Anonymous researcher publishes exploit code for multiple zero-day flaws
An anonymous researcher using the handle bikini has published a GitHub repository containing proof-of-concept exploit code and write-ups for alleged zero-day vulnerabilities affecting 15 products and...
An anonymous researcher using the handle bikini has published a GitHub repository containing proof-of-concept exploit code and write-ups for alleged zero-day vulnerabilities affecting 15 products and open source projects. The repository, called exploitarium, has since been removed, but not before drawing attention from security teams and other researchers.
According to reports, at least two of the issues referenced in the dump are already being actively abused. One is CVE-2026-55200, a critical pre-authentication remote code execution flaw in libssh2, the client-side C library used to implement SSH2. The vulnerability involves crafted SSH packets with overly large packet_length values that can corrupt heap memory and may allow remote code execution. Maintainers have merged a fix into the main development branch, though a release containing the patch is still pending.
The second issue is CVE-2026-58053, which affects Gitea act_runner on the Docker backend. Security researchers describe it as a privilege-control problem that can lead to root-level container escape.
Scope of the repository
The repository reportedly included material related to several widely used tools and services, including:
- libssh2
- Splunk
- RustDesk
- 7-Zip
- VLC
- AnyDesk
- OpenVPN
- c-ares
- Gitea
- Floci
The researcher claimed the vulnerabilities had not previously been reported, and encouraged others to submit findings and claim credit if CVEs were assigned. Those claims have not been independently verified. Security observers also noted that some of the material may have been generated or assisted by advanced AI tools, although that too remains unconfirmed.
After the repository surfaced, other analysts began building detection rules and monitoring guidance based on the disclosed proof-of-concepts. Even with the GitHub takedown, the episode is likely to keep circulating among attackers and defenders, as exploit code and vulnerability details often reappear after removal.
