RCE via deserialization · sandbox escape · denial of service · publishing through mid-2026
Pending
Active coordinated disclosures in progress. Full public disclosure begins June 2026. All findings follow a 90-day coordinated window with maintainers before publication.