What you need to know today.

CVE-2026-9465 and CVE-2026-9466 hit Tiandy Easy7 Integrated Management Platform 7.17.0, a widely deployed video surveillance management system. CVE-2026-9465 is an unauthenticated SQL injection in the /Easy7/apps/WebService/GetDBDataEx.jsp endpoint via the strTBName parameter, allowing attackers to extract or manipulate backend database contents. CVE-2026-9466 is a weak password-change API at /rest/user/updateUserPassword that permits unauthorized password resets without proper authentication checks. Together, these flaws give an unauthenticated remote attacker full administrative control over the surveillance platform — enabling camera feed access, configuration tampering, and lateral movement into the broader OT network. No patches or mitigations have been published by Tiandy as of this writing.

CVE-2026-9475 affects the Totolink A8000RU router (firmware 7.1cu.643_b20200521), a budget SOHO device with significant global deployment. The vulnerability resides in the setIpQosRules function within /cgi-bin/cstecgi.cgi — the web management interface — where the Comment argument is passed unsanitized into an OS command execution context. An unauthenticated attacker on the LAN (or WAN if remote management is enabled) can inject arbitrary operating system commands, achieving full device compromise. Given that Totolink has a poor track record of patching legacy firmware and that this device reached end-of-life years ago, no fix is expected. Affected users should isolate the management interface from the internet and consider replacing the hardware.

CVE-2026-9473 in c-rick jimeng-mcp 1.10.0 is a path-traversal vulnerability in the MCP (Model Context Protocol) server implementation. The flaw affects multiple functions in src/api.ts — getFileContent, uploadCoverFile, generateImage, and generateVideo — where the filePath argument is not sanitized, allowing an attacker to read or write files outside the intended directory. Because MCP servers often run with elevated privileges alongside AI coding assistants (e.g., Cursor, Windsurf), exploitation could leak API keys, source code, or SSH credentials from the host filesystem. The maintainer has not yet released a patched version. Users should restrict network access to the MCP server and validate file paths at the application layer.

CVE-2026-9467 in debugmcp mcp-debugger up to 0.20.0 is a path-traversal vulnerability in the handleGetSourceContext function of src/server.ts. This MCP debugging tool is used by developers to inspect runtime state during AI-assisted coding sessions. The lack of path sanitization means an attacker who can reach the MCP server (often bound to localhost but exposed in shared development environments) can read arbitrary files from the filesystem. Given the debugger's access to the project directory and environment variables, this could expose cloud provider credentials, database connection strings, and proprietary source code. No patch is available; users should ensure the service is not exposed beyond trusted hosts.

CVE-2026-9468 in dazeb cline-mcp-memory-bank (up to commit 55c81b9) is a prompt-injection vulnerability in the handleInitializeMemoryBank function of src/index.ts. This MCP server acts as a persistent memory layer for AI coding assistants, storing and retrieving context across sessions. The flaw allows an attacker to inject malicious instructions into the memory bank initialization flow, potentially causing the AI assistant to execute unintended actions or leak sensitive data from prior conversations. As MCP-based tools gain adoption in enterprise development workflows, prompt-injection vectors represent a novel and poorly understood attack surface. No patch has been released; users should audit memory-bank content and restrict write access to the MCP server.

CVE-2026-9472 in dazeb markdown-downloader (up to commit 3d4394b3) is a path-traversal vulnerability in the download_markdown, list_downloaded_files, and create_subdirectory functions of src/index.ts. This tool fetches and stores markdown content from URLs, and the lack of path validation allows an attacker to write files to arbitrary locations on the host filesystem. In CI/CD environments where such downloaders are used to fetch documentation or release notes, exploitation could lead to arbitrary file write and potentially code execution if the written file is later executed or included. No patch is available; users should sandbox the tool in a container or restrict its write permissions.