Alexander Constantinou — Security Blog

Alexander Constantinou — Security Blog https://alexanderconstantinou.uk/blog/ Security research, penetration testing writeups, and CVE analysis by Alexander Constantinou — Senior Penetration Tester. en-gb 2026 Alexander Constantinou Thu, 21 May 2026 00:00:00 +0000 CVE-2026-48102: OpenSSH GSSAPI Pre-Auth Heap Race RCE https://alexanderconstantinou.uk/blog/posts/cve-2026-48102-openssh-gssapi-preauth-rce.html https://alexanderconstantinou.uk/blog/posts/cve-2026-48102-openssh-gssapi-preauth-rce.html Thu, 21 May 2026 00:00:00 +0000 CVE Analysis HTB: Nexus — Nexus Repository RCE to Sudo Vim Escape https://alexanderconstantinou.uk/blog/posts/htb-nexus.html https://alexanderconstantinou.uk/blog/posts/htb-nexus.html Sat, 16 May 2026 00:00:00 +0000 HackTheBox CVE-2026-47219: Ruby on Rails ActionPack Marshal Deserialization RCE https://alexanderconstantinou.uk/blog/posts/cve-2026-47219-rails-actionpack-marshal-rce.html https://alexanderconstantinou.uk/blog/posts/cve-2026-47219-rails-actionpack-marshal-rce.html Tue, 12 May 2026 00:00:00 +0000 CVE Analysis HTB: Oasis — LFI Log Poisoning to Docker Socket Escape https://alexanderconstantinou.uk/blog/posts/htb-oasis.html https://alexanderconstantinou.uk/blog/posts/htb-oasis.html Sat, 09 May 2026 00:00:00 +0000 HackTheBox CVE-2026-46580: Palo Alto GlobalProtect Gateway Pre-Auth Heap Buffer Overflow RCE https://alexanderconstantinou.uk/blog/posts/cve-2026-46580-paloalto-globalprotect-rce.html https://alexanderconstantinou.uk/blog/posts/cve-2026-46580-paloalto-globalprotect-rce.html Fri, 08 May 2026 00:00:00 +0000 CVE Analysis HTB: Phantom — Kerberoasting to LAPS to Domain Admin https://alexanderconstantinou.uk/blog/posts/htb-phantom.html https://alexanderconstantinou.uk/blog/posts/htb-phantom.html Thu, 07 May 2026 00:00:00 +0000 HackTheBox CVE-2026-45887: F5 BIG-IP iControl REST Authentication Bypass and Remote Code Execution https://alexanderconstantinou.uk/blog/posts/cve-2026-45887-f5-bigip-tmui-auth-bypass-rce.html https://alexanderconstantinou.uk/blog/posts/cve-2026-45887-f5-bigip-tmui-auth-bypass-rce.html Wed, 06 May 2026 00:00:00 +0000 CVE Analysis CVE-2026-45201: Ivanti Connect Secure Pre-Auth SSRF to Remote Code Execution https://alexanderconstantinou.uk/blog/posts/cve-2026-45201-ivanti-connect-secure-ssrf-rce.html https://alexanderconstantinou.uk/blog/posts/cve-2026-45201-ivanti-connect-secure-ssrf-rce.html Mon, 05 May 2026 00:00:00 +0000 CVE Analysis HTB: Wraith — Pug SSTI to Root via Sudo Wildcard https://alexanderconstantinou.uk/blog/posts/htb-wraith.html https://alexanderconstantinou.uk/blog/posts/htb-wraith.html Mon, 04 May 2026 00:00:00 +0000 HackTheBox CVE-2026-44891: Confluence Server OGNL Injection Remote Code Execution https://alexanderconstantinou.uk/blog/posts/cve-2026-44891-confluence-ognl-rce.html https://alexanderconstantinou.uk/blog/posts/cve-2026-44891-confluence-ognl-rce.html Sun, 03 May 2026 00:00:00 +0000 CVE Analysis CVE-2026-43112: Apache Tomcat Partial PUT Remote Code Execution https://alexanderconstantinou.uk/blog/posts/cve-2026-43112-tomcat-partial-put-rce.html https://alexanderconstantinou.uk/blog/posts/cve-2026-43112-tomcat-partial-put-rce.html Sat, 02 May 2026 00:00:00 +0000 CVE Analysis HTB: Reaper — XXE SSRF to Shadow Credentials to SYSTEM https://alexanderconstantinou.uk/blog/posts/htb-reaper.html https://alexanderconstantinou.uk/blog/posts/htb-reaper.html Tue, 28 Apr 2026 00:00:00 +0000 HackTheBox CVE-2026-41203: Next.js Middleware Authentication Bypass via Internal Header Injection https://alexanderconstantinou.uk/blog/posts/cve-2026-41203-nextjs-auth-bypass.html https://alexanderconstantinou.uk/blog/posts/cve-2026-41203-nextjs-auth-bypass.html Tue, 28 Apr 2026 00:00:00 +0000 CVE Analysis CVE-2026-40891: VMware vCenter Server Pre-Auth File Upload RCE https://alexanderconstantinou.uk/blog/posts/cve-2026-40891-vcenter-file-upload-rce.html https://alexanderconstantinou.uk/blog/posts/cve-2026-40891-vcenter-file-upload-rce.html Tue, 28 Apr 2026 00:00:00 +0000 CVE Analysis HTB: Fluffy — ADCS ESC4 to Domain Admin via Certificate Template Write https://alexanderconstantinou.uk/blog/posts/htb-fluffy.html https://alexanderconstantinou.uk/blog/posts/htb-fluffy.html Mon, 27 Apr 2026 00:00:00 +0000 HackTheBox CVE-2026-39801: Fortinet FortiGate SSL-VPN Pre-Auth RCE via OOB Write https://alexanderconstantinou.uk/blog/posts/cve-2026-39801-fortigate-sslvpn-rce.html https://alexanderconstantinou.uk/blog/posts/cve-2026-39801-fortigate-sslvpn-rce.html Mon, 27 Apr 2026 00:00:00 +0000 CVE Analysis CVE-2026-38112: Erlang/OTP SSH Pre-Auth RCE via Protocol Layer Confusion https://alexanderconstantinou.uk/blog/posts/cve-2026-38112-erlang-otp-ssh-rce.html https://alexanderconstantinou.uk/blog/posts/cve-2026-38112-erlang-otp-ssh-rce.html Mon, 27 Apr 2026 00:00:00 +0000 CVE Analysis HTB: Spectre — SAML Assertion Forgery to SYSTEM via Constrained Delegation https://alexanderconstantinou.uk/blog/posts/htb-spectre.html https://alexanderconstantinou.uk/blog/posts/htb-spectre.html Sun, 26 Apr 2026 00:00:00 +0000 HackTheBox CVE-2026-36540: GitLab CE/EE SSRF to RCE via Sidekiq Redis Injection https://alexanderconstantinou.uk/blog/posts/cve-2026-36540-gitlab-ssrf-rce.html https://alexanderconstantinou.uk/blog/posts/cve-2026-36540-gitlab-ssrf-rce.html Sat, 25 Apr 2026 00:00:00 +0000 CVE Analysis CVE-2026-36128: Veeam Backup & Replication Pre-Auth Deserialization RCE https://alexanderconstantinou.uk/blog/posts/cve-2026-36128-veeam-br-rce.html https://alexanderconstantinou.uk/blog/posts/cve-2026-36128-veeam-br-rce.html Sat, 25 Apr 2026 00:00:00 +0000 CVE Analysis CVE-2026-33825: Windows Defender "BlueHammer" LPE to SYSTEM https://alexanderconstantinou.uk/blog/posts/cve-2026-33825-windows-defender-bluehammer.html https://alexanderconstantinou.uk/blog/posts/cve-2026-33825-windows-defender-bluehammer.html Fri, 24 Apr 2026 00:00:00 +0000 CVE Analysis CVE-2023-27351: PaperCut NG/MF Auth Bypass — 3 Years On, Into CISA KEV https://alexanderconstantinou.uk/blog/posts/cve-2023-27351-papercut-auth-bypass.html https://alexanderconstantinou.uk/blog/posts/cve-2023-27351-papercut-auth-bypass.html Fri, 24 Apr 2026 00:00:00 +0000 CVE Analysis HTB: Strutted — CVE-2024-53677 Path Traversal to Root via tcpdump https://alexanderconstantinou.uk/blog/posts/htb-strutted.html https://alexanderconstantinou.uk/blog/posts/htb-strutted.html Fri, 24 Apr 2026 00:00:00 +0000 HackTheBox CVE-2025-32975: Quest KACE SMA SSO Auth Bypass — Admin Takeover https://alexanderconstantinou.uk/blog/posts/cve-2025-32975-quest-kace-auth-bypass.html https://alexanderconstantinou.uk/blog/posts/cve-2025-32975-quest-kace-auth-bypass.html Thu, 23 Apr 2026 00:00:00 +0000 CVE Analysis CVE-2026-34197: Apache ActiveMQ Jolokia RCE — 13 Years in the Wild https://alexanderconstantinou.uk/blog/posts/cve-2026-34197-activemq-jolokia-rce.html https://alexanderconstantinou.uk/blog/posts/cve-2026-34197-activemq-jolokia-rce.html Thu, 23 Apr 2026 00:00:00 +0000 CVE Analysis HTB: Cypher — Neo4j Cypher Injection to Root via BBOT https://alexanderconstantinou.uk/blog/posts/htb-cypher.html https://alexanderconstantinou.uk/blog/posts/htb-cypher.html Thu, 23 Apr 2026 00:00:00 +0000 HackTheBox CVE-2026-34621: Adobe Acrobat Reader Prototype Pollution Zero-Day https://alexanderconstantinou.uk/blog/posts/cve-2026-34621-adobe-acrobat-prototype-pollution.html https://alexanderconstantinou.uk/blog/posts/cve-2026-34621-adobe-acrobat-prototype-pollution.html Mon, 21 Apr 2026 00:00:00 +0000 CVE Analysis CVE-2026-20122/20128/20133: Cisco SD-WAN Manager CISA KEV Trio https://alexanderconstantinou.uk/blog/posts/cve-2026-20122-20128-20133-cisco-sdwan.html https://alexanderconstantinou.uk/blog/posts/cve-2026-20122-20128-20133-cisco-sdwan.html Mon, 21 Apr 2026 00:00:00 +0000 CVE Analysis HTB: Eighteen — MSSQL Impersonation to Domain Admin via BadSuccessor https://alexanderconstantinou.uk/blog/posts/htb-eighteen.html https://alexanderconstantinou.uk/blog/posts/htb-eighteen.html Mon, 21 Apr 2026 00:00:00 +0000 HackTheBox HTB: Browsed — Chrome Extension SSRF to Root via pycache Poisoning https://alexanderconstantinou.uk/blog/posts/htb-browsed.html https://alexanderconstantinou.uk/blog/posts/htb-browsed.html Mon, 21 Apr 2026 00:00:00 +0000 HackTheBox HTB: Expressway — IKE PSK Cracking to Root via sudo Hostname Edge Case https://alexanderconstantinou.uk/blog/posts/htb-expressway.html https://alexanderconstantinou.uk/blog/posts/htb-expressway.html Mon, 21 Apr 2026 00:00:00 +0000 HackTheBox CVE-2026-33824: Windows IKE Double-Free RCE https://alexanderconstantinou.uk/blog/posts/cve-2026-33824-windows-ike-rce.html https://alexanderconstantinou.uk/blog/posts/cve-2026-33824-windows-ike-rce.html Sun, 19 Apr 2026 00:00:00 +0000 CVE Analysis HTB: Snapped — Nginx UI Backup Disclosure to Root via snapd Race https://alexanderconstantinou.uk/blog/posts/htb-snapped.html https://alexanderconstantinou.uk/blog/posts/htb-snapped.html Sun, 19 Apr 2026 00:00:00 +0000 HackTheBox CVE-2026-33032: nginx-ui "MCPwn" — Unauthenticated Full Server Takeover https://alexanderconstantinou.uk/blog/posts/cve-2026-33032-nginx-ui-mcpwn.html https://alexanderconstantinou.uk/blog/posts/cve-2026-33032-nginx-ui-mcpwn.html Thu, 16 Apr 2026 00:00:00 +0000 CVE Analysis CVE-2026-32201: SharePoint Server Zero-Day Spoofing — April Patch Tuesday https://alexanderconstantinou.uk/blog/posts/cve-2026-32201-sharepoint-spoofing-zero-day.html https://alexanderconstantinou.uk/blog/posts/cve-2026-32201-sharepoint-spoofing-zero-day.html Mon, 14 Apr 2026 00:00:00 +0000 CVE Analysis CVE-2026-4634 & CVE-2026-4636: Keycloak DoS and UMA Policy Bypass https://alexanderconstantinou.uk/blog/posts/cve-2026-4634-4636-keycloak.html https://alexanderconstantinou.uk/blog/posts/cve-2026-4634-4636-keycloak.html Thu, 10 Apr 2026 00:00:00 +0000 CVE Analysis CVE-2026-35616: FortiClient EMS Pre-Auth API Bypass https://alexanderconstantinou.uk/blog/posts/cve-2026-35616-forticlient-ems-auth-bypass.html https://alexanderconstantinou.uk/blog/posts/cve-2026-35616-forticlient-ems-auth-bypass.html Tue, 08 Apr 2026 00:00:00 +0000 CVE Analysis CVE-2026-33634: Trivy Supply Chain Attack — From Scanner to Stealer https://alexanderconstantinou.uk/blog/posts/cve-2026-33634-trivy-supply-chain.html https://alexanderconstantinou.uk/blog/posts/cve-2026-33634-trivy-supply-chain.html Thu, 27 Mar 2026 00:00:00 +0000 CVE Analysis HTB: Conversor — XSLT Injection to Root https://alexanderconstantinou.uk/blog/posts/htb-conversor.html https://alexanderconstantinou.uk/blog/posts/htb-conversor.html Tue, 10 Mar 2026 00:00:00 +0000 HackTheBox CVE-2026-33017: Langflow Unauthenticated RCE via Code Injection https://alexanderconstantinou.uk/blog/posts/cve-2026-33017-langflow-rce.html https://alexanderconstantinou.uk/blog/posts/cve-2026-33017-langflow-rce.html Fri, 20 Mar 2026 00:00:00 +0000 CVE Analysis HTB: NanoCorp — CVE-2025-24071 NTLM Coerce to Domain Admin https://alexanderconstantinou.uk/blog/posts/htb-nanocorp.html https://alexanderconstantinou.uk/blog/posts/htb-nanocorp.html Fri, 05 Dec 2025 00:00:00 +0000 HackTheBox HTB: Voleur — Kerberoasting, WriteSPN & DPAPI in a Kerberos-Only AD https://alexanderconstantinou.uk/blog/posts/htb-voleur.html https://alexanderconstantinou.uk/blog/posts/htb-voleur.html Sat, 08 Nov 2025 00:00:00 +0000 HackTheBox HTB: Nocturnal — IDOR, Command Injection & ISPConfig RCE https://alexanderconstantinou.uk/blog/posts/htb-nocturnal.html https://alexanderconstantinou.uk/blog/posts/htb-nocturnal.html Sat, 16 Aug 2025 00:00:00 +0000 HackTheBox CVE-2025-53770: SharePoint "ToolShell" Unauthenticated RCE https://alexanderconstantinou.uk/blog/posts/cve-2025-53770-sharepoint-toolshell.html https://alexanderconstantinou.uk/blog/posts/cve-2025-53770-sharepoint-toolshell.html Fri, 25 Jul 2025 00:00:00 +0000 CVE Analysis HTB: Dog — Exposed Git Repo to Root via BackdropCMS https://alexanderconstantinou.uk/blog/posts/htb-dog.html https://alexanderconstantinou.uk/blog/posts/htb-dog.html Fri, 05 Sep 2025 00:00:00 +0000 HackTheBox