https://ringzeropirate.github.io/en/categories/vulnerability-research/Recent content in Vulnerability Research on RingZero PirateHugoen-USFri, 29 May 2026 00:00:00 +0000https://ringzeropirate.github.io/en/articles/notepadpp_rce/Fri, 29 May 2026 00:00:00 +0000https://ringzeropirate.github.io/en/articles/notepadpp_rce/CVE-2026-48778 | CVE-2026-48800 | CVSS 7.8 HIGH Notepad++ v8.9.5 — Fixed in v8.9.6.1 Reading time: 10 minuti Responsible Disclosure Note — All findings described in this article were communicated to Don Ho (maintainer of Notepad++) prior to publication. The upstream fix has been committed to the repository notepad-plus-plus/notepad-plus-plus. The complete timeline is provided at the bottom of the article. Table of Contents Introduction Setup: Loading the Codebase Threat Model and Attack Surface Phase 1: Taint Analysis with Semgrep Phase 2: Manual Verification of Findings CVE-2026-48778: config.https://ringzeropirate.github.io/en/articles/sudo-env-bypass/Sat, 28 Mar 2026 00:00:00 +0000https://ringzeropirate.github.io/en/articles/sudo-env-bypass/Reading Time: 16 minutes Responsible Disclosure Notice — All findings described in this article were reported to Todd C. Miller (sudo maintainer) prior to publication. The upstream fix has been committed to the sudo-project/sudo repository. Full timeline is disclosed at the end of this article. Executive Summary During an independent audit of the plugins/sudoers/env.c module in sudo 1.9.17p2 / 1.9.18rc1, I identified seven environment variables that are silently passed through to privileged processes when env_reset is disabled (!