March 26, 2026 vulnerability digest: ORY Oathkeeper triple auth bypass scores CVSS 10.0
by Artem Safonov
A CVSS 10.0 path traversal in ORY Oathkeeper bypasses all three layers of access control at once. Squid 7.5 patches a heap use-after-free in ICP handling, and a 12-year-old Perl session middleware RCE finally receives a CVE number. Full vulnerability …
Read more →