Threats Tagged 'cve-2026-44723'
View all threats tagged with 'cve-2026-44723'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-44723'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-44723: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in VowpalWabbit vowpal_wabbitCVE-2026-44723 0 Vowpal Wabbit is a machine learning system. The workflow .github/workflows/python_checks.yml embeds ${{ github.event.pull_request.title }} directly inside double-quoted bash strings in four separate steps across four jobs, each passing it as a CLI argument to the Python test script run_tests_model_gen_and_load.py. The shell interprets the expanded string before invoking Python, allowing an attacker to break out of the quotes and execute arbitrary commands on the runner. The pull_request trigger fires on PRs targeting any branch (branches: ['*']), with no additional access gate. This vulnerability is fixed by the 998e390e80a7e8192d7849b7784bc113dbd190ad commit. Join the discussion | CVE Database V5 | 05/26/2026, 15:49:17 UTC Added: 05/26/2026, 17:02:38 UTC |
Showing 1 to 1 of 1 result