Skip to content

feat: add missing English vuln rules for crewai and lobehub#460

Open
NY1024 wants to merge 1 commit into
Tencent:mainfrom
NY1024:add-vuln-en-translations
Open

feat: add missing English vuln rules for crewai and lobehub#460
NY1024 wants to merge 1 commit into
Tencent:mainfrom
NY1024:add-vuln-en-translations

Conversation

@NY1024

@NY1024 NY1024 commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Add the missing English vulnerability rule files to data/vuln_en/ to ensure the Chinese and English vulnerability databases remain synchronized.

Missing Files

A comparison between data/vuln/ and data/vuln_en/ revealed that the following components have Chinese vulnerability rules but lack corresponding English versions:

crewai (3 files)

  • CVE-2026-2275.yaml: RCE caused by CodeInterpreterTool SandboxPython fallback
  • CVE-2026-2286.yaml: SSRF vulnerability allowing access to internal networks and cloud metadata endpoints
  • CVE-2026-2287.yaml: Docker runtime check bypass leading to RCE via insecure sandbox fallback

lobehub (1 file)

  • CVE-2026-39411.yaml: Authentication bypass in the webapi layer due to trust in a client-controlled XOR obfuscation header

Description

These 4 components already have corresponding files in data/vuln/ (Chinese version) but were missing from data/vuln_en/ (English version).
This PR adds the missing English versions, keeping the content consistent with the Chinese versions to ensure the integrity of the bilingual vulnerability databases.

- crewai: CVE-2026-2275 (SandboxPython RCE), CVE-2026-2286 (SSRF), CVE-2026-2287 (Docker check bypass RCE)
- lobehub: CVE-2026-39411 (XOR auth bypass)

These components had Chinese vuln rules in data/vuln/ but were missing
their English counterparts in data/vuln_en/.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant