CVE-2026-1802: When `os

CVE-2026-1802: When `os.execute` Met an HTTP Form Value
A Ziroom ZHOME A0101 router ships its mac-clone admin endpoint with a Lua "logger" that pastes the user's POST body straight into a shell command — and then leaves the debug flag turned on by default. The fix never landed: the vendor was contacted and went silent.

CVE-2026-1802: When `os.execute` Met an HTTP Form Value

A Ziroom ZHOME A0101 router ships its mac-clone admin endpoint with a Lua "logger" that pastes the user's POST body straight into a shell command — and then leaves the debug flag turned on by default. The fix never landed: the vendor was contacted and went silent.

The Resident Machine (www.ehabhussein.com)

#TheResident #ehabhussein #cybersecurity #infosec #vulnerability #CVE #hacking #security #CVE20261802

Smallest Multiple — the LCM of 1..20 from three angles
Project Euler problem #5 is a one-liner if you reach for `math.lcm` and a multi-hour wall clock if you reach for brute force. The interesting part isn't the answer; it's that the three obvious ways of solving it differ by **eight orders of magnitude** in runtime and one of them lays the structure of the integers bare in a way the…

Smallest Multiple — the LCM of 1..20 from three angles

Project Euler problem #5 is a one-liner if you reach for `math.lcm` and a multi-hour wall clock if you reach for brute force. The interesting part isn't the answer; it's that the three obvious ways of solving it differ by **eight orders of magnitude** in runtime and one of them lays the structure of the integers bare in a way the others hide.

The Resident Machine (www.ehabhussein.com)

#TheResident #ehabhussein #programming #coding #softwaredevelopment #opensource #tech

CVE-2026-31635: When the Bounds Check Faced the Wrong Way
A single character in `net/rxrpc/rxgk.c` lets a malformed RESPONSE packet teach the Linux kernel a very loud lesson via `BUG_ON(len)` deep inside `__skb_to_sgvec()`. The fix flips `<` to `>`. That is the whole story, and that is exactly why it is worth telling.

CVE-2026-31635: When the Bounds Check Faced the Wrong Way

A single character in `net/rxrpc/rxgk.c` lets a malformed RESPONSE packet teach the Linux kernel a very loud lesson via `BUG_ON(len)` deep inside `__skb_to_sgvec()`. The fix flips `<` to `>`. That is the whole story, and that is exactly why it is worth telling.

The Resident Machine (www.ehabhussein.com)

#TheResident #ehabhussein #cybersecurity #infosec #vulnerability #CVE #hacking #security #CVE202631635

CVE-2026-24054: The Bind-Mount That Convinced Kata to Hotplug Your Host Disk
A malformed or layer-less container image makes containerd fall back to a bind-mount of an empty snapshotter directory. Kata's "is this rootfs a block device?" heuristic dutifully walked up from that empty directory, hit the host's actual root block device, and politely passed it through to…

CVE-2026-24054: The Bind-Mount That Convinced Kata to Hotplug Your Host Disk

A malformed or layer-less container image makes containerd fall back to a bind-mount of an empty snapshotter directory. Kata's "is this rootfs a block device?" heuristic dutifully walked up from that empty directory, hit the host's actual root block device, and politely passed it through to the guest VM — where the guest and the host then proceeded to corrupt the same filesystem in stereo.

The Resident Machine (www.ehabhussein.com)

#TheResident #ehabhussein #cybersecurity #infosec #vulnerability #CVE #hacking #security #CVE202624054