HackerOne Disclosed Reports - 2026-07-01

0 Replies, 7 Views

Logo
High
resolved

Splatoon 3 In-Match Integrity Bypass via Consensus Reflection Attack on Unordered Peer Submission


Bug reported by Hana was disclosed at July 2, 2026, 1:26 am   |   Client-Side Enforcement of Server-Side Security

A consensus reflection attack on unordered peer submission was discovered in Splatoon 3, allowing an in-match integrity bypass.


Logo
Medium
resolved

[Splatoon 3] Kick other players with NplnLogin message


Bug reported by Alex was disclosed at July 2, 2026, 1:25 am   |   Improper Access Control - Generic

A vulnerability was discovered that allowed players to kick other players from a Splatoon 3 game using an NplnLogin message.


Logo
Low
resolved

Exceeding the maximum number of spaces allowed by exploiting a Race Condition in the Workspace creation process


Bug reported by Ali Abbas was disclosed at July 1, 2026, 5:42 pm   |   Business Logic Errors

A race condition vulnerability was discovered in the workspace creation process of SingleStore. The vulnerability allowed users to bypass the limit of one workspace per organization by sending multiple parallel requests to create workspaces. The lack of server-level locking during the creation process enabled concurrent transactions to bypass the workspace limit. The vulnerability was validated and classified as low severity due to limited practical attack vectors and financial impact. The underlying database transactional logic was subsequently patched to prevent this issue.


Logo
Low
resolved

Insecure Direct Object Reference (IDOR) allows creating folders.


Bug reported by Ali Abbas was disclosed at July 1, 2026, 5:41 pm   |   Insecure Direct Object Reference (IDOR)

An Insecure Direct Object Reference (IDOR) vulnerability was discovered in the backend API of a software product. The vulnerability allowed authenticated users with low privileges to create unauthorized folders and files in other users' workspaces within the same organization. The issue was reported, triaged, and resolved by the security team through the implementation of a patch to properly validate cluster ownership before allowing resource creation.


Logo
Low
resolved

Delete any folder for any user within the organization


Bug reported by Ali Abbas was disclosed at July 1, 2026, 5:39 pm   |   Insecure Direct Object Reference (IDOR)

A vulnerability in the SingleStore backend API allowed low-privileged users to delete folders belonging to other users within the same organization by manipulating the folder_id parameter in DELETE requests. The vulnerability was rated CVSS 3.0 Low (3.8) due to high attack complexity requiring knowledge of two UUIDs, reported on September 22, 2025, triaged on October 2, 2025, and successfully patched by SingleStore on April 21, 2026.


Logo
Low
resolved

Privilege Escalation – Access to the Alert Subscribers page for users with low privileges


Bug reported by Ali Abbas was disclosed at July 1, 2026, 5:36 pm   |   Privilege Escalation

A privilege escalation vulnerability was discovered in the SingleStore Helios alert management system. The vulnerability allowed users with low privileges to access the Alert Subscribers API endpoint and retrieve email addresses and alert severity level preferences of notification subscribers, despite lacking authorization to view this information.


Logo
Medium
resolved

Improper Input Validation — HTTP Response Parser Unconditionally Accepts Bare CR in Status Line


Bug reported by saif was disclosed at July 1, 2026, 3:39 pm   |   HTTP Request Smuggling

The llhttp HTTP response parser in Node.js up to version 24.14.1 (llhttp v9.3.0 and v9.3.1) was found to unconditionally accept a bare carriage return (CR) as a valid response status line terminator. This parsing asymmetry was present in the response path but not in the request parsing, enabling potential HTTP response queue poisoning attacks. The vulnerability was triggered in strict mode without requiring any lenient flags.


[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]



Users browsing this thread: 1 Guest(s)