// #ssrf
3 articles
Eclipse BaSyx ICS Platform: CVE-2026-7411 CVSS 10.0 Path Traversal RCE Threatens Industrial Asset Administration
Two critical vulnerabilities in Eclipse BaSyx V2 — the open-source Industrial Internet of Things Asset Administration Shell implementation used in Industry 4.0 infrastructure — allow an unauthenticated attacker to achieve remote code execution and bypass network segmentation. CVE-2026-7411 (CVSS 10.0) enables arbitrary file write on the BaSyx server; CVE-2026-7412 (CVSS 8.6) enables blind SSRF that can bypass OT network isolation. Patches are available in BaSyx V2 milestone-10.
Critical Flaw in CrowdStrike Falcon LogScale and High-Severity Nessus Bug Patched — Security Tooling Vulnerabilities Demand Rapid Response
CrowdStrike has patched a critical SSRF vulnerability in Falcon LogScale, its SIEM and log management platform, while Tenable has addressed a privilege escalation flaw in Nessus. Security tooling vulnerabilities are among the most consequential: a compromised SIEM or vulnerability scanner has privileged visibility across the entire environment it monitors.
Microsoft Entra ID Entitlement Management SSRF (CVE-2026-35431, CVSS 10.0) — Cloud IAM Attack Surface Disclosed Before Silent Server-Side Fix
A perfect-score SSRF vulnerability in Microsoft Entra ID Entitlement Management allowed unauthenticated network-accessible exploitation of Microsoft's cloud identity governance platform. Microsoft patched it server-side with no customer action required, but the disclosure surfaces a structural question enterprise security teams need to answer: how do you monitor for exploitation of a vulnerability in infrastructure you don't control?