Notes on technical decisions, incident response, and building products with long-term durability.
A critical authentication bypass in CoPilot — now assigned CVE-2026-42869 — allows unauthenticated attackers to forge admin JWTs, reset passwords, plant backdoor accounts, and harvest credentials for every connected SOC tool from a secret that has been public since the first commit.
How I identified and responsibly disclosed an unauthenticated scheduler access control vulnerability in CoPilot — now assigned CVE-2026-42868 — and why precision in reporting matters as much as the finding itself.
A one-byte out-of-bounds write in wazuh-remoted — the root-level daemon that handles all agent communication — triggered by sending a crafted compressed message from any enrolled agent. Confirmed with AddressSanitizer by the Wazuh team. CVE pending.