Security Research

Wall of Fame

Vulnerabilities discovered by Tachyon that are making the internet safer. Every CVE represents real threats we helped neutralize.

3
Total CVEs
1
Critical
2
High

Recent Discoveries

Sorted by severity
criticalCVSS 9.4

CVE-2026-24780

Remote Code Execution via Disabled Block Execution

A critical authorization flaw in AutoGPT Platform allows authenticated users to bypass security controls and achieve remote code execution by exploiting endpoints that fail to validate the disabled flag on blocks.

AutoGPT Platform v0.1.0+
Published 2026-01-29
highCVSS 8.1

CVE-2025-14297

Authorization Bypass in MLflow Basic Auth

Authenticated non-admin users can bypass per-object authorization and access or modify restricted resources via unprotected Flask routes and GraphQL endpoints when basic-auth is enabled.

MLflow v2.3.2
Published 2025-08-21
highCVSS 7.4

CVE-2026-24123

Path Traversal via Bentofile Configuration

Attackers can craft a malicious bentofile that exfiltrates arbitrary files from the filesystem into the bento archive through insufficient path validation in configuration file processing.

BentoML ≤1.4.33
Published 2026-01-26

More discoveries coming soon

We're constantly finding and responsibly disclosing vulnerabilities