Tag

#open-source

2 posts tagged #open-source.

Analysis · May 28, 2026 · Colten Anderson

Ingress-nginx got archived in March. The first critical CVE arrived in May.

The Kubernetes community archived ingress-nginx seven weeks before an 18-year-old heap overflow dropped in the NGINX core it ships. The fix path is now a migration project, not a patch.
Analysis · May 20, 2026 · Colten Anderson

When a vulnerability is shaped exactly like a backdoor

CVE-2021-44529 triggers when you send Ivanti's appliance a cookie that says 'ab' followed by base64 the server decodes and runs. That's not what an accidental bug looks like. Whether it was planted or just terrible code, the lesson about dependency provenance is the same.