Myth vs. Reality: What AI, Project Glasswing, and 48,000 CVEs Actually Mean for TPCRMJoin the Webinar
BlackKite: Home
Menu
blog

FOCUS FRIDAY: TPRM Insights on Critical Vulnerabilities in Squidbleed, UniFi OS Devices, FreeBSD, pgAdmin, and TinyProxy

Published

Jun 26, 2026

Authors

Ferdi Gül

Contributors

Hakan Karabacak

Introduction

This week's Focus Friday covers five FocusTags spanning web proxy infrastructure, enterprise network device firmware, database administration tooling, operating system kernels, and lightweight proxy software: the Squidbleed vulnerability in Squid Proxy, five critical vulnerabilities in Ubiquiti's UniFi OS devices, three critical-severity flaws in pgAdmin 4, a kernel-level local privilege escalation in FreeBSD, and HTTP request smuggling vulnerabilities in Tinyproxy. The week is defined by two distinct threat dynamics that TPRM professionals must track simultaneously: confirmed active in-the-wild exploitation with CISA KEV listings — most urgently in UniFi OS, where three CVSS 10.0 vulnerabilities are confirmed exploited — and newly weaponized long-latent flaws with public proof-of-concept availability, headlined by Squidbleed's 29-year-old heap over-read that leaks cleartext HTTP traffic from other proxy users.

Squidbleed is this week's headline disclosure: CVE-2026-47729, a heap over-read introduced via a code change in 1997 and resident in Squid's FTP directory-listing parser for 29 years, allows an authenticated proxy user to extract the cleartext HTTP requests of other users sharing the same proxy — including session tokens, authorization headers, and credentials. With a public PoC now available and approximately 1.7 million Squid instances detectable on Shodan, this disclosure translates directly into actionable risk across every vendor ecosystem that relies on Squid as a forward proxy, caching layer, or SSL inspection appliance. UniFi OS represents the week's most immediately dangerous active-exploitation cluster: three maximum-severity flaws confirming unauthenticated network access is sufficient to modify system state, traverse the filesystem to compromise OS accounts, or execute arbitrary OS commands — all against the network infrastructure devices that control routing, VPN, and surveillance across enterprise and SMB deployments globally.

For third-party risk management professionals, this week's portfolio reinforces a recurring pattern: the highest-impact vulnerabilities are not always found in application-layer software, but in the infrastructure components — proxies, routers, NVRs, database management tools, operating system kernels — that vendors deploy throughout their environments without surfacing in standard technology disclosures. Black Kite's FocusTags translate each of these signals into ecosystem-specific vendor intelligence, enabling TPRM teams to drive targeted remediation conversations against the precise vendor population intersecting with this week's highest-urgency exposures.

Filtered view of vendors with Squidbleed FocusTag® on the Black Kite platform.

Filtered view of vendors with Squidbleed FocusTag® on the Black Kite platform.

Squidbleed (CVE-2026-47729)

What is this vulnerability?

CVE-2026-47729, named Squidbleed, is a critical heap over-read vulnerability in Squid's FTP directory-listing parser — a flaw traceable to a code change made in 1997, making it one of the oldest security-relevant bugs to receive a CVE in recent memory. The vulnerability resides in FtpGateway.cc, where Squid includes a whitespace-skipping loop designed to handle NetWare server directory listings that historically padded entries with extra spaces. When an attacker-controlled FTP server sends a directory listing line that ends immediately after the timestamp field with no filename present, the parsing pointer advances to the string's null terminator. Because the loop treats the NUL byte as part of the search string, it continues reading beyond the buffer boundary. The subsequent xstrdup() call then copies the out-of-bounds memory — which contains the contents of previously freed Squid memory buffers — back to the attacker as a parsed filename.

Since Squid reuses freed memory buffers without zeroing them, the over-read returns remnants of other users' recent HTTP requests processed by the same Squid instance. These remnants may include Authorization headers, session tokens, cookie values, API keys, and any other credential material carried in HTTP request headers from other proxy users sharing the same Squid deployment. Exploitation requires the attacker to be a trusted proxy user — an access threshold routinely met by any employee, contractor, or device permitted to use a corporate forward proxy — and for the proxy to be able to reach an attacker-controlled FTP server on port 21. A public proof-of-concept exploit is available. CVE-2026-47729 carries CVSS 9.1 and EPSS 0.18%. Not listed in CISA KEV. CVE-2026-50012, a separate cache digest heap overflow also patched in Squid 7.6, has no active exploitation reported. Approximately 1,687,136 Squid instances are detectable on Shodan. Affected: Squid 7.6 and prior (v7 branch); Squid 5.7 and prior (distribution-packaged builds without backported fixes). Fixed in Squid 7.7.

Why should TPRM professionals care?

Squid is the most widely deployed open-source web proxy globally — used as a forward proxy for internet access control, a transparent caching proxy in ISP and enterprise networks, an SSL inspection appliance, and a content filter across hundreds of thousands of enterprise deployments. In a shared proxy environment — the most common deployment context — Squidbleed allows any trusted proxy user to extract the active HTTP session credentials of other users on the same proxy. In a corporate environment, this means an attacker with any internal network foothold and proxy access can harvest authentication tokens from employee sessions to cloud services, SaaS platforms, internal applications, and APIs simply by directing an FTP request to an attacker-controlled server. The 29-year residence of this flaw in the codebase means it affects every Squid deployment built across nearly three decades — including all distribution-packaged versions that have not received the backported fix. For TPRM professionals, vendors operating Squid as a forward proxy in multi-user environments — particularly those handling authentication traffic to cloud services, financial systems, or healthcare APIs — should be treated as exposed until confirmed patched to Squid 7.7 with FTP proxying verified as disabled or outbound port 21 blocked.

What questions should TPRM professionals ask vendors?

1.  Have all Squid Proxy deployments been upgraded to version 7.7? For distribution-packaged Squid builds (such as Debian's Squid 5.7), has the vendor confirmed that the null-terminator check guard has been successfully backported to FtpGateway.cc?

2.  Has FTP proxying been disabled in the Squid configuration as a defense-in-depth measure? Modern web clients no longer support FTP, making FTP proxy functionality unnecessary in most enterprise deployments — disabling it entirely eliminates the attack vector.

3.  Are outbound connections to external FTP servers on port 21 restricted by firewall rules, preventing the proxy from reaching attacker-controlled FTP endpoints? This is the prerequisite condition for Squidbleed exploitation.

4.  Is the Squid proxy deployment a shared multi-user forward proxy? If so, have HTTP session logs been reviewed for anomalous FTP proxy requests from internal users or devices that may indicate active reconnaissance or exploitation attempts?

5.  What traffic categories does the Squid proxy handle? Does it proxy authentication headers, session tokens, or API credentials to cloud services, SaaS platforms, or internal applications? This determines the sensitivity of the material at risk of exfiltration via Squidbleed.

Remediation recommendations

•  Upgrade to Squid 7.7 immediately — this is the fully patched release. For distribution-packaged builds, verify via package changelog that the FtpGateway.cc null-terminator guard has been backported; do not assume distribution updates match upstream patch timing.

•  Disable FTP proxying in Squid's squid.conf as an immediate mitigation: add 'acl FTP proto FTP' and 'http_access deny FTP' to block FTP proxy requests, or remove ftp_port directives if present. This closes the attack vector without requiring an upgrade.

•  Enforce outbound firewall rules blocking connections from the Squid proxy host to external IP addresses on port 21 (FTP control channel), preventing proxy-initiated connections to attacker-controlled FTP servers.

•  Review Squid access logs for anomalous FTP proxy requests from internal users or devices — particularly those resolving to external or unknown FTP server IP addresses — as indicators of reconnaissance or active exploitation.

•  For CVE-2026-50012 (cache digest heap overflow), apply the Squid 7.7 upgrade; no separate configuration workaround is available for this secondary flaw.

Black Kite's Squidbleed FocusTag® details critical insights on the event for TPRM professionals.

Black Kite's Squidbleed FocusTag® details critical insights on the event for TPRM professionals.

UniFi OS Devices (CVE-2026-34908, CVE-2026-34909, CVE-2026-34910, CVE-2026-33000, CVE-2026-34911)

What is this vulnerability?

Five critical and high-severity vulnerabilities — CVE-2026-34908, CVE-2026-34909, CVE-2026-34910, CVE-2026-33000, and CVE-2026-34911 — were disclosed by Ubiquiti in Security Advisory Bulletin 064 affecting UniFi OS across an extensive range of network infrastructure devices including Dream Machines, Dream Routers, Cloud Gateways, Network Video Recorders, UniFi OS Servers, and UNAS storage appliances. Three of the five vulnerabilities carry the maximum possible CVSSv3 score of 10.0 and have all been confirmed as actively exploited in the wild — earning immediate listing in CISA's Known Exploited Vulnerabilities Catalog.

CVE-2026-34908 (CVSS 10.0, EPSS 0.86%) is an unauthenticated Improper Access Control flaw allowing any network-reachable actor to make unauthorized changes to the UniFi OS system configuration — with no credentials, no user interaction, and no special conditions required. CVE-2026-34909 (CVSS 10.0, EPSS 0.9%) is an unauthenticated Path Traversal enabling any unauthenticated attacker to traverse the underlying filesystem and access or manipulate files to compromise OS-level accounts, establishing a persistent unauthorized access path. CVE-2026-34910 (CVSS 10.0, EPSS 33.61%) is an unauthenticated Command Injection delivering direct OS-level command execution to any network-reachable attacker — the most immediately destructive flaw in the cluster, providing full host compromise with no prerequisite access. All three carry the CVSS vector AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, confirming Changed Scope — exploitation impacts resources beyond the vulnerable device itself. CVE-2026-33000 (CVSS 9.1, EPSS 1.12%) is a high-privilege Command Injection in UniFi OS Server. CVE-2026-34911 (CVSS 7.7, EPSS 0.67%) is a low-privilege Path Traversal enabling sensitive information disclosure. Together, the five CVEs constitute a complete attack chain from unauthenticated reconnaissance and account takeover through full OS command execution. No public PoC. Approximately 61,604 UniFi OS devices are detectable on Shodan across all product lines.

Why should TPRM professionals care?

UniFi OS devices function as the network control plane in enterprise and SMB environments globally — governing routing, firewall policy enforcement, VPN concentrator access, Wi-Fi management, video surveillance, and network attached storage. A compromised UniFi OS device does not merely expose the device itself; it exposes every network segment it controls, every VPN tunnel it terminates, and every camera feed and storage volume it manages. The Changed Scope designation on the three maximum-severity CVEs formally confirms that exploitation yields impact beyond the vulnerable component — meaning lateral movement into the broader network infrastructure is a direct consequence. CVE-2026-34910's EPSS of 33.61% is among the highest in recent Focus Friday history, reflecting active threat actor tooling and exploitation infrastructure already deployed against this vulnerability class. For TPRM professionals, vendors deploying UniFi OS as core network infrastructure — particularly those with internet-accessible management interfaces, which are common in UniFi deployments for remote administration — should be treated as priority remediation targets given the CISA KEV confirmation and the CVSS 10.0 unauthenticated attack paths.

What questions should TPRM professionals ask vendors?

1.  Have firmware updates been applied to all affected UniFi OS devices immediately? Given product-specific patched version thresholds, which specific firmware version is confirmed installed on each affected device model — UCG-Industrial, UDM/UDM-Pro/SE/Max, UNVR/UNVR-Pro, UCG-Max, UNAS variants, UniFi OS Server, and Express?

2.  Given CISA KEV listings for CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910: have all affected UniFi OS devices been audited for forensic indicators of exploitation prior to patching — specifically unauthorized configuration changes, unexpected files accessed or modified on the underlying filesystem, anomalous command execution events, or newly created system accounts?

3.  Are UniFi OS management interfaces (web UI and API) accessible from the public internet? If so, have these been immediately placed behind firewall rules restricting access to trusted administrative IP ranges or VPN-gated paths while patching proceeds?

4.  For UniFi OS Servers specifically (CVE-2026-33000): have high-privilege administrative accounts been audited and restricted to the minimum operationally required population? Has MFA been enforced on all remaining administrative accounts?

5.  What network segmentation exists to limit the lateral movement impact if a UniFi OS device is compromised? Given the Changed Scope CVSS designation, have downstream network segments, VPN access paths, and storage volumes been reviewed for exposure?

Remediation recommendations

•  Apply vendor-issued firmware updates to all affected UniFi OS devices immediately via the UniFi Network Application or each device's management interface. Consult Ubiquiti Security Advisory Bulletin 064 for the specific patched version applicable to each product model — version thresholds vary across the product line.

•  Treat patching as a critical incident response action — not routine maintenance — given the CISA KEV listing and confirmed active exploitation of three CVSS 10.0 CVEs. Prioritize internet-exposed perimeter devices (edge routers, firewalls, VPN gateways) for immediate patching.

•  For devices that cannot be immediately patched: disable or restrict UniFi OS management interface access to trusted administrative networks or VPN-protected paths only, eliminating the unauthenticated attack surface of CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910 from untrusted networks.

•  Conduct an immediate forensic review of UniFi OS system logs on all affected devices for indicators of exploitation: unauthorized configuration changes, unexpected file access patterns, anomalous command execution events, or new system accounts created prior to patching.

•  After patching, audit all UniFi OS administrative accounts and revoke any with high privileges that are not operationally required; enforce strong, unique credentials and multi-factor authentication on all remaining administrative accounts to reduce the CVE-2026-33000 exposure surface.

Black Kite's UniFi OS Devices FocusTag® details critical insights on the event for TPRM professionals.

Black Kite's UniFi OS Devices FocusTag® details critical insights on the event for TPRM professionals.

FreeBSD - Jun2026 (CVE-2026-45257)

What is this vulnerability?

CVE-2026-45257 (CVSS 7.1, EPSS 0.02%), tracked by the FreeBSD Security Team as FreeBSD-SA-26:26.ktls, is a local privilege escalation vulnerability in the FreeBSD kernel affecting all supported releases from 13.0 through 15.0 on PMAP_HAS_DMAP architectures (amd64, arm64, and riscv). The flaw arises from the unsafe composition of three individually correct kernel subsystems that, when combined by an attacker, produce a deterministic page-cache write primitive that bypasses all VFS-layer file protections — including file permissions, read-only mount options, and chflags schg immutability flags — on any file the attacker has read access to. An unprivileged local user can overwrite SUID root binaries such as /usr/bin/su and obtain a root shell in approximately 1.5 seconds.

The three subsystems involved are: first, sendfile(2) allocates vnode-backed M_EXTPG mbufs whose physical page addresses (m_epg_pa[]) reference the file's page-cache pages directly — enabled by default via kern.ipc.mb_use_ext_pgs=1 on all affected architectures. Second, the TCP_RXTLS_ENABLE socket option contains no privilege check whatsoever, allowing any unprivileged user to configure software kernel-TLS RX on a TCP socket they own and supply an arbitrary AES-128-GCM key and IV. Third, the kernel's software AES-GCM decrypt performs in-place decryption using PHYS_TO_DMAP(m_epg_pa[i]) as both input and output buffer — writing the decrypted result directly into the physical page-cache page through the kernel direct map, entirely bypassing the VFS layer. Since the attacker controls the key and IV and knows the on-wire ciphertext (the file's current bytes, transmitted via sendfile), the AES-GCM output is fully attacker-determined. Three internal kernel guards (mb_unmapped_compress, mb_unmapped_to_ext, sb_mark_notready) each fail to intercept the write for structurally distinct reasons. The exploitation chain requires only a local shell account (uid 1001 is sufficient), no race condition, no special group membership, and no non-default kernel modules. The public PoC achieves root via /usr/bin/su shellcode injection in 36 TLS records. The vulnerability was introduced in 2020 and remained undetected across all affected releases for approximately five years. Immediate sysctl workaround: kern.ipc.mb_use_ext_pgs=0. Full fix via FreeBSD-SA-26:26.ktls kernel patch with reboot.

Why should TPRM professionals care?

FreeBSD's CVSSv3 score of 7.1 formally reflects the local attack vector requirement — the attacker needs an existing shell account on the target system. In isolation, this appears to constrain the risk. In practice, however, FreeBSD is deployed pervasively as the operating system underlying enterprise NAS appliances, network firewalls, content delivery infrastructure, and multi-tenant shared hosting and jail-based container platforms — environments where multiple unprivileged users routinely share a single FreeBSD host. In these deployment contexts, every co-resident user — including customers, contractors, or compromised application processes — becomes a potential root escalation vector. The exploitation chain is stable, deterministic, and requires no race condition: a public PoC achieves root in 1.5 seconds. The five-year undetected lifespan of this flaw means that every unpatched FreeBSD deployment on any PMAP_HAS_DMAP architecture with the default kernel configuration is immediately exploitable by any local user. For TPRM professionals, vendors operating FreeBSD-based NAS, hosting, or network appliance infrastructure — including vendors who may not know their underlying infrastructure runs FreeBSD, as many commercial appliances are FreeBSD-derived — require confirmation that the FreeBSD-SA-26:26.ktls patch has been applied or the sysctl workaround is active.

What questions should TPRM professionals ask vendors?

1.  Have all FreeBSD systems been patched via the FreeBSD-SA-26:26.ktls security advisory? For binary release deployments, has 'freebsd-update fetch install' been executed and the system rebooted to load the patched kernel? For custom-compiled kernels, has the source patch been applied and the kernel rebuilt?

2.  On any FreeBSD system where patching cannot be performed immediately, has the sysctl workaround been applied — kern.ipc.mb_use_ext_pgs=0 — and persisted in /etc/sysctl.conf? This runtime hot-mitigation eliminates the DMAP-backed mbuf primitive and closes the exploitation path without a kernel rebuild.

3.  In multi-tenant FreeBSD environments (shared hosting, jail-based platforms, cloud infrastructure), have SUID root binaries been inspected for unexpected modification timestamps or file size changes that may indicate page-cache corruption has already occurred prior to patching?

4.  Does the vendor operate any commercial network appliances, NAS systems, or infrastructure products built on FreeBSD or FreeBSD-derived operating systems (including pfSense, OPNsense, TrueNAS, or similar)? Have those vendors been contacted to confirm their patching status for CVE-2026-45257?

5.  What local account policies restrict non-privileged shell access on FreeBSD hosts? Have all local user accounts on sensitive FreeBSD systems been audited and unnecessary accounts revoked as a defense-in-depth measure?

Remediation recommendations

•  Apply the FreeBSD-SA-26:26.ktls kernel security advisory patch immediately via 'freebsd-update fetch install' for supported binary releases, or via source patching for custom kernels. Reboot is required to load the patched kernel — applying the patch without rebooting leaves the running kernel vulnerable.

•  As an immediate hot-mitigation on systems that cannot be rebooted immediately: set kern.ipc.mb_use_ext_pgs=0 as a runtime sysctl and persist it in /etc/sysctl.conf. This disables the EXTPG sendfile fast path and eliminates the DMAP-backed mbuf write primitive with negligible performance impact on non-TLS-server workloads.

•  In multi-tenant and jail-based FreeBSD deployments, conduct an immediate integrity audit of SUID root binaries — run 'find / -perm -4000 -ls' and compare against known-good checksums — to detect whether page-cache corruption exploitation has already occurred prior to patching.

•  For FreeBSD-based commercial appliances (NAS, firewall, CDN infrastructure), check vendor security advisories for each affected product and apply firmware updates as they are released; the underlying FreeBSD vulnerability may require vendor-specific patch delivery.

•  Monitor system audit logs and process accounting for anomalous sendfile(2) calls combined with setsockopt(TCP_RXTLS_ENABLE) from non-privileged user accounts, and alert on unexpected spawning of root shells from non-root process trees.

Black Kite's FreeBSD - Jun2026 FocusTag® details critical insights on the event for TPRM professionals.

Black Kite's FreeBSD - Jun2026 FocusTag® details critical insights on the event for TPRM professionals.

pgAdmin - Jun2026 (CVE-2026-12046, CVE-2026-12045, CVE-2026-12048)

What is this vulnerability?

Three critical-severity vulnerabilities — CVE-2026-12046, CVE-2026-12045, and CVE-2026-12048 — were disclosed in pgAdmin 4, the most widely deployed open-source administration and development platform for PostgreSQL databases. CVSSv3.1 scores range from 9.0 to 9.3 across the three CVEs, and CVSSv4.0 scores reach as high as 9.5. The three vulnerabilities span distinct attack surfaces and privilege levels, together comprising one of the most operationally severe disclosure clusters observed in database administration tooling.

CVE-2026-12046 (CVSS 9.0, EPSS 0.72%) is an unauthenticated RCE path via missing authentication decorators on two SQL Editor session endpoints in server mode. The DELETE /sqleditor/close/<trans_id> and POST /sqleditor/initialize/sqleditor/update_connection/<sgid>/<sid>/<did> endpoints lack the @pga_login_required decorator entirely, allowing unauthenticated access. Both endpoints invoke pickle.loads on session-stored command objects — a universally unsafe deserialization pattern. Chained with a separately obtained SECRET_KEY leak and write access to the sessions/ directory, this constructs a fully unauthenticated RCE path against the pgAdmin process. Affects pgAdmin 4 versions 6.9 through 9.15 in server mode only. CVE-2026-12045 (CVSS 9.0, EPSS 0.51%) targets the AI Assistant's execute_sql_query tool, which accepted multi-statement SQL payloads. A crafted input beginning with COMMIT; terminates the enclosing BEGIN TRANSACTION READ ONLY wrapper, causing subsequent statements to execute in autocommit mode outside all read-only protections. On a superuser-connected session — common in development and DBA environments — this chains to OS-level command execution via PostgreSQL's COPY ... TO PROGRAM mechanism. Affects pgAdmin 4 versions 9.13 through 9.15. CVE-2026-12048 (CVSS 9.3, EPSS 0.31%) enables stored Cross-Site Scripting via PostgreSQL server error messages and EXPLAIN plan nodes rendered verbatim through html-react-parser across all user-facing sinks. Because pgAdmin's default Content-Security-Policy carries unsafe-inline and unsafe-eval, injected iframe payloads inherit full same-origin access to the victim's authenticated pgAdmin session — enabling credential theft, session hijacking, and unauthorized database operations at scale. Affects pgAdmin 4 versions 6.0 through 9.15. No public PoC. Not in CISA KEV. All three are fully remediated in pgAdmin 4 version 9.16. ~4,490 on Shodan.

Why should TPRM professionals care?

pgAdmin 4 is the primary administration interface for PostgreSQL, the world's most widely deployed open-source relational database. It is used pervasively in development environments, cloud-deployed database infrastructure, and on-premises database clusters by database administrators, developers, and data engineers with superuser-level access to production data. CVE-2026-12046's unauthenticated server-mode RCE path means that any pgAdmin 4 instance running in server mode — the standard deployment for shared or cloud-hosted pgAdmin — is trivially compromisable without credentials, providing direct shell access to the host running pgAdmin and, by extension, to every PostgreSQL database it manages. CVE-2026-12045 exploits AI integration functionality to escalate from AI-assisted query execution to OS command execution on the database host — a vulnerability class that illustrates the security risk of integrating AI tooling into privileged database administration workflows without strict input validation. CVE-2026-12048's stored XSS via PostgreSQL server error messages is a supply-chain-style attack vector: an attacker who controls or compromises a PostgreSQL server a victim connects to can inject persistent payloads that execute in the pgAdmin administrator's browser, harvesting credentials and session tokens across every database instance under management. For TPRM professionals, vendors running pgAdmin in server mode with internet exposure, or vendors whose DBA workflows involve AI Assistant features or connections to multiple PostgreSQL servers, represent multi-vector risk profiles requiring immediate upgrade to version 9.16.

What questions should TPRM professionals ask vendors?

1.  Have all pgAdmin 4 deployments been upgraded to version 9.16 — the only release that fully remediates all three CVEs? What is the confirmed installed version and upgrade timeline for any instances still running 9.15 or earlier?

2.  Are any pgAdmin 4 instances running in server mode with direct internet exposure? Given CVE-2026-12046's unauthenticated RCE path, any server-mode pgAdmin deployment accessible from untrusted networks should be treated as an emergency remediation priority.

3.  Have pgAdmin web server access logs been reviewed for unauthenticated requests to /sqleditor/close/ or /sqleditor/initialize/sqleditor/update_connection/ endpoints from unknown source IPs? Has the sessions/ directory been inspected for unexpected or recently modified session files that may indicate malicious pickle payload staging?

4.  Has the AI Assistant feature been restricted or disabled for accounts connected with superuser privileges pending upgrade? Superuser sessions are the prerequisite for escalating CVE-2026-12045 to OS command execution via COPY ... TO PROGRAM.

5.  Are pgAdmin users restricted to connecting to known, trusted PostgreSQL server instances? Unauthorized server connections from untrusted or external PostgreSQL servers are the prerequisite for CVE-2026-12048 stored XSS payload delivery.

Remediation recommendations

•  Upgrade all pgAdmin 4 deployments to version 9.16 immediately — this is the only release that addresses all three vulnerabilities, including authentication enforcement on SQL Editor endpoints, AI Assistant multi-statement rejection, and DOMPurify layering across all html-react-parser call sites. Confirm the installed version via Help → About post-upgrade.

•  Restrict all pgAdmin 4 server-mode instances to trusted internal network ranges or VPN-gated access immediately; eliminate any direct public internet exposure given CVE-2026-12046's unauthenticated attack path.

•  If patching cannot be performed immediately, disable the AI Assistant feature for all accounts — particularly those connected with superuser privileges — to prevent CVE-2026-12045 exploitation via crafted multi-statement SQL payloads.

•  Implement PostgreSQL server connection allowlists within pgAdmin, restricting users to connecting only to known and trusted PostgreSQL servers to eliminate CVE-2026-12048 payload delivery via malicious server error messages.

•  Review access logs for unauthenticated requests to vulnerable SQL Editor endpoints, inspect the sessions/ directory for unexpected files, and treat any anomalous session file activity as a potential indicator of pickle payload staging for CVE-2026-12046 exploitation.

Black Kite's pgAdmin - Jun2026 FocusTag® details critical insights on the event for TPRM professionals.

Black Kite's pgAdmin - Jun2026 FocusTag® details critical insights on the event for TPRM professionals.

TinyProxy - Jun2026 (CVE-2026-54388, CVE-2026-54387, CVE-2026-55202)

What is this vulnerability?

Three vulnerabilities — CVE-2026-54388, CVE-2026-54387, and CVE-2026-55202 — affect Tinyproxy through version 1.11.3, a lightweight HTTP/HTTPS proxy widely deployed in small networks, internal enterprise environments, embedded appliances, and container infrastructure where a minimal-footprint proxy is preferred over Squid or comparable full-featured alternatives. The vulnerability set covers two distinct HTTP request smuggling attack vectors and a proxy statistics access control bypass.

CVE-2026-54388 (CVSS 9.1, EPSS 0.39%) is an HTTP Request Smuggling vulnerability caused by improper handling of duplicate Content-Length headers. When a request contains multiple Content-Length values, Tinyproxy and the backend server may interpret different Content-Length values — creating a proxy/backend parser desynchronization condition. An attacker who can send HTTP requests through the vulnerable Tinyproxy instance can exploit this boundary ambiguity to inject arbitrary HTTP requests that are interpreted as independent requests by the backend, enabling cache poisoning, request hijacking, and access control bypass. CVE-2026-54387 (CVSS 9.1, EPSS 0.39%) is an HTTP Request Smuggling vulnerability via Content-Length and Transfer-Encoding (CL/TE) desynchronization. By sending crafted requests containing conflicting CL and TE headers, an attacker causes Tinyproxy and the backend to disagree on request boundary locations, enabling request injection, cache poisoning, and session hijacking. CVE-2026-55202 (CVSS 8.2, EPSS 0.34%) is a StatHost detection bypass via Host header manipulation: Tinyproxy's stat host detection logic fails to properly validate the Host header, allowing an attacker to bypass access controls and access Tinyproxy's internal proxy statistics page — potentially exposing information about internal network architecture and proxy configuration. All three require only the ability to send HTTP requests through the vulnerable Tinyproxy instance — no authentication or user interaction required. No confirmed active exploitation at time of publication. Patches are available as source code commits; no official versioned release containing all fixes has been announced.

Why should TPRM professionals care?

HTTP Request Smuggling vulnerabilities are particularly dangerous in proxy-chained architectures where Tinyproxy forwards traffic to backend web servers, caching layers, internal services, or additional HTTP intermediaries — precisely the deployment pattern for which Tinyproxy is commonly selected. In these environments, a smuggled request bypasses the proxy's access controls entirely and is interpreted as a new, independent HTTP request by the backend — enabling an attacker to access authenticated endpoints, poison shared caches, hijack other users' sessions, or override security headers that the proxy is expected to enforce. The access control bypass context is particularly significant: organizations that deploy Tinyproxy specifically to gate and control access to internal services may find that CVE-2026-54388 and CVE-2026-54387 nullify the proxy's enforcement role entirely for traffic that contains the crafted header patterns. CVE-2026-55202's StatHost bypass further extends the information disclosure surface by exposing internal proxy configuration details that can inform subsequent attack targeting. For TPRM professionals, the key population at risk is vendors who deploy Tinyproxy as an internal access control proxy — rather than merely as a caching or bandwidth management layer — where the request smuggling vulnerability directly undermines the proxy's security function.

What questions should TPRM professionals ask vendors?

1.  Has Tinyproxy been updated to a build incorporating the three patched commits: 364cdb67e0ea00a8e4a7037e2693e0711e816adb (duplicate Content-Length fix), ff45d3bf0e61d0f8ed97ab379d3047f04eb67521 (CL/TE desynchronization fix), and 09312a185ae25cc486b4ff5987638a7917a48bce (StatHost detection fix)? Since no new versioned release has been announced, has the vendor confirmed a custom build or distribution package incorporating all three commits?

2.  Is Tinyproxy exposed to untrusted users or the public internet? Internet-facing and broadly accessible internal proxy deployments are at materially higher risk from CVE-2026-54388 and CVE-2026-54387 than deployments bound to localhost or restricted to a single trusted source IP range.

3.  Does the Tinyproxy deployment forward traffic to backend servers, cache layers, internal services, or additional HTTP intermediaries? Request smuggling impacts are amplified in proxy-chained architectures where backend services process forwarded requests as independent HTTP transactions.

4.  Has the Tinyproxy Listen directive been verified to confirm the proxy is not unintentionally exposed to the public internet or broader internal networks than intended? Have Allow directives been audited to confirm access is restricted to trusted source IP ranges?

5.  Is the StatHost (proxy statistics) endpoint exposed to untrusted users? Has StatHost access been disabled or restricted to trusted administrative IP ranges to mitigate CVE-2026-55202?

Remediation recommendations

•  Apply all three patched commits immediately by building Tinyproxy from the patched source tree or applying distribution package updates that incorporate commits 364cdb67, ff45d3bf, and 09312a18. Confirm all three fixes are present in the deployed binary — the fixes address distinct vulnerability classes and all three are required.

•  Restrict Tinyproxy access to trusted internal IP addresses only via the Allow directive in tinyproxy.conf; confirm the Listen directive is not binding to 0.0.0.0 or any network interface reachable by untrusted users or the public internet.

•  Disable the StatHost endpoint entirely if internal proxy statistics are not operationally required, eliminating the CVE-2026-55202 information disclosure surface. If StatHost access is required, restrict it to trusted administrative source IPs only.

•  Monitor proxy and upstream server logs for anomalous HTTP header patterns — specifically, requests containing multiple Content-Length headers or requests containing both Content-Length and Transfer-Encoding headers — as indicators of request smuggling exploitation attempts.

•  Prioritize remediation for Tinyproxy deployments that are chained with backend servers, cache layers, internal services, or additional HTTP intermediaries; the request injection impact of CVE-2026-54388 and CVE-2026-54387 is directly proportional to the access value of backend systems the proxy reaches.

Black Kite's TinyProxy - Jun2026 FocusTag® details critical insights on the event for TPRM professionals.

Black Kite's TinyProxy - Jun2026 FocusTag® details critical insights on the event for TPRM professionals.

How TPRM Professionals Can Leverage Black Kite for These Vulnerabilities

This week's five FocusTags® reflect the dual nature of modern vulnerability risk: confirmed active exploitation demanding immediate incident-response action, and newly weaponized long-latent flaws whose public PoC availability accelerates the transition from theoretical to operational threat. The UniFi OS cluster — three CVSS 10.0 CVEs confirmed exploited and CISA KEV-listed — represents the first category: for any vendor with UniFi OS devices, patching is not a scheduled maintenance activity but an active response to confirmed adversary activity. Squidbleed and FreeBSD represent the second category: decades of undetected vulnerability exposure, now operationalized with public PoC code, against infrastructure that vendors do not routinely disclose in technology inventories or assess in standard vulnerability management cycles.

The pgAdmin and Tinyproxy tags illustrate a third dimension: vulnerabilities in the administrative and proxy tooling that surrounds database and network infrastructure, rather than in the infrastructure itself. These tools are rarely surfaced in TPRM questionnaires or technology disclosures, yet they carry the same or greater access implications as the systems they manage. A compromised pgAdmin instance yields access to every PostgreSQL database it administers; a compromised Tinyproxy instance nullifies the access controls it is deployed to enforce. Black Kite's FocusTags® translate all five signals simultaneously into ecosystem-specific vendor intelligence — identifying which vendors in the TPRM portfolio run Squid, UniFi OS, pgAdmin, FreeBSD, or Tinyproxy — enabling targeted, technically informed engagement at a scale that manual CVE-to-vendor mapping cannot achieve.

Strengthening TPRM Outcomes with Black Kite’s FocusTags®

Black Kite's FocusTag® technology provides TPRM teams with the intelligence infrastructure needed to keep pace with an accelerating threat landscape. By automatically correlating newly disclosed vulnerabilities with the technology profiles of vendors in your ecosystem, Black Kite transforms reactive patch tracking into proactive vendor risk management.

•  Instant Vendor Exposure Mapping: FocusTags® automatically identify which vendors in your portfolio are running affected products, eliminating the manual effort of mapping CVEs to vendor technology inventories across large, complex third-party ecosystems.

•  Precision-Targeted Remediation Requests: Each FocusTag® includes specific, technically grounded vendor questions — moving beyond generic patch status inquiries to version-specific, control-specific questions that surface genuine remediation versus compliance theater.

•  Continuous Risk Score Integration: FocusTag® exposure feeds directly into Black Kite's vendor risk scores, ensuring that critical vulnerability exposure is immediately reflected in your third-party risk ratings without waiting for the next scheduled assessment cycle.

•  Operational Efficiency at Scale: By consolidating multi-product vulnerability intelligence into a single prioritized view, FocusTags® enable TPRM teams to manage concurrent threat events across diverse technology categories without scaling headcount — ensuring risk teams operate at the speed of the threat landscape.

By transforming raw cyber threat data into precise, actionable intelligence, Black Kite's FocusTags® provide TPRM professionals with the exact tools needed to efficiently and effectively secure the digital supply chain against today's most sophisticated attacks.

About Focus Friday

Every week, we delve into the realms of critical vulnerabilities and their implications from a Third-Party Risk Management (TPRM) perspective. This series is dedicated to shedding light on pressing cybersecurity threats, offering in-depth analyses, and providing actionable insights.

FocusTags® in the Last 30 Days:

  • Squidbleed: CVE-2026-47729, CVE-2026-50012, Critical Heap Over-Read Vulnerability in Squid Proxy FTP Directory-Listing Parser Leading to Cleartext HTTP Request and Token Disclosure.
  • UniFi OS Devices: CVE-2026-34908, CVE-2026-34909, CVE-2026-34910, CVE-2026-33000, CVE-2026-34911, Critical Improper Access Control, Path Traversal, Command Injection, and Information Disclosure Vulnerabilities in UniFi OS Devices.
  • pgAdmin - Jun2026: CVE-2026-12046, CVE-2026-12045, CVE-2026-12048, Critical Unauthenticated Remote Code Execution, AI Assistant Transaction Bypass, OS Command Execution, and Stored XSS Vulnerabilities in pgAdmin 4.
  • FreeBSD - Jun2026: CVE-2026-45257, High-Severity Local Privilege Escalation Vulnerability in FreeBSD KTLS sendfile(2) Handling Allowing Page Cache Modification and Root Compromise.
  • TinyProxy - Jun2026: CVE-2026-54388, CVE-2026-54387, CVE-2026-55202, Critical HTTP Request Smuggling, CL/TE Desynchronization, Request Injection, Cache Poisoning, Access Control Bypass, and StatHost Bypass Vulnerabilities in TinyProxy.
  • NGINX Rift Chain : CVE-2026-42945, CVE-2026-46376, Critical Heap-Based Buffer Overflow and Remote Code Execution Vulnerability in NGINX ngx_http_rewrite_module.
  • FortiBleed Breach: Active exploitation of Fortinet vulnerabilities has led to confirmed breach activity, enabling attackers to compromise exposed Fortinet environments and creating significant third-party risk for affected organizations.
  • Langflow - Jun2026 (Latest): CVE-2026-5027, High-Severity Path Traversal and Unauthenticated Remote Code Execution Vulnerability in Langflow.
  • Jenkins - Jun2026 : CVE-2026-53435, CVE-2026-53441, High-Severity Deserialization Type Bypass, User Impersonation, Arbitrary File Read, Script Console Remote Code Execution, and Stored XSS Vulnerabilities in Jenkins.
  • MongoDB - Jun2026 : CVE-2026-11933, CVE-2026-9740, CVE-2026-9750, CVE-2026-9743, High-Severity Use-After-Free Memory Disclosure, Unauthenticated Denial of Service, Metadata Corruption, and Null Pointer Dereference Vulnerabilities in MongoDB.
  • LiteSpeed cPanel Plugin : CVE-2026-54420, High-Severity Privilege Escalation to Root Vulnerability in LiteSpeed cPanel Plugin.
  • SimpleHelp - Jun2026 : CVE-2026-48558, Critical OIDC Authentication Bypass and Administrative Account Takeover Vulnerability in SimpleHelp.
  • Automatic Tank Gauge (ATG) Systems : Critical Internet-Exposed Automatic Tank Gauge Systems Enabling Unauthenticated Remote Command Execution.
  • LiteLLM : CVE-2026-42271, High-Severity Authenticated Command Execution Vulnerability in LiteLLM AI Proxy Server.
  • Ivanti EPMM - Jun2026 : CVE-2026-6973, CVE-2026-10727, High-Severity Remote Code Execution and OS Command Injection Vulnerabilities in Ivanti Endpoint Manager Mobile.
  • Exchange Server - Jun2026 : CVE-2026-45504, CVE-2026-45503, CVE-2026-47631, CVE-2026-45583, CVE-2026-45501, CVE-2026-45500, CVE-2026-45502, High-Severity Privilege Escalation, SSRF, Spoofing, Remote Code Execution, and Information Disclosure Vulnerabilities in Microsoft Exchange Server.
  • SharePoint - Jun2026 : CVE-2026-45484, CVE-2026-47298, CVE-2026-47634, CVE-2026-45481, CVE-2026-45454, High-Severity Privilege Escalation, Remote Code Execution, Spoofing, and Path Traversal Vulnerabilities in Microsoft SharePoint.
  • MariaDB - Jun2026 : CVE-2026-49261, CVE-2026-48165, CVE-2026-48163, Critical and High-Severity Remote Code Execution, Authentication Bypass, and Server-Side Vulnerabilities in MariaDB Community Server.
  • SolarWinds Serv-U - Jun2026 : CVE-2026-28318, High-Severity Uncontrolled Resource Consumption Vulnerability in SolarWinds Serv-U.
  • Samba - Jun2026 : CVE-2026-4480, CVE-2026-4408, CVE-2026-1933, CVE-2026-3012, CVE-2026-3238, CVE-2026-2340, Critical and High-Severity Vulnerabilities including Remote Code Execution and Access Control Bypass in Samba.
  • Roundcube - Jun2026 : CVE-2026-48842, CVE-2026-48844, CVE-2026-48848, CVE-2026-48845, CVE-2026-48846, Five High-Severity Vulnerabilities including SQL Injection, Server-Side Code Injection (RCE), and XSS in Roundcube Webmail. Langflow - Jun2026 : CVE-2026-7524, CVE-2026-48519, Two Critical-Severity Vulnerabilities including Path Traversal and Remote Code Execution in Langflow OSS.
  • Axios - Jun2026 : CVE-2026-44492, CVE-2026-44494, Two High-Severity Vulnerabilities including SSRF via NO_PROXY Bypass and Prototype Pollution in Axios.
  • ActiveMQ - Jun2026 : CVE-2026-45505, CVE-2026-42588, CVE-2026-49157, CVE-2026-42253, High-Severity Vulnerabilities including Remote Code Execution, Incorrect Permissions, and XSS in Apache ActiveMQ.
  • Apache Solr - Jun2026 : CVE-2026-44825, Critical Hardcoded and Default Credentials Vulnerability in Apache Solr.
  • Apache Airflow - Jun2026 : CVE-2026-45360, High-Severity Arbitrary Class Import Vulnerability in Apache Airflow.
  • Plesk - Jun2026 : CVE-2026-44962, Near-Maximum-Severity Chained XPath and OS Command Injection Vulnerability in Plesk.
  • Synology DSM Chat Server - Jun2026 : CVE-2026-40541, CVE-2026-32998, CVE-2026-32997, CVE-2026-32996, CVE-2026-9548, CVE-2026-9491, Critical and High-Severity Vulnerabilities including Remote Code Execution and Arbitrary File Access in Synology Chat Server.
  • Langflow - May2026 : CVE-2025-34291, Critical CORS/CSRF and Remote Code Execution Vulnerabilities in Langflow.
  • FreeBSD - May2026 : CVE-2026-45255, CVE-2026-45250, CVE-2026-45251, CVE-2026-45252, CVE-2026-39461, CVE-2026-45254, CVE-2026-45253, Critical and High-Severity Remote Code Execution, Kernel Privilege Escalation, Sandboxing Breaches, and Network Denial of Service Vulnerabilities in FreeBSD core OS.

See Black Kite's full CVE Database and the critical TPRM vulnerabilities that have an applied  FocusTags® at https://blackkite.com/cve-database.

References

https://nvd.nist.gov/vuln/detail/CVE-2026-47729

https://thehackernews.com/2026/06/29-year-old-squid-proxy-bug-squidbleed.html

https://securityonline.info/squidbleed-vulnerability/

https://blog.calif.io/p/squidbleed-cve-2026-47729

https://www.cve.org/CVERecord?id=CVE-2026-34908

https://www.cve.org/CVERecord?id=CVE-2026-34909

https://www.cve.org/CVERecord?id=CVE-2026-34910

https://www.cve.org/CVERecord?id=CVE-2026-33000

https://www.cve.org/CVERecord?id=CVE-2026-34911

https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/

https://securityonline.info/cisa-kev-catalog-exploited-flaws/

https://www.cve.org/CVERecord?id=CVE-2026-12046

https://www.cve.org/CVERecord?id=CVE-2026-12045

https://www.cve.org/CVERecord?id=CVE-2026-12048

https://github.com/pgadmin-org/pgadmin4/issues/10072

https://github.com/pgadmin-org/pgadmin4/issues/10022

https://github.com/pgadmin-org/pgadmin4/issues/10068

https://securityonline.info/pgadmin-4-vulnerabilities/

https://www.cve.org/CVERecord?id=CVE-2026-45257

https://www.freebsd.org/security/advisories/FreeBSD-SA-26:26.ktls.asc

https://seclists.org/oss-sec/2026/q2/881

https://securityonline.info/freebsd-ktls-cve-2026-45257/

https://github.com/tinyproxy/tinyproxy/commit/364cdb67e0ea00a8e4a7037e2693e0711e816adb

https://github.com/tinyproxy/tinyproxy/commit/ff45d3bf0e61d0f8ed97ab379d3047f04eb67521

https://github.com/tinyproxy/tinyproxy/commit/09312a185ae25cc486b4ff5987638a7917a48bce