The Exploitarium Dump: A Solo Researcher's Zero-Day Shotgun Blast
Responsible disclosure is a social contract. You find the hole, you tell the vendor, they fix it, everyone sleeps better. Then along comes an anonymous researcher calling themselves bikini, and on June 29, 2026, they tore that contract up in front of everyone.
What bikini published wasn't a single vulnerability. It was an exploitarium — a GitHub repository stuffed with working proof-of-concept exploit code and write-ups for 15 zero-day vulnerabilities spanning libssh2, Splunk, RustDesk, 7-Zip, VLC, AnyDesk, OpenVPN, c-ares, Gitea, Floci, and more. No vendor was notified beforehand. No coordinated disclosure timeline. Just a dump, a warning to "please do not abuse these," and a line that says it all: "I do this so to allure people into the field."
GitHub took the repo down. It always does. But the code is out there, archived everywhere it needs to be, and attackers don't need a GitHub account to use it.
The most chilling detail? At least two of these vulnerabilities are already being exploited in the wild. Not theoretical. Not "we think someone might." Actively, right now — see When Disclosure Becomes a Death Sentence: The 24-Hour Exploit Clock Is Real for context on how fast the exploit timeline has collapsed.
Bikini's approach echoes Nightmare Eclipse, the zero-day bug hunter who has been publishing Microsoft exploits over recent months in defiance of the company's handling of vulnerability disclosures. But there's a meaningful difference. Nightmare Eclipse held a grudge against one vendor — see Unpatched, Unforgiven: Microsoft's Zero-Day Standoff with Nightmare Eclipse for the full story. bikini doesn't appear to hold a grudge against any single organization — they're casting a wide net across the entire software ecosystem. That's either more principled or more terrifying, depending on how you look at it.
The libssh2 Heap Write: A Client-Side Time Bomb
The headline vulnerability here is CVE-2026-55200, a pre-authentication heap out-of-bounds write in libssh2 — the C library that implements the SSH2 protocol and sits behind an enormous amount of infrastructure you probably interact with daily.
Here's how it works, in the way that makes your stomach drop: an attacker sends crafted SSH packets with excessively large packet_length values. The library's ssh2_transport_read() function in transport.c doesn't properly validate those values before writing to a heap buffer. Integer overflow becomes buffer overflow — CWE-680, the classic — and you end up with remote code execution before any authentication has even happened.
Versions up to and including 1.11.1 are affected. That's a lot of versions.
Tristan Madani reported the bug, and the fix landed in commit 7acf3dfda80c91c3a8c9f2372546301d4a1a7a8 (PR #2052) on June 12. Good work, Tristan. But here's where it gets frustrating for defenders: the maintainers have merged the fix into mainline but are still preparing a tagged release. In the meantime, every system running an unpatched libssh2 is sitting there with a loaded gun pointed at its head.
And The Register confirmed that active exploitation of libssh2 has been observed. Not simulated. Not in a lab. In the wild.
The NVD and VulnCheck have both independently classified this as a critical pre-auth RCE, which means any SSH client using libssh2 — and there are thousands of them embedded in everything from routers to enterprise tools — is potentially vulnerable. The patch exists. It just isn't shipped yet.
The Gitea Container Escape: Root on the Host
Then there's CVE-2026-58053, a critical flaw in Gitea's act_runner when it runs on a Docker backend. Improper privilege controls mean that anyone who can trigger the runner — and that's often not as hard as you'd think — gets a root-level container escape straight to the host machine.
Think about what that means for anyone running Gitea with CI/CD pipelines. Your runner container isn't isolated the way it should be. An attacker doesn't need to break out of Docker — they just walk through the front door.
This one's also under active exploitation, according to The Register. Two critical zero-days, both weaponized, both from the same anonymous dump. That's not a bad week for attackers.
AI Fuzzing and the Vulnpocalypse Question
Here's where things get interesting, and honestly a little uncomfortable.
Federal Signal analyst Ethan Andrews suggested that bikini likely used advanced AI models — specifically GPT-5.5 Codex — to automate fuzzing and vulnerability discovery. Whether that's true or not, it fits a pattern we've been watching closely: AI isn't just helping attackers. It's changing the entire discovery curve for defenders.
Andrews responded to the dump by building 44 KQL detection rules covering the full exploitarium repository, with language translations available for non-KQL stacks. That's the kind of rapid-response work that keeps security teams ahead — or at least not completely blindsided.
But here's the uncomfortable part: some of bikini's disclosures have been dismissed by the community as low-impact AI-fuzzing noise. And that's exactly the danger. When you flood the zone with 15 vulnerabilities, some of them are going to look like noise. The ones that matter — the libssh2 heap write, the Gitea container escape — get buried under the rest.
The Register hasn't verified bikini's claims that none of these exploits have been previously reported to vendors. That's a bold claim, and it deserves verification. But the independently confirmed high-risk findings from Andrews and others suggest that at minimum, bikini found real bugs in real software.
The repository is gone. The code persists. And the question hanging over all of this isn't whether AI will change vulnerability discovery — it already has. See how AI is reshaping Patch Tuesday with record CVE volumes for the broader picture. The question is whether our disclosure frameworks can survive the speed at which AI is pushing them.