JFrog Security Research
< Back
Software Vulnerabilities
Last Updated On 9 Feb, 2026
- JFSA-2026-001653030mcp-run-python lack of isolation MCP takeoverCVE-2026-25905mediumDiscovered ByNatan NehoraiPublished on 9 Feb, 2026
- JFSA-2026-001653029mcp-run-python Deno SSRFCVE-2026-25904mediumDiscovered ByNatan NehoraiPublished on 9 Feb, 2026
- JFSA-2026-001651697n8n Expression Node RCECVE-2026-1470criticalDiscovered ByNatan NehoraiPublished on 27 Jan, 2026
- JFSA-2026-001651077n8n Python runner sandbox escapeCVE-2026-0863highDiscovered ByNatan NehoraiPublished on 18 Jan, 2026
- Node.js filesystem permissions bypassCVE-2025-55130highDiscovered ByNatan NehoraiPublished on 13 Jan, 2026
- JFSA-2025-001648329python-utcp untrusted Manual command executionCVE-2025-14542highDiscovered ByOr PelesPublished on 11 Dec, 2025
- JFSA-2025-001648159Litmus Chaos JWT Missing Entropy Privilege EscalationCVE-2025-14261highDiscovered ByNatan NehoraiPublished on 8 Dec, 2025
- n8n Git Node RCECVE-2025-62726highDiscovered ByAssaf LevkovichPublished on 4 Nov, 2025
- JFSA-2025-001495652DSPy sandbox escape arbitrary file readCVE-2025-12695mediumDiscovered ByNatan NehoraiPublished on 4 Nov, 2025
- Cursor CLI Untrusted Project RCECVE-2025-61592highDiscovered ByAssaf LevkovichPublished on 4 Nov, 2025