Security advisoryv2026.4.1March 10, 2026

Closed Impulse injection vector via NUI iframe

Name: Raven Anticheat
Price: 20 USD
Availability: InStock
Rating: 4.9 (312 reviews)
Author: Raven Anticheat

Impulse menu was loading an injection payload through a hidden NUI iframe; that vector is now blocked at the client layer with a server-side trace fallback.

What we shipped

NUI iframe sources now whitelisted; foreign sources blocked + reported
Server-side trace fallback runs even if the client check is bypassed
Documented the vector in the public security-advisory feed

Advisory metadata

Reported by: Independent security researcher (credited in advisory)

Affected before: v2026.4.0

Stay current

Updates ship every 1-7 days. The full feed is at /changelog.

View pricing