Exploitarium: 130 0-Days Dropped—Two Are Critical Now

An anonymous GitHub researcher published 130+ unpatched proof-of-concept exploits, including two critical vulnerabilities: CVE-2026-55200 in libssh2 (CVSS 9.2, pre-authentication RCE) and CVE-2026-20896 in Gitea (authentication bypass). The mass disclosure without vendor notification has sparked debate about responsible disclosure, with security engineers questioning the validity of many findings as AI-generated noise.

An anonymous GitHub researcher operating as “bikini” published the exploitarium https://github.com/bikini/exploitarium this week — a repository of 130+ unpatched proof-of-concept exploits spanning 22 software projects, released without notifying a single vendor. By June 28, 2026, it was sitting at 5 on Hacker News https://news.ycombinator.com/item?id=48698617 with 726 points and 284 comments. Two of those findings are critically dangerous today: CVE-2026-55200 in libssh2 CVSS 9.2, pre-authentication RCE and CVE-2026-20896 in Gitea an authentication bypass letting anyone impersonate any user . The rest? Security engineers in the HN thread are calling much of it AI-generated noise dressed as critical findings. Two CVEs That Are Actually Dangerous CVE-2026-55200 is the one that should stop you cold. The vulnerability lives in libssh2’s ssh2 transport read function, which fails to upper-bound validate the packet length field in incoming SSH packets. An attacker supplies an oversized value, triggers an integer overflow, and gets an out-of-bounds heap write — before authentication. No credentials required. Just a connection. Every version of libssh2 through 1.11.1 is affected, and because libssh2 sits underneath curl, Git, PHP, and a long list of other tools, “obscure SSH library” dramatically undersells its blast radius. The fix is tracked in the official GitHub Advisory GHSA-r8mh-x5qv-7gg2 https://github.com/advisories/GHSA-r8mh-x5qv-7gg2 . CVE-2026-20896 is a different kind of bad. Gitea’s official Docker images shipped with REVERSE PROXY TRUSTED PROXIES = as a default — meaning any source IP could send X-WEBAUTH-USER: admin in a single HTTP header and gain full administrative access. No exploit chain needed. If you’re running Gitea via Docker Hub’s official image and haven’t updated to 1.26.3 or 1.26.4 https://blog.gitea.com/release-of-1.26.3-and-1.26.4/ , your instance is wide open. Gitea confirmed the fix in its release blog and has made reverse-proxy authentication opt-in going forward. The Disclosure Problem No One Is Talking About The deeper issue isn’t the bugs themselves — it’s the timing. When a researcher publishes a PoC without telling the vendor, defenders and attackers find out simultaneously. There’s no patch to apply. You’re exposed the moment the repo goes public. This is precisely what makes mass-drops different from coordinated disclosure, where researchers give vendors a defined window — typically 90 days, per Google Project Zero’s standard — to patch before anything goes public. Microsoft learned this the hard way in May 2026. A researcher known as Chaotic Eclipse mass-dropped six Windows zero-days without prior notification. Microsoft’s response was unambiguous https://thehackernews.com/2026/05/microsoft-slams-public-zero-day.html : “The details of these vulnerabilities were not shared with Microsoft prior to release, and the disclosures put our customers at unnecessary risk.” Three of those six bugs — BlueHammer, RedSun, and UnDefend — were subsequently exploited in the wild. GitHub removed the account. The “bikini” exploitarium follows the same playbook. The researcher’s stated motivation — “alluring people into the field” — doesn’t survive contact with a CVSS 9.2 score landing publicly with no patch in sight. When AI Lowers the Bar for “Critical” Findings The HN thread’s 284 comments are worth reading for a different reason: experienced security engineers are auditing the claims in real time. The verdict on many entries is harsh. Ghidra findings are described as “weak” — they require pre-existing system access to exploit. The VLC VP9 entry is dismissed as routine crash behavior, not a meaningful attack vector. Multiple commenters point to what they see as AI-assisted fuzzing artifacts: edge cases that trigger in a controlled harness but can’t be weaponized against a real target. One commenter’s summary lands precisely: “726 points on HN doesn’t mean 726 real vulnerabilities.” This is the emerging quality crisis in AI-assisted security research. Practitioners report that approximately 80% of findings from automated AI-based scanning are false positives. The technology lowers the discovery barrier — which is genuinely useful — but it also raises the noise floor. The exploitarium researcher acknowledged using AI for fuzzing automation with custom harnesses. However, the output still needs human triage before it hits the internet labeled as “critical.” That triage step is missing here, and the community noticed. Related: CVE-2026-LGTM: Your AI Security Stack Has No Humans Key Takeaways - Patch libssh2 immediately: update to the version containing commit 7acf3df. If you use curl, Git, or PHP on a Linux server, you likely have libssh2 as a transitive dependency. - Update Gitea to 1.26.3 or 1.26.4 if running the Docker deployment — the authentication bypass is trivially exploitable with no prior access. - Treat the remaining exploitarium entries as unverified threat intelligence, not a list of confirmed critical vulnerabilities. - Full disclosure without vendor notice gives attackers and defenders equal starting lines. When the bug carries a CVSS 9.2 score, that’s not an acceptable tradeoff regardless of the researcher’s intent. - AI-assisted vulnerability research has a real signal-to-noise problem in 2026. High HN point counts are a virality metric, not a severity metric.