Aviatrix Threat Research Center

In February 2026, a critical remote code execution (RCE) vulnerability, identified as CVE-2026-27794, was discovered in LangGraph's caching layer. This flaw allowed attackers with write access to the cache backend to inject malicious serialized objects, leading to arbitrary code execution upon deserialization by the LangGraph process. The vulnerability affected versions of langgraph-checkpoint prior to 4.0.0 and was particularly concerning for applications utilizing cache backends inheriting from BaseCache with nodes opted into caching via CachePolicy. ([sentinelone.com](https://www.sentinelone.com/vulnerability-database/cve-2026-27794/?utm_source=openai)) This incident underscores the persistent risks associated with deserialization of untrusted data, especially in AI frameworks. Organizations leveraging LangGraph for AI agent orchestration must ensure they have updated to version 4.0.0 or later to mitigate this vulnerability. The event highlights the critical need for secure coding practices and regular security assessments in AI development environments.

In June 2026, critical vulnerabilities were identified in Yarbo's Android and iOS mobile applications and cloud infrastructure. These flaws included hard-coded MQTT broker credentials and inadequate authorization controls, allowing unauthorized access to telemetry data and remote command execution on Yarbo's robotic devices. Exploitation of these vulnerabilities could lead to unauthorized control over the robot fleet and exposure of sensitive user information. Yarbo has since released updates to address these issues, urging users to update their applications to version 3.17.4 or later. This incident underscores the persistent risks associated with hard-coded credentials and misconfigured cloud services in IoT devices. As the adoption of connected devices continues to rise, ensuring robust security measures and regular updates is crucial to prevent unauthorized access and potential exploitation.

In June 2026, Tenet Security identified a novel attack method termed 'Agentjacking,' which exploits AI coding agents by injecting malicious code through manipulated error reports in Sentry, an open-source error-tracking platform. Attackers can send crafted error events to Sentry using publicly accessible Data Source Names (DSNs), embedding commands that AI agents interpret and execute as legitimate diagnostic steps. This technique allows unauthorized code execution on developer machines, potentially exposing sensitive data such as environment variables, Git credentials, and private repository URLs. The Agentjacking attack underscores the growing security risks associated with integrating AI coding agents into development workflows. As these agents gain broader access to codebases and tools, they become attractive targets for exploitation. This incident highlights the urgent need for robust security measures and governance frameworks to manage the deployment and operation of AI agents, ensuring they do not inadvertently become vectors for cyberattacks.

In June 2026, Oracle disclosed a critical vulnerability (CVE-2026-35273) in PeopleSoft PeopleTools versions 8.61 and 8.62, which allows unauthenticated remote code execution. The ShinyHunters cybercriminal group exploited this zero-day flaw to breach over 100 organizations, primarily in the education sector, leading to significant data theft and extortion attempts. Oracle has released emergency mitigations and is preparing a patch to address this vulnerability. This incident underscores the increasing targeting of enterprise resource planning (ERP) systems by cybercriminals, highlighting the necessity for organizations to promptly apply security updates and implement robust monitoring to detect unauthorized access attempts.

In June 2026, security researchers from Imperva and Varonis identified critical vulnerabilities in OpenClaw, a widely used self-hosted AI agent. Imperva demonstrated that attackers could embed malicious instructions within shared contacts, vCards, and location pins, leading the agent to execute unauthorized code without user awareness. Varonis revealed that OpenClaw could be manipulated through standard emails to exfiltrate sensitive data, such as AWS keys and customer information, to external addresses. These findings underscore the agent's susceptibility to prompt injection attacks and its overreliance on unverified inputs, posing significant security risks to users. The rapid adoption of AI agents like OpenClaw has outpaced the development of robust security measures, highlighting the urgent need for comprehensive governance frameworks. Organizations must reassess their deployment strategies, implement stringent access controls, and ensure continuous monitoring to mitigate the risks associated with autonomous AI systems operating within their environments.