▲ 11 r/cybersecurity
14 npm/PyPI/AI Supply-Chain Threats Today (2026-05-22): Critical Worms, Credential Harvesting, and RCEs
Threat Summary
| Package(s) | Ecosystem | Severity | CVE | Vulnerability |
|---|---|---|---|---|
u/cap-js/sqlite, postgres, db-service |
npm | CRITICAL | CVE-2026-46421 | Credential harvesting / Self-propagation |
u/beproduct/nestjs-auth |
npm | CRITICAL | CVE-2026-46412 | Mini Shai-Hulud worm payload |
guardrails-ai |
PyPI | CRITICAL | CVE-2026-45758 | Supply chain compromise |
PenPot MCP REPL |
npm | HIGH | CVE-2026-45805 | Unauthenticated RCE |
Diffusers |
ai-ml | HIGH | CVE-2026-45804 | TOCTOU Remote Code Execution |
lmdeploy |
ai-ml | HIGH | CVE-2026-46517 | Unsafe remote-code load path |
u/libp2p/gossipsub |
npm | HIGH | CVE-2026-46679 | Memory DoS (Subscription flood) |
u/libp2p/kad-dht |
npm | HIGH | CVE-2026-45783 | Disk exhaustion (Unvalidated PUT) |
Crawlee for Python |
PyPI | HIGH | CVE-2026-46497 | SSRF via sitemap-derived URLs |
SillyTavern |
ai-ml | HIGH | CVE-2026-46372 | SSRF in SearXNG Search Proxy |
samlify |
npm | HIGH | CVE-2026-46490 | XML Injection / Privilege Escalation |
js-cookie |
npm | HIGH | CVE-2026-46625 | Prototype hijack / Cookie injection |
SQLFluff |
PyPI | HIGH | CVE-2026-46374 | DoS via Resource Exhaustion |
pymdownx.snippets |
PyPI | HIGH | CVE-2026-46338 | Path traversal bypass |
CRITICAL Alerts (Immediate Action Required)
1. u/cap-js ecosystem compromise (CVE-2026-46421)
- Threat: Compromised versions of u/cap-js
/sqlite, u/cap-js/postgres, and u/cap-js/db-servicewere published to harvest credentials and self-propagate. - Action: Upgrade immediately (
sqlite>= 2.4.0,postgres>= 2.3.0,db-service>= 2.11.0). Assume all local credentials are compromised if you installed the malicious versions.
2. u/beproduct**/nestjs-auth worm (CVE-2026-46412)**
- Threat: Malicious versions containing payloads from the Mini Shai-Hulud npm supply-chain worm campaign were published.
- Action: Remove and reinstall dependencies. Audit for signs of compromise if installed during the affected window (v0.1.2 - 0.1.19).
3. guardrails-ai compromise (CVE-2026-45758)
- Threat: A malicious version of
guardrails-ai(0.10.1) was published to PyPI. It has been quarantined. - Action: Uninstall
guardrails-ai==0.10.1and reinstall a known good version.
HIGH Severity Highlights
- Remote Code Execution (RCE): Both Diffusers (CVE-2026-45804) and lmdeploy (CVE-2026-46517) in the AI/ML ecosystem have vulnerabilities allowing for unsafe remote code execution via
trust_remote_codebypasses. PenPot MCP (CVE-2026-45805) exposes an unauthenticated/executeendpoint. - Denial of Service (DoS): Heavy hitters include u/libp2p**/gossipsub** (Heap exhaustion), u/libp2p**/kad-dht** (Disk exhaustion), and SQLFluff (Parser resource consumption). Update to patched versions to prevent node crashing.
- SSRF & Injection: Crawlee for Python and SillyTavern both suffer from SSRF vulnerabilities requiring configuration updates. samlify is vulnerable to XML injection leading to privilege escalation in signed SAML assertions.
Automated daily digest, created via https://github.com/Deam0on/wakellm - feedback welcome. Stay safe out there!
u/Deam00n — 21 hours ago