/AI Supply-Chain Threats Today (2026-05-26): Critical Worms, Parse Server DoS, and AI RCEs
A daily security digest reports 14 newly identified critical and high-severity supply-chain threats affecting npm, PyPI, and AI ecosystems as of 2026-05-26. Critical issues include credential harvesting and self-propagation malware in u/cap-js packages, a worm payload in u/beproduct/nestjs-auth, and a supply chain compromise in guardrails-ai. High-severity vulnerabilities include denial-of-service (DoS) attacks in Parse Server and other npm packages, remote code execution (RCE) in AI toolchains Diffusers and lmdeploy, SSRF vulnerabilities in Crawlee and SillyTavern, and injection or hijacking attacks in samlify and js-cookie. Immediate remediation actions are recommended for critical packages, including upgrading or uninstalling affected versions. Several vulnerabilities enable denial-of-service or remote code execution, posing significant risk if exploited.
AI Analysis
Technical Summary
This report summarizes 14 supply-chain security threats detected across npm, PyPI, and AI ecosystems. Critical threats include credential harvesting malware in u/cap-js packages (CVE-2026-46421), a worm payload in u/beproduct/nestjs-auth (CVE-2026-46412), and a supply chain compromise in guardrails-ai (CVE-2026-45758). High-severity issues include denial-of-service vulnerabilities in Parse Server (CVE-2026-47138) and qs (CVE-2026-8723), memory and disk exhaustion in libp2p packages, remote code execution vulnerabilities in Diffusers (CVE-2026-45804) and lmdeploy (CVE-2026-46517), SSRF vulnerabilities in Crawlee and SillyTavern, and injection or prototype hijacking attacks in samlify and js-cookie. The critical u/cap-js packages require immediate upgrade to patched versions. The guardrails-ai malicious version has been quarantined. The report is based on a Reddit cybersecurity daily digest linking to external sources.
Potential Impact
The critical vulnerabilities enable credential harvesting and self-propagation malware, potentially compromising local credentials and spreading malicious code through npm packages. The worm payload in nestjs-auth can propagate within affected environments. The guardrails-ai compromise involves a malicious PyPI package version that has been quarantined. High-severity vulnerabilities can cause denial-of-service conditions, remote code execution, server-side request forgery (SSRF), privilege escalation, and prototype hijacking, impacting availability, confidentiality, and integrity of affected systems. Exploitation could disrupt services, allow unauthorized code execution, or escalate privileges. No known exploits in the wild are reported yet.
Mitigation Recommendations
For critical threats, immediately upgrade u/cap-js packages to sqlite >= 2.4.0, postgres >= 2.3.0, and db-service >= 2.10.2. Remove and reinstall u/beproduct/nestjs-auth dependencies if installed between versions 0.1.2 and 0.1.19, and audit for compromise. Uninstall guardrails-ai version 0.10.1 and reinstall a known good version. For high-severity DoS and RCE vulnerabilities, apply vendor patches or updates as they become available. For SSRF and injection issues, update configurations and dependencies per vendor guidance. Since no vendor advisories or patch links are provided here, check official sources for current remediation status. Assume local credentials may be compromised if affected packages were installed. No vendor advisory content is included, so patch status beyond critical package upgrades is not confirmed.
π¨ 14 npm/PyPI/AI Supply-Chain Threats Today (2026-05-26): Critical Worms, Parse Server DoS, and AI RCEs
Description
A daily security digest reports 14 newly identified critical and high-severity supply-chain threats affecting npm, PyPI, and AI ecosystems as of 2026-05-26. Critical issues include credential harvesting and self-propagation malware in u/cap-js packages, a worm payload in u/beproduct/nestjs-auth, and a supply chain compromise in guardrails-ai. High-severity vulnerabilities include denial-of-service (DoS) attacks in Parse Server and other npm packages, remote code execution (RCE) in AI toolchains Diffusers and lmdeploy, SSRF vulnerabilities in Crawlee and SillyTavern, and injection or hijacking attacks in samlify and js-cookie. Immediate remediation actions are recommended for critical packages, including upgrading or uninstalling affected versions. Several vulnerabilities enable denial-of-service or remote code execution, posing significant risk if exploited.
Reddit Discussion
This is the daily security digest covering confirmed npm, PyPI, and supply-chain security threats detected in the past 24 hours. A total of 14 threats have been identified across various ecosystems, including active credential harvesting campaigns.
π Threat Summary
| Package(s) | Ecosystem | Severity | CVE | Vulnerability |
|---|---|---|---|---|
u/cap-js/sqlite, postgres, db-service | npm | CRITICAL | CVE-2026-46421 | Credential harvesting / Self-propagation |
u/beproduct/nestjs-auth | npm | CRITICAL | CVE-2026-46412 | Mini Shai-Hulud worm payload |
guardrails-ai | PyPI | CRITICAL | CVE-2026-45758 | Supply chain compromise |
Parse Server | npm | HIGH | CVE-2026-47138 | DoS via header regex backtracking |
qs | npm | HIGH | CVE-2026-8723 | Remotely triggerable DoS |
u/libp2p/gossipsub | npm | HIGH | CVE-2026-46679 | Memory DoS (Subscription flood) |
u/libp2p/kad-dht | npm | HIGH | CVE-2026-45783 | Disk exhaustion (Unvalidated PUT) |
SQLFluff | PyPI | HIGH | CVE-2026-46374 | DoS via Resource Exhaustion |
Diffusers | ai-ml | HIGH | CVE-2026-45804 | TOCTOU Remote Code Execution |
lmdeploy | ai-ml | HIGH | CVE-2026-46517 | Unsafe remote-code load path |
Crawlee for Python | PyPI | HIGH | CVE-2026-46497 | SSRF via sitemap-derived URLs |
SillyTavern | ai-ml | HIGH | CVE-2026-46372 | SSRF in SearXNG Search Proxy |
samlify | npm | HIGH | CVE-2026-46490 | XML Injection / Privilege Escalation |
js-cookie | npm | HIGH | CVE-2026-46625 | Prototype hijack / Cookie injection |
π¨ CRITICAL Alerts (Immediate Action Required)
1. u/cap-js ecosystem compromise (CVE-2026-46421)
- Threat: Compromised versions of u/cap-js
/sqlite, u/cap-js/postgres, and u/cap-js/db-servicewere published to harvest credentials and self-propagate. - Action: Upgrade immediately (
sqlite>= 2.4.0,postgres>= 2.3.0,db-service>= 2.10.2). Assume all local credentials are compromised if you installed the malicious versions.
2. u/beproduct/nestjs-auth worm (CVE-2026-46412)
- Threat: Malicious versions containing payloads from the Mini Shai-Hulud npm supply-chain worm campaign were published.
- Action: Remove and reinstall dependencies. Audit for signs of compromise if installed during the affected window (v0.1.2 - 0.1.19).
3. guardrails-ai compromise (CVE-2026-45758)
- Threat: A malicious version of
guardrails-ai(0.10.1) was published to PyPI. It has been quarantined. - Action: Uninstall
guardrails-ai==0.10.1and reinstall a known good version.
β οΈ HIGH Severity Highlights
- Denial of Service (DoS) Wave: Several major packages are vulnerable to crashing today. Parse Server (CVE-2026-47138) can be taken down pre-auth via a regex backtracking attack in the client version header. qs (CVE-2026-8723) will crash on specific
null/undefinedarrays. u/libp2p packages are vulnerable to both memory and disk exhaustion attacks. - AI Toolchain Remote Code Execution: Both Diffusers (CVE-2026-45804) and lmdeploy (CVE-2026-46517) have vulnerabilities bypassing
trust_remote_codeguardrails, allowing arbitrary remote code execution on model fetch. - SSRF & Injection: Crawlee for Python and SillyTavern both suffer from SSRF vulnerabilities requiring configuration updates. samlify is vulnerable to XML injection leading to privilege escalation, and js-cookie is vulnerable to a prototype hijacking attack.
Automated daily digest, created via https://github.com/Deam0on/wakellm - feedback welcome. Stay safe out there!
Links cited in this discussion
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This report summarizes 14 supply-chain security threats detected across npm, PyPI, and AI ecosystems. Critical threats include credential harvesting malware in u/cap-js packages (CVE-2026-46421), a worm payload in u/beproduct/nestjs-auth (CVE-2026-46412), and a supply chain compromise in guardrails-ai (CVE-2026-45758). High-severity issues include denial-of-service vulnerabilities in Parse Server (CVE-2026-47138) and qs (CVE-2026-8723), memory and disk exhaustion in libp2p packages, remote code execution vulnerabilities in Diffusers (CVE-2026-45804) and lmdeploy (CVE-2026-46517), SSRF vulnerabilities in Crawlee and SillyTavern, and injection or prototype hijacking attacks in samlify and js-cookie. The critical u/cap-js packages require immediate upgrade to patched versions. The guardrails-ai malicious version has been quarantined. The report is based on a Reddit cybersecurity daily digest linking to external sources.
Potential Impact
The critical vulnerabilities enable credential harvesting and self-propagation malware, potentially compromising local credentials and spreading malicious code through npm packages. The worm payload in nestjs-auth can propagate within affected environments. The guardrails-ai compromise involves a malicious PyPI package version that has been quarantined. High-severity vulnerabilities can cause denial-of-service conditions, remote code execution, server-side request forgery (SSRF), privilege escalation, and prototype hijacking, impacting availability, confidentiality, and integrity of affected systems. Exploitation could disrupt services, allow unauthorized code execution, or escalate privileges. No known exploits in the wild are reported yet.
Mitigation Recommendations
For critical threats, immediately upgrade u/cap-js packages to sqlite >= 2.4.0, postgres >= 2.3.0, and db-service >= 2.10.2. Remove and reinstall u/beproduct/nestjs-auth dependencies if installed between versions 0.1.2 and 0.1.19, and audit for compromise. Uninstall guardrails-ai version 0.10.1 and reinstall a known good version. For high-severity DoS and RCE vulnerabilities, apply vendor patches or updates as they become available. For SSRF and injection issues, update configurations and dependencies per vendor guidance. Since no vendor advisories or patch links are provided here, check official sources for current remediation status. Assume local credentials may be compromised if affected packages were installed. No vendor advisory content is included, so patch status beyond critical package upgrades is not confirmed.
Technical Details
- Source Type
- Subreddit
- cybersecurity
- Reddit Score
- 0
- Discussion Level
- minimal
- Content Source
- reddit_link_post
- Post Type
- link
- Domain
- null
- Newsworthiness Assessment
- {"score":40,"reasons":["external_link","newsworthy_keywords:rce","urgent_news_indicators","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":["rce"],"foundNonNewsworthy":[]}
- Has External Source
- true
- Trusted Domain
- false
Threat ID: 6a156f9e891d628fdcf0cebf
Added to database: 5/26/2026, 10:02:06 AM
Last enriched: 5/26/2026, 10:02:19 AM
Last updated: 5/26/2026, 2:30:27 PM
Views: 16
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console β Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.