While working on the Drupal module Services, the Ambionics Security team discovered a critical remote code execution vulnerability.