CVE-2026-6878 — ByteDance Verl Vulnerability

/MEDIUM /CVSS 5.6/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
National Vulnerability Database vulnerabilitycvemedium-severitycwe-264cwe-265
CVE-2026-6878 — ByteDance Verl Vulnerability

CVE-2026-6878 — A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability

What This Means For You

  • If your environment is affected by CWE-264, CWE-265, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-6878 updates and patches.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1560.001 Archive Collected Data: Archive via Utility Collection T1071.004 Web Protocols: DNS Command and Control

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

CVE-2026-6878 - ByteDance verl math_equal Sandbox Escape Attempt

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Export via Bot →

Indicators of Compromise

IDTypeIndicator
CVE-2026-6878 vulnerability CVE-2026-6878
CWE-264 weakness CWE-264
CWE-265 weakness CWE-265

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 23, 2026 at 03:16 UTC

This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.

Believe this infringes your rights? Submit a takedown request.

Related Posts

CVE-2026-6874 — A vulnerability was determined in ericc-ch copilot-api up

CVE-2026-6874 — A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header...

vulnerabilityCVEmedium-severitycwe-350
/SCW Vulnerability Desk /MEDIUM /4.3 /⚑ 2 IOCs /⚙ 2 Sigma

IBM Storage Console Flaw: Unauthenticated RCE Risk

CVE-2026-5935 — IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands...

vulnerabilityCVEhigh-severitycwe-78
/SCW Vulnerability Desk /HIGH /7.3 /⚑ 3 IOCs /⚙ 3 Sigma

CVE-2026-5926 — IBM Verify Identity Access Container 11.0 through 11.0.2

CVE-2026-5926 — IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0...

vulnerabilityCVEmedium-severity
/SCW Vulnerability Desk /MEDIUM /6.5 /⚑ 1 IOC /⚙ 2 Sigma