cuppa
daily live

the live wire

now, not later.

Verified launches, security shifts, and AI service health. Primary reports first; noise and speculation stay out.

live signals

14

service health

just now

breaking now

(01)
cloudflare · service statusinvestigatingofficialupdated 14d ago

Workers AI experiencing degraded availability in some models

We are continuing to investigate this issue.

Workers AI

release radar

(02)
thinkingmachines · model releasepublishedtrustedupdated 14h ago

Thinking Machines: Inkling

Inkling is an open-weight multimodal mixture-of-experts model from Thinking Machines Lab, with 41B active parameters out of 975B total. It is designed for general-purpose reasoning, coding, agentic and tool-use systems,...

1,048,576 contexttextimageaudiotext
moonshotai · model releasepublishedtrustedupdated 1d ago

MoonshotAI: Kimi K3

Kimi K3 is a 2.8T parameter open-weight multimodal reasoning model from Moonshot AI. It is suited for complex coding, knowledge work, and long-horizon agentic workflows, and is particularly strong at...

1,048,576 contexttextimagetext

security watch

(11)
GitHub Advisory · security advisorypublishedofficialupdated 12h ago

CVE-2026-54504: @andrea9293/mcp-documentation-server: Web UI API binds to all interfaces without authentication by default

Summary @andrea9293/mcp-documentation-server v1.13.0 documents that a Web UI starts automatically on port 3080. However, the Web UI/API appears to bind to all network interfaces by default (:3080 / 0.0.0.0:3080) instead of localhost-only, and its document-management API endpoints do not require authentication. As a result, any network-reachable client on the same LAN, VM network, or container bridge can access the document-admin API without credentials. In my reproduction, I was able to enumerate documents, add a document, read its full content, search…

@andrea9293/mcp-documentation-servernpm
GitHub Advisory · security advisorypublishedofficialupdated 17h ago

CVE-2026-53597: Prompty: Arbitrary code execution via JavaScript frontmatter in TypeScript loader

Summary The TypeScript Prompty loader used gray-matter without overriding executable frontmatter engines. gray-matter supports JavaScript frontmatter blocks such as ---js and evaluates them while parsing. An attacker-controlled .prompty file could therefore execute arbitrary JavaScript during prompt loading. Affected package - npm @prompty/core v2 prerelease line: >= 2.0.0-alpha.1 < 2.0.0-beta.3 - Fixed in @prompty/[email protected] The legacy v1 JavaScript runtime had a historical hardening change for this issue. During the v2 TypeScript runtime rebuil…

@prompty/corenpm
GitHub Advisory · security advisorypublishedofficialupdated 17h ago

CVE-2026-53598: Prompty: Arbitrary file read via file reference expansion

Summary Prompty loaders expanded ${file:...} references in .prompty frontmatter without enforcing that the resolved path stayed within an authorized directory. An attacker-controlled prompt file could use path traversal or an absolute path to cause the host application to read files accessible to the process. Affected packages - PyPI prompty versions <= 2.0.0b1; fixed in 2.0.0b2 - npm @prompty/core versions <= 2.0.0-beta.1; fixed in 2.0.0-beta.2 - crates.io prompty versions <= 2.0.0-beta.1; fixed in 2.0.0-beta.2 - NuGet Prompty.Core versions <= 2.0.0-be…

prompty@prompty/corepromptyPrompty.Corepipnpm
GitHub Advisory · security advisorypublishedofficialupdated 18h ago

CVE-2026-54547: meta-ads-mcp: X-Pipeboard-Token Header Auth Bypass Reuses Operator Meta Token

X-Pipeboard-Token Header Auth Bypass Reuses Operator Meta Token Summary AuthInjectionMiddleware in meta-ads-mcp rejects HTTP MCP requests only when both authtoken and pipeboardtoken are absent. Because extracttokenfromheaders() does not recognise the X-Pipeboard-Token header, an attacker who sends that header with any arbitrary value produces authtoken = None and pipeboardtoken = , making the guard condition evaluate to False and passing the request through. No authentication context is set; the token getter falls back to the server operator's METAACCES…

meta-ads-mcppip
GitHub Advisory · security advisorypublishedofficialupdated 18h ago

CVE-2026-54549: meta-ads-mcp: Server-Side Request Forgery (SSRF) in uploadadimage via Unrestricted imageurl Fetch

Server-Side Request Forgery (SSRF) in uploadadimage via Unrestricted imageurl Fetch Summary The uploadadimage MCP tool in meta-ads-mcp v1.0.113 passes an attacker-controlled imageurl parameter directly to an HTTP fetch helper (httpx.AsyncClient(followredirects=True).get(url)) without any scheme, host, or IP address validation. When the server is deployed with the streamable-http transport (a documented, officially supported mode), an unauthenticated remote attacker can supply an arbitrary URL—including http://127.0.0.1/, RFC 1918 addresses, or cloud met…

meta-ads-mcppip
GitHub Advisory · security advisorypublishedofficialupdated 19h ago

CVE-2026-55574: vLLM: ReDoS via structuredoutputs.regex compiled without timeout in xgrammar and outlines backends

Summary The structuredoutputs.regex API parameter passes a user-supplied regex string directly to grammar compiler backends with no compilation timeout. In the xgrammar backend, the string reaches compileregex() with no guard. In the outlines backend, validateregexisbuildable() blocks structural issues (lookarounds, backreferences) but provides zero protection against exponential DFA state-space explosion. Patterns like (a+)+b pass all checks and hang the inference worker. Root Cause backendxgrammar.py:91 — no timeout: python ctx = self.compiler.compile…

vllmpip
GitHub Advisory · security advisorypublishedofficialupdated 19h ago

CVE-2026-54234: vLLM has Remote DoS via Invalid Recovered Token Reinjection

Summary A frontend-legal multi-request speculative workload can make vLLM produce an out-of-vocabulary recovered token equal to vocabsize, convert that value to -1 when choosing the next live token for a request, and then feed that -1 back into the next drafter input ids. On Qwen3 GPTQ this reaches the worker-side drafting / attention path and crashes the engine with a GPU device-side assert. The same issue is reachable through the public gRPC request surface by sending a specific overlapping Generate / Abort sequence. Impact - A remote client that can…

vllmpip
GitHub Advisory · security advisorypublishedofficialupdated 1d ago

CVE-2026-59950: MCP Python SDK: WebSocket server transport does not support Host/Origin validation

Summary In affected versions, the deprecated WebSocket server transport (mcp.server.websocket.websocketserver) accepted the WebSocket handshake without applying any Host or Origin header validation. The TransportSecuritySettings mechanism that the SSE and Streamable HTTP transports use for this purpose was not wired into the WebSocket transport, so there was no SDK-level way to restrict which origins could connect. Am I affected? Only if a developer's application server exposes mcp.server.websocket.websocketserver. This transport has never been part of…

mcppip
GitHub Advisory · security advisorypublishedofficialupdated 1d ago

CVE-2026-52869: MCP Python SDK: HTTP transports serve session requests without verifying the authenticated principal

Summary In affected versions, the SSE and Streamable HTTP server transports routed incoming requests to an existing session based only on the session identifier, without verifying that the request was authenticated as the same principal that created the session. Anyone who learned or guessed a session ID could send JSON-RPC messages on that session, regardless of which bearer token the request carried. Am I affected? Only if a developer's application server uses an HTTP transport (SSE, or Streamable HTTP in stateful mode) and authenticates requests. Ser…

mcppip
GitHub Advisory · security advisorypublishedofficialupdated 1d ago

CVE-2026-52870: MCP Python SDK: Experimental task handlers allow any client to access and cancel other clients' tasks

Summary In affected versions, the default request handlers installed by the experimental tasks feature (server.experimental.enabletasks()) did not check which session created a task before acting on it. On a server with more than one connected client, any client could observe, read results from, and cancel tasks belonging to other clients. Am I affected? Only if the developer's application server calls server.experimental.enabletasks(). If grep -r enabletasks over their codebase finds nothing, the application is not affected. Details When tasks support…

mcppip
GitHub Advisory · security advisorypublishedofficialupdated 2d ago

CVE-2026-54449: LangBot: Authenticated RCE Via MCP Configuration

Summary Any authenticated user can achieve arbitrary command execution on the LangBot servers through changing the MCP Server Configuration by added an "STDIO" MCP with an arbitrary command. Details The repository uses StdioServerParameters which is based on Anthropic's modelcontextprotocol open source, inside the code - src/langbot/pkg/provider/tools/loaders/mcp.py - StdioServerParameters is imported from mcp, which executes a given command which runs a subprocess on the target machine. Since the LangBot services are authenticated, an attacker finding…

langbotpip

recently resolved

openai · service statusresolvedofficialupdated just now

Some users are unable to access Codex

Some users are unable to access Codex is no longer listed as an active incident by OpenAI.

incident timeline

  1. resolved Some users are unable to access Codex is no longer listed as an active incident by OpenAI.
  2. monitoring We have applied the mitigation and are monitoring the recovery.