Security Advisory - Published 2026-06-12 - Developer Tooling

Developer tooling CVE batch: workflows, clusters, data transfers, and editors

These issues do not all affect public websites. They affect the systems that build, deploy, analyze, or process code and data. The risk is often indirect: a pull request workflow, an imported image, an uploaded spreadsheet, a Grafana dashboard resource, an Airflow transfer, a cluster user, or a developer opening a file.

Defensive scope: this checklist is for owned repositories, clusters, workstations, and approved client environments. It does not include malicious workflow files, images, archives, or editor test files.

Group by operational owner

OwnerCVEsWhat to check
CI/CDCVE-2026-47172, 47174, 48546Privileged GitHub Actions jobs, PR build promotion, package write tokens, runner secrets.
Container / sandboxCVE-2026-46703Boxlite version, OCI image sources, sandbox host file changes.
Kubernetes / MCP / OperatorCVE-2026-53474, 46519, 32193, 11769Spreadsheet imports, service account tokens, MCP tool-call enforcement, AKS update state, Grafana Operator version, and dashboard/library panel permissions.
Data pipelineCVE-2026-49818Airflow Samba provider version, GCS-to-SMB DAGs, destination path containment, SMB write logs.
MCP / databaseCVE-2026-11529mysql-mcp-server version, database user scope, MCP client exposure, suspicious query history.
ML and image toolingCVE-2026-11816, 2049Keras archive extraction, GIMP/GEGL image-processing workstations.
Developer editorCVE-2026-52860Vim version in developer images and untrusted file workflows.
Peer networkingCVE-2026-46679js-libp2p gossipsub version and public peer memory alerts.

Checks to run

gh workflow list
grep -R "workflow_run\\|pull_request_target\\|packages: write" .github/workflows -n
kubectl get sa,rolebinding,clusterrolebinding -A | grep -Ei "mcp|migration|planner"
kubectl get deploy,pod -A | grep -Ei "grafana-operator|grafana operator"
kubectl get grafanadashboards,grafanalibrarypanels -A -o name 2>/dev/null
az aks show --resource-group RESOURCE_GROUP --name CLUSTER_NAME --output table
python -m pip show apache-airflow-providers-samba mysql-mcp-server 2>/dev/null
grep -R "GCSToSambaOperator\\|mysql_mcp_server\\|mcp-server-kubernetes" dags .github docker-compose.yml pyproject.toml requirements*.txt -n 2>/dev/null
python -c "import keras; print(keras.__version__)" 2>/dev/null
vim --version | head -2

For workflows, review whether untrusted pull-request code can influence a later privileged deployment job. For imports, treat spreadsheets, archives, OCI images, model files, and uploaded images as untrusted even when they arrive from a normal user account.

Post-patch cleanup

  • Rotate GitHub Actions tokens if a vulnerable workflow had package-write or deploy secrets.
  • Check recent container images and deployment digests before trusting "latest" tags.
  • Review Kubernetes service account token access around migration-planner imports.
  • For AKS, review recent low-privilege users, service principals, node pool activity, and cluster extension changes.
  • For Grafana Operator, upgrade to 5.24.0 or newer. If patching is delayed, block new jsonnet-based dashboard and library panel resources until the operator is updated.
  • For Airflow, upgrade apache-airflow-providers-samba to 4.12.6 or newer and review SMB destination writes from recent DAG runs.
  • For mysql-mcp-server, upgrade to 0.3.0, limit the database account, and review MCP client access logs.
  • Patch developer workstation images and CI containers that include Vim, Keras, GIMP, or GEGL.
  • Move untrusted archive and image processing into isolated workers with strict time and memory limits.

Ping7 repair path

Ping7 can review workflows, token scope, Kubernetes permissions, container image history, and suspicious build/deploy activity. Use CVE Repair when a build system, cluster, or sandbox host touches production credentials.

References