// CVE Tracker

CVE-2026-25874 is a critical unauthenticated remote code execution vulnerability in Hugging Face's LeRobot robotics AI framework caused by the use of Python pickle deserialization to process attacker-controlled data in the gRPC remote control and dataset streaming server. The gRPC server binds to all interfaces by default, exposing the endpoint to any network-accessible host. A remote unauthenticated attacker can send a crafted pickle payload to execute arbitrary operating system commands in the context of the LeRobot server process. No patch is available at time of disclosure.

CVE-2026-43284 is the xfrm/ESP component of the 'Dirty Frag' Linux kernel privilege escalation chain. A race condition in the xfrm (IPsec transform) subsystem's page-cache management allows a local user to corrupt kernel memory in a deterministic manner — unlike most Linux kernel race conditions, this path does not require timing luck. Exploitation reliably escalates a local user account to root. The vulnerability affects all major Linux distributions running kernel versions 5.10 through 6.9. This CVE is the first of two constituent components of the Dirty Frag exploit chain; the second is CVE-2026-43500 (RxRPC page-cache corruption).

CVE-2026-43500 is the RxRPC component of the 'Dirty Frag' Linux kernel privilege escalation chain. A page-cache corruption vulnerability in the RxRPC (AFS/Kerberos transport) subsystem allows a local user to achieve controlled kernel memory corruption as part of the chained Dirty Frag exploit. In combination with CVE-2026-43284 (xfrm/ESP race condition), the full chain reliably escalates a local user to root on a deterministic, single-attempt basis across all major Linux distributions running kernel 5.10–6.9. A working public proof-of-concept exploit exists. No kernel patch is available.

OS command injection in the D-Link DIR-823X web management interface via the SiteList parameter of the /goform/set_prohibiting endpoint. Authenticated attackers can inject shell commands executing as root. D-Link DIR-823X reached end of life in January 2025 — no patch will be issued. Actively exploited by Mirai botnet campaigns documented by Akamai; added to CISA Known Exploited Vulnerabilities catalogue April 2026. Federal deadline for FCEB agencies: May 19, 2026. Only remediation is device replacement.

A maximum-severity code injection vulnerability (CWE-94) in Craft CMS allows unauthenticated remote attackers to execute arbitrary PHP code on any accessible Craft installation. The vulnerability affects all major version branches from 3.0.0-RC1 through the respective unpatched minor versions. Orange Cyberdefense SensePost assessed exploitation began as a zero-day approximately February 2025. The Mimo intrusion set (aka Hezb) actively exploits this CVE to deploy cryptocurrency miners and residential proxy malware on compromised servers. CISA added CVE-2025-32432 to the Known Exploited Vulnerabilities catalogue on 20 March 2026, with a federal patch deadline of 3 April 2026.

A SQL injection vulnerability in Quest KACE Systems Management Appliance (SMA) allows an unauthenticated, network-accessible attacker to execute arbitrary SQL against the appliance database without any credentials. KACE SMA is an enterprise endpoint management and patch deployment platform — its database contains device inventories, software deployment records, patch compliance status, credentials used by managed agents, and configuration data for all managed endpoints. The vulnerability was added to the CISA Known Exploited Vulnerabilities catalogue, confirming active exploitation in the wild. Federal agencies face a remediation deadline of May 4, 2026.

A code injection vulnerability in the CustomMCP node of Flowise, the open-source AI workflow builder, allows unauthenticated remote attackers to execute arbitrary JavaScript on the host machine. The node processes user-supplied mcpServerConfig parameters without sanitisation or sandboxing, enabling full system compromise. Over 12,000 internet-exposed Flowise instances remain unpatched and are actively targeted. Exploits are publicly available including a Metasploit module.

A maximum-severity (CVSS 10.0) authentication bypass vulnerability in the Cisco Catalyst SD-WAN Controller and Manager allows an unauthenticated remote attacker to gain full administrative access by exploiting a broken peering authentication mechanism in the control-plane workflow. The exploit sends a forged CHALLENGE_ACK_ACK message to force the server to treat an unauthenticated connection as verified, enabling injection of malicious SSH keys and full control of the SD-WAN fabric. Cisco Talos attributes sustained exploitation since at least 2023 to a tracked threat actor designated UAT-8616, assessed with high confidence as a sophisticated, likely nation-state-aligned group. The vulnerability is included in CISA Emergency Directive 26-03.

A maximum-severity insecure deserialization vulnerability in Cisco Secure Firewall Management Center (FMC) allows unauthenticated remote attackers to send a crafted serialised Java object to the management interface, resulting in arbitrary Java code execution as root. CVE-2026-20131 was exploited as a zero-day by Interlock ransomware for 36 days before Cisco patched it on 4 March 2026. Compromising Cisco FMC gives attackers full control over firewall policy, segmentation rules, VPN configuration, and all managed Firepower sensors — effectively compromising the organisation's network security enforcement layer.

A maximum-severity path traversal vulnerability in the Ubiquiti UniFi Network Application allows unauthenticated remote attackers to read arbitrary files from the underlying operating system, including the controller's database credentials and user session tokens, enabling full account takeover without any authentication. No user interaction or special conditions are required. Approximately 87,000 internet-exposed UniFi controllers were identified by Censys at time of disclosure. The vulnerability is commonly chained with CVE-2026-22558 (NoSQL injection) for immediate administrative access.

Dell RecoverPoint data replication appliances ship with hardcoded Apache Tomcat administrative credentials that cannot be changed through standard configuration. Remote unauthenticated attackers who discover the hardcoded credentials gain full administrative access to the appliance management interface. The China-nexus threat cluster UNC6201 exploited this vulnerability from at least mid-2024 to deploy the BRICKSTORM backdoor and GRIMBOLT loader via the SLAYSTYLE web shell, targeting organisations in financial services, defence contracting, and critical infrastructure.

CVE-2026-33819 is a critical deserialization vulnerability in a Microsoft Bing backend service exposed over the network. An unauthenticated attacker can send a crafted payload to the vulnerable endpoint to achieve remote code execution with scope change, earning the vulnerability a maximum CVSS score of 10.0. No workaround exists; the April 2026 Patch Tuesday update is the only remediation.

A server-side request forgery vulnerability in Microsoft Entra ID Entitlement Management allows an unauthenticated, network-accessible attacker to cause Microsoft's cloud identity governance service to issue arbitrary requests on behalf of the attacker. Entitlement Management controls access request workflows, approval policies, and periodic access reviews for Azure resources, SharePoint sites, and Entra-connected applications across enterprise tenants. Microsoft applied a server-side fix; no customer patch or configuration change is required. The exposure window between discovery and fix is not publicly disclosed.

A critical remote code execution vulnerability in PTC Windchill (product lifecycle management) and PTC FlexPLM (retail PLM) arises from insecure deserialisation of trusted data in the application server. An unauthenticated attacker with network access can send a malicious serialised object and achieve arbitrary code execution. No patch was available at time of initial disclosure; the severity prompted German federal police (BKA) and state police (LKA) to physically dispatch officers to affected companies on the weekend of 27 March 2026. PTC provided a temporary web server rule workaround while developing a permanent fix.

A maximum-severity path traversal and arbitrary file upload vulnerability in Eclipse BaSyx — industrial automation software used in Industry 4.0 programmes — allows an unauthenticated remote attacker to upload any file to the server and achieve code execution. BaSyx sits at the IT/OT boundary in smart factory deployments, making exploitation capable of reaching operational technology systems protected by network segmentation. A companion vulnerability (CVE-2026-7412) allows blind SSRF to probe and communicate with factory network equipment from the internet.

An authenticated attacker in possession of full ISE administrative credentials can send crafted HTTP requests to execute arbitrary OS commands with root privileges on the ISE appliance. While the exploitation bar is higher than CVE-2026-20180 (requires full admin rather than read-only admin), the vulnerability represents an unauthorised escalation from the ISE management plane to full OS-level control. Affects the same ISE version range as CVE-2026-20180 and CVE-2026-20186.

Insufficient validation of user-supplied input in Cisco ISE's web interface allows an authenticated attacker with read-only administrator credentials to send crafted HTTP requests and execute arbitrary OS commands with root privileges. Successful exploitation grants full operating system access. In single-node ISE deployments, exploitation may also cause a denial-of-service condition. Affects all ISE branches from 3.2 through 3.5 and versions prior to 3.2.

A related but distinct variant of CVE-2026-20180 in Cisco ISE. Insufficient input validation allows an authenticated attacker with read-only administrator credentials to send crafted HTTP requests that execute arbitrary OS commands as root. Shares the same affected version range and exploitation prerequisites as CVE-2026-20180, and should be patched simultaneously.

CVE-2026-21515 is a near-maximum severity privilege escalation vulnerability in Azure IoT Central. A low-privilege authenticated attacker can access sensitive platform configuration data — including device provisioning credentials and shared access signatures — that should be restricted to administrative accounts, then leverage that data to escalate to full tenant administrative control. Microsoft patched the vulnerability in the April 2026 Patch Tuesday release.

A SQL injection vulnerability in SAP Business Planning and Consolidation (BPC) and SAP BW/4HANA allows an authenticated user with low-privilege access to execute arbitrary SQL against the underlying database. Exploiting the flaw gives the attacker full read and write access to financial planning data, consolidated accounts, and audit records stored in the ERP database tier. The vulnerability was patched in SAP's April 2026 Security Patch Day. SAP BPC and BW/4HANA are deployed in large enterprise environments for financial close processes, regulatory reporting, and management consolidation — making the database tier a high-value target for financial fraud, data manipulation, and ransomware operators seeking maximum leverage.

A missing authorisation check in the SimpleHelp remote management and monitoring (RMM) server allows an unauthenticated remote attacker to enumerate user accounts, extract active session tokens, and escalate to full administrator access without credentials. The vulnerability exists in the server's API layer where administrative endpoints fail to validate caller authentication. Exploitation enables complete takeover of the SimpleHelp server and authenticated access to all managed endpoints connected to it.

An arbitrary file upload vulnerability in Samsung MagicINFO, the content and device management server for Samsung commercial displays and digital signage, allows an authenticated attacker with any user-level account to upload and execute arbitrary files on the server. The flaw exists in the content management component's lack of upload type validation. Successful exploitation provides full server compromise with code execution in the context of the MagicINFO service.

A remote code execution vulnerability in F5 BIG-IP Access Policy Manager (APM) affecting the apmd process. Initially disclosed in October 2025 as a denial-of-service flaw, F5 reclassified the vulnerability in March 2026 after new exploitation information emerged. An unauthenticated remote attacker can exploit the flaw to achieve code execution on the BIG-IP appliance. CISA confirmed active exploitation and added CVE-2025-53521 to its Known Exploited Vulnerabilities catalogue on 27 March 2026, issuing a three-day patch mandate to federal agencies.

A code injection vulnerability in legacy bash scripts used by Ivanti EPMM's Apache web server for URL rewriting allows unauthenticated remote attackers to execute arbitrary commands. This is the primary initial-access vector in the Ivanti EPMM exploit chain, typically followed by CVE-2026-1340 for further capability extension. CISA added this vulnerability to the KEV catalogue in January 2026 with exploitation confirmed in the wild targeting government and enterprise MDM deployments.

A code injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM)'s Android File Transfer mechanism allows unauthenticated remote attackers to execute arbitrary code on internet-exposed appliances. The flaw is frequently chained with CVE-2026-1281 to achieve full appliance compromise. Active exploitation has been confirmed since January 2026, and CISA added the vulnerability to its Known Exploited Vulnerabilities catalogue on 8 April 2026 with a federal agency patch deadline of 11 April.

A critical authentication bypass in the Cisco Integrated Management Controller (IMC) allows an unauthenticated remote attacker to bypass authentication entirely and gain elevated access to the affected system. The vulnerability is caused by incorrect handling of password change requests — an attacker sends a crafted HTTP request to the IMC management interface to bypass authentication, reset the password of any local user including administrators, and gain full control of the server's out-of-band management plane. IMC access is equivalent to physical console access to the server.

A critical vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) allows an unauthenticated remote attacker to execute arbitrary commands on the underlying operating system. The flaw stems from the unintentional exposure of an internal administrative service that was not designed to accept external connections — an attacker who reaches this service can invoke OS-level commands without authentication. SSM On-Prem is used by enterprises to manage Cisco software licences on-premises, without sending licence data to Cisco's cloud.

An improper certificate validation flaw (CWE-295) in Cisco Webex Services' SSO integration with Control Hub allows unauthenticated remote attackers to supply crafted SAML tokens and be authenticated as any user within an enterprise's Webex tenant. Cisco has patched the cloud infrastructure, but enterprise administrators using SSO must manually regenerate and upload a new IdP SAML certificate to Control Hub to complete remediation.

A critical pre-authentication SQL injection vulnerability (CWE-89) in Fortinet FortiClient EMS 7.4.4 allows an unauthenticated remote attacker to execute arbitrary code via the /api/v1/init_consts endpoint. The flaw was introduced when the multi-tenant database connection layer was refactored in 7.4.4, replacing parameterised queries with raw string interpolation. Because the PostgreSQL database user runs with superuser privileges in Fortinet's shipped VM image, successful SQL injection escalates to OS command execution via COPY ... TO/FROM PROGRAM. The vulnerability enables extraction of admin password hashes, API tokens, JWT secrets, and the complete endpoint inventory of all managed FortiClient deployments. CISA added CVE-2026-21643 to the KEV catalogue on 13 April 2026.

A critical pre-authentication remote code execution vulnerability in Oracle Identity Manager (OIM) and Oracle Web Services Manager (WSM) allows unauthenticated attackers to execute arbitrary code via HTTP by exploiting missing authentication on a critical REST WebServices component. The flaw has a CVSS score of 9.8, requires no credentials or user interaction, and is remotely exploitable with low attack complexity over a network. Oracle released an out-of-band emergency patch in March 2026 — only the second such emergency release Oracle has issued for Identity Manager.

CVE-2026-26210 is a critical pre-authentication remote code execution vulnerability in the KTransformers AI inference acceleration framework. The scheduler's ZeroMQ ROUTER socket binds to all network interfaces by default with no authentication, and deserialises incoming messages using Python's pickle.loads() without validation. Any network-reachable attacker can supply a crafted pickle payload to execute arbitrary code as the process owner — typically a privileged GPU server. No exploitation in the wild has been confirmed at time of publication.

A critical sandbox escape vulnerability in vm2 — one of the most widely used Node.js sandbox libraries with approximately 1.3 million weekly npm downloads — allows code executing inside the vm2 sandbox to escape isolation and execute arbitrary code on the host Node.js process. The vulnerability exploits WebAssembly exception handling (the 'exnref' proposal) which was introduced in V8 and bypasses vm2's sandbox enforcement mechanisms. Any application using vm2 to execute untrusted or user-supplied JavaScript is at risk of complete host process compromise. Fixed in vm2 3.9.22.

A vulnerability in the Linux kernel netfilter connection tracking (conntrack) expectations mechanism allows a local attacker with access to netfilter configuration to trigger unsafe memory access, leading to kernel memory corruption, system crashes, or potential privilege escalation. In container environments with user namespaces enabled, the attack surface extends to unprivileged container processes that can configure netfilter rules within their namespace, potentially affecting the host kernel. Affects Linux kernel versions 6.1 through 6.10; patches backported to stable branches. Part of an April 2026 batch addressing multiple netfilter subsystem flaws (CVE-2026-31422, CVE-2026-31416).

A critical authentication bypass in the Palo Alto Networks PAN-OS GlobalProtect SAML authentication handler allows unauthenticated remote attackers to forge a valid SAML assertion and gain full administrative access to the firewall management plane. The vulnerability exploits a signature verification flaw in the XML SAML response parser, enabling an attacker to send a crafted assertion that PAN-OS accepts as legitimate without contacting the configured identity provider. Exploitation grants the attacker the ability to modify firewall policy, create persistent accounts, and extract VPN configuration data. When chained with CVE-2026-3201 (post-authentication command injection), the combined attack achieves unauthenticated root-level OS code execution.

All cameras within a Milesight AIOT model family share a single factory-embedded SSL private key that cannot be changed through the management interface. An attacker who extracts this key from any unit — achievable through firmware extraction or from publicly available firmware images — can perform silent man-in-the-middle attacks against all cameras in that model family, intercepting video streams, management credentials, and configuration traffic without triggering any certificate validation failure. Affects 18-plus model families; CISA advisory ICSA-26-113-03.

A critical authentication bypass in nginx-ui's Model Context Protocol (MCP) endpoint allows unauthenticated remote attackers to invoke all MCP tools including creating, modifying, and deleting Nginx configuration files and restarting the Nginx service. The /mcp_message endpoint applies only IP allowlisting with an empty default whitelist (effectively allow-all), bypassing the application's authentication layer entirely. Exploitation requires two HTTP requests and takes seconds to execute, resulting in full Nginx server takeover.

A deserialization vulnerability in LMDeploy's model loading API allows an unauthenticated remote attacker to execute arbitrary operating system commands as the service account running the inference server. The flaw exists in the absence of input validation during model configuration and adapter ingestion — a crafted payload triggers unsafe deserialization and achieves code execution. Active exploitation was confirmed within 13 hours of public disclosure on April 24 2026.

A critical remote code execution vulnerability in the Windows Internet Key Exchange Service Extensions allows an unauthenticated remote attacker to execute arbitrary code without user interaction. The network-accessible attack vector and complete absence of authentication requirements place this among the most severe vulnerabilities in the April 2026 Patch Tuesday release. Systems running Windows with IPsec/IKE services exposed to untrusted networks are at immediate risk.

A critical remote code execution vulnerability in Apache ActiveMQ's Jolokia JMX-over-HTTP bridge allows unauthenticated remote attackers to execute arbitrary OS commands by invoking the addNetworkConnector MBean operation with a crafted URI. The flaw causes the broker to fetch and parse an attacker-controlled XML configuration file, enabling arbitrary Java class instantiation and OS command execution under the service account context. Present since ActiveMQ 5.x, this design weakness was not addressed in the 6.x rewrite and is unauthenticated by default in ActiveMQ 6.0.0–6.1.1. When chained with CVE-2024-32114, the combined exploit achieves full unauthenticated root-level code execution in seconds.

Pre-authentication remote code execution in GitHub Enterprise Server's Git protocol handler. A crafted pack-file transmitted during a git push triggers a memory corruption condition in the Git protocol parsing layer, achieving code execution in the context of the Git service process before authentication is completed. No credentials required. Affects all supported GHES versions prior to the hotfix releases. Fixed in GHES 3.12.8, 3.13.4, 3.14.2, 3.15.1.

Authentication logic flaw in the cPanel and WHM web hosting control panel software allowing unauthenticated remote attackers to bypass credential verification and gain full administrative access. Exploited as a zero-day for approximately six days before vendor patched; public proof-of-concept now available. Affects all cPanel/WHM versions from 11.40 onwards. WHM administrative compromise provides root-level server access; cPanel compromise provides full hosting account control. Fixed in cPanel LTS 120.0.24, Stable 122.0.16, Current 124.0.6.

A critical authentication bypass vulnerability in Progress MOVEit Automation allows a remote unauthenticated attacker to authenticate as any user without valid credentials, gaining full administrative access to the MOVEit Automation management interface. The vulnerability is pre-authentication and requires no prior account knowledge or network positioning. MOVEit Automation is an enterprise managed file transfer platform used by organisations in financial services, healthcare, and government to automate regulated data transfers. Progress Software released patches on 4 May 2026; MOVEit Cloud customers were patched automatically. This is the fourth critical vulnerability in the MOVEit product family since the mass-exploitation campaign of 2023.

A path traversal vulnerability in the SimpleHelp RMM server enables an unauthenticated remote attacker to read and write arbitrary files on the underlying server filesystem. By crafting requests that escape the intended directory scope, an attacker can exfiltrate configuration files containing credentials, overwrite application files to establish persistent access, or modify server configuration to create new administrative accounts. No authentication is required to exploit this vulnerability.

An unauthenticated unrestricted file upload vulnerability (CWE-434) in ShowDoc, a self-hosted IT documentation platform, allows remote attackers to upload arbitrary PHP files through the file attachment endpoint without authentication. Uploaded files are stored in a web-accessible directory and can be executed by requesting them directly, granting the attacker arbitrary code execution under the web server process account. Patched in October 2020 (version 2.8.7), the flaw has been actively exploited since at least April 2026 against the large population of installations that were never upgraded. Over 2,000 internet-exposed instances remain vulnerable.

An authentication bypass vulnerability in the web management interface of Cisco Adaptive Security Appliance (ASA) software allows an unauthenticated remote attacker to authenticate to the administrative interface without valid credentials. The flaw stems from an improper state validation in the session establishment process. Exploitation allows an attacker to access the ASA management plane with administrator privileges, and is used in conjunction with CVE-2025-20333 as part of the FIRESTARTER campaign to deploy a firmware-persistent backdoor.

Threat actor TeamPCP compromised the Aqua Security Trivy vulnerability scanner ecosystem on 19 March 2026, force-pushing malicious code to 75 of 77 version tags in the official aquasecurity/trivy-action and all tags in aquasecurity/setup-trivy GitHub Actions repositories. A second attack wave on 22 March replaced DockerHub images. The malicious code embedded in affected versions deployed an infostealer targeting plain-text secrets in CI/CD runner process memory, exfiltrating cloud credentials, API tokens, Kubernetes configurations, and SSH keys. CISA added CVE-2026-33634 to the Known Exploited Vulnerabilities catalogue on 26 March 2026.

A critical buffer overflow in Palo Alto Networks PAN-OS User-ID authentication portal allows a remote unauthenticated attacker to execute arbitrary code as root on the management plane. Exploitation began approximately 6 April 2026 — six weeks before public disclosure. CISA added CVE-2026-0300 to the KEV catalogue on 6 May 2026. Post-exploitation activity includes deployment of novel implant toolkits and credential interception on compromised management planes. Espionage-motivated threat actors are targeting government and critical infrastructure organisations.

An authentication bypass vulnerability in SmarterTools SmarterMail email server allows unauthenticated remote attackers to bypass the authentication mechanism and gain administrative access. The flaw was exploited as a zero-day by Storm-1175, a China-linked ransomware affiliate, prior to public disclosure, and was subsequently used to deploy Medusa ransomware. SmarterMail is used by tens of thousands of organisations globally as an on-premises email and collaboration platform.

An insufficient input validation flaw in the SAML Identity Provider endpoint of Citrix NetScaler ADC and NetScaler Gateway allows an unauthenticated remote attacker to trigger an out-of-bounds memory read. The appliance leaks sensitive memory contents — including session tokens and authentication credentials — through the NSC_TASS response cookie when a crafted SAMLRequest omitting the AssertionConsumerServiceURL field is submitted to /saml/login. Only appliances configured as SAML IDPs are affected; default configurations are not vulnerable. CISA added this CVE to the Known Exploited Vulnerabilities catalogue on 30 March 2026 following confirmed in-the-wild exploitation.

An unauthenticated remote code execution vulnerability in Langflow's public flow build endpoint allows attackers to inject arbitrary Python code into flow node definitions, which Langflow executes server-side without sandboxing. No credentials or user interaction are required. Within 20 hours of public disclosure on 17 March 2026, active exploitation was confirmed with attackers harvesting LLM provider API keys (OpenAI, Anthropic, AWS) from compromised instances. CISA added the vulnerability to its Known Exploited Vulnerabilities catalogue on 26 March 2026.

A pre-authentication remote code execution vulnerability in Marimo, an open-source Python notebook widely used in data science and AI/ML workflows, allows any network-accessible attacker to obtain a full PTY shell on the server. The /terminal/ws WebSocket endpoint fails to call authenticate() before accepting connections, unlike all other protected endpoints. An attacker connects to the endpoint and is immediately granted interactive OS-level access. Exploitation was observed within 10 hours of public disclosure, with attackers building working exploits directly from the advisory.

A critical improper certificate validation vulnerability in wolfSSL allows attackers to present forged X.509 certificates with truncated digests that pass ECDSA, DSA, ML-DSA, Ed25519, and Ed448 signature verification without a legitimate private key. An attacker positioned between a vulnerable device and its server can exploit this to conduct TLS man-in-the-middle attacks, intercepting and modifying supposedly encrypted traffic. wolfSSL is an embedded TLS library present in an estimated 5 billion IoT, industrial, automotive, and network devices. Patched in wolfSSL 5.9.1 released 8 April 2026.

A critical vulnerability in Cohere Terrarium's JavaScript bridge layer allows an attacker to escape the Pyodide WebAssembly sandbox through JavaScript prototype chain traversal. By constructing a Python object that traverses the prototype chain across the Pyodide serialisation boundary into the host JavaScript context, an attacker can reach the Function constructor and execute arbitrary code as root on the host Node.js process. The vulnerability affects all Terrarium deployments processing externally-controlled or LLM-generated Python code. No public proof-of-concept has been released; Cohere has issued a patched version. The attack requires the ability to influence Python code submitted to Terrarium — achievable through direct API access, indirect prompt injection, or LLM output manipulation.

A command injection vulnerability in the management interface of Cisco Firepower Threat Defence (FTD) software allows an unauthenticated remote attacker to execute arbitrary OS commands with root privileges on the underlying device. The flaw exists in the input handling of the FTD management plane and requires no authentication to exploit. Successful exploitation provides full device compromise, enabling the FIRESTARTER implant campaign documented in the joint CISA/NCSC advisory published April 2026.

A critical authentication bypass vulnerability in Progress ShareFile Storage Zones Controller (SZC) arises from improper handling of execution-after-redirect behaviour in the /ConfigService/Admin.aspx administrative endpoint. An unauthenticated remote attacker can exploit the redirect logic to gain access to restricted administrative functions without supplying valid credentials. When chained with CVE-2026-2701 (arbitrary file upload), this vulnerability enables fully unauthenticated remote code execution. Progress released a fix in SZC version 5.12.4 on 10 March 2026; watchTowr Labs published full technical details on 2 April, significantly lowering the exploitation barrier. Approximately 30,000 SZC instances are internet-exposed.

A critical improper access control vulnerability (CWE-284) in Fortinet FortiClient Endpoint Management Server allows an unauthenticated remote attacker to bypass API authentication and execute arbitrary code or commands on the server via crafted HTTP requests. Carrying a CVSS score of 9.1, this flaw affects the management plane responsible for deploying and enforcing endpoint security policy, ZTNA, and VPN access controls across managed fleets. Active exploitation was confirmed by multiple researchers beginning 31 March 2026, and CISA added CVE-2026-35616 to its KEV catalogue on 6 April with a federal remediation deadline of 9 April — one of the shortest timelines CISA issues.

An OS command injection vulnerability in Fortinet FortiSandbox's job detail endpoint allows unauthenticated remote attackers to execute arbitrary commands as root via crafted HTTP requests. The endpoint at /fortisandbox/job-detail/tracer-behavior passes user-supplied input to an OS command context without sanitisation. Fortinet silently patched the vulnerability in November 2025 but did not disclose the CVE publicly until April 2026. A public proof-of-concept demonstrating one-command unauthenticated root RCE was released by security researcher Samuel de Lucas in April 2026.

A security regression in Microsoft.AspNetCore.DataProtection introduced in .NET 10.0.0 causes the DataProtection key storage provider to write encryption key material to world-readable file system paths or log it to standard output on Linux deployments when no explicit key repository is configured. Applications using cookie authentication, anti-forgery tokens, or TempData — all of which rely on DataProtection — are at risk of session key theft, enabling authentication cookie forgery, CSRF bypass, and decryption of protected payloads. The regression does not affect Windows deployments using DPAPI-backed storage. Microsoft released an out-of-band patch (.NET 10.0.7) on 21–22 April 2026.

Spring Boot 4.0.0 through 4.0.5 exposes all Actuator management endpoints without authentication when applications include spring-boot-actuator-autoconfigure but omit the spring-boot-health dependency — a common configuration in applications migrating from Spring Boot 3.x. The security filter chain mapping silently fails to apply, leaving /actuator/heapdump, /actuator/env, /actuator/loggers, and other endpoints accessible to unauthenticated network peers. No error or warning is logged. Patched in Spring Boot 4.0.6.

CVE-2026-6074 is an unauthenticated path traversal vulnerability in the Intrado 911 Emergency Gateway (EGW) management interface affecting versions 5.x through 7.x. An attacker with network access to the management interface can traverse outside the web root to read, write, or delete arbitrary files on the underlying system — no credentials or prior authentication required. Successful exploitation could allow modification of 911 call routing configuration, deployment of persistent web shells, or disabling of emergency call processing. Intrado patched the vulnerability on March 2 2026 and is directly contacting affected PSAP customers.

Deserialization vulnerability in the Wazuh manager's agent registration API endpoint (TCP 55000). An attacker who can reach the API port can send a crafted registration request containing a malicious serialised payload that executes arbitrary code in the context of the Wazuh manager process, which typically runs with root or high-privilege service account credentials. No authentication is required. Affects Wazuh 4.0.0 through 4.11.1. Fixed in Wazuh 4.11.2.

A server-side request forgery (SSRF) vulnerability in CrowdStrike Falcon LogScale (formerly Humio) allows an authenticated user with any role to cause the LogScale server to issue arbitrary HTTP requests to internal network resources. The vulnerability exists in a data processing component that handles user-supplied URLs without adequate validation. Because LogScale has broad network connectivity to collect log data, this SSRF can be used to reach internal APIs, cloud metadata services, and protected network segments inaccessible from an external position.

Stored cross-site scripting (XSS) in Jenkins GitHub Plugin 1.46.0 and earlier via insufficient escaping of GitHub repository URL values in JavaScript rendered on job configuration and build result pages. An attacker with Item/Configure permission can inject a malicious JavaScript payload via the GitHub URL field; the payload executes in the browser of any Jenkins administrator who views the affected job, providing access to administrator session cookies, CSRF tokens, and the ability to extract pipeline credentials or modify pipeline definitions. Fixed in GitHub Plugin 1.46.1.

A buffer overflow vulnerability in Apple's WebKit browser engine serves as the initial entry point of the DarkSword multi-stage iOS and macOS exploit chain. An attacker can trigger the overflow by delivering a malicious webpage via Safari or any WebKit-based application, achieving initial code execution within the browser process without requiring user interaction beyond page load. This CVE affects iOS, iPadOS, macOS, watchOS, tvOS, and visionOS. CISA added CVE-2025-31277 to the Known Exploited Vulnerabilities catalogue on 20 March 2026, confirming active exploitation as part of the DarkSword framework.

An elevation-of-privilege vulnerability in Windows Active Directory Domain Services caused by improper restriction and validation of Service Principal Names (SPNs) and User Principal Names (UPNs). A low-privileged authenticated domain user can exploit Unicode normalisation edge cases in name handling to escalate to domain administrator privileges over the network with no user interaction required. Patched in the March 2026 Patch Tuesday (10 March). Added to CISA Known Exploited Vulnerabilities catalogue following confirmed active exploitation approximately three weeks after the patch was released.

An arbitrary file upload vulnerability in Progress ShareFile Storage Zones Controller allows an attacker with administrative session access to upload and extract archive content into the IIS web root, enabling placement of malicious ASPX webshells that execute with the web server's privileges. When chained with the authentication bypass in CVE-2026-2699, this vulnerability can be exploited without any authentication, yielding full remote code execution on the server. The full attack chain was publicly documented by watchTowr Labs on 2 April 2026 following coordinated disclosure, and Progress has issued a fix in version 5.12.4.

An out-of-bounds write vulnerability in Chrome's Skia graphics library allows a remote attacker to achieve arbitrary code execution within the sandboxed renderer process via a crafted web page. The flaw provides a reliable memory corruption primitive that, when chained with a sandbox escape, enables full OS-level code execution. Confirmed exploited in the wild before Google's emergency patch on 13 March 2026.

An inappropriate implementation vulnerability in Chrome's V8 JavaScript engine allows an attacker to escape the renderer sandbox. When chained with CVE-2026-3909 (Skia out-of-bounds write), this forms a complete renderer-to-OS exploitation chain delivering arbitrary code execution on the underlying operating system without additional user interaction. Both vulnerabilities were exploited together in targeted attacks prior to the 13 March 2026 emergency patch.

SQL injection in Spring AI's CosmosDBVectorStore component via the SiteList parameter used in vector similarity search queries. The component constructs Azure Cosmos DB SQL queries using string concatenation without parameterisation or sanitisation of metadata filter values from SearchRequest objects. Attackers who control filter parameters — common when filter values derive from user input in RAG pipelines — can read out-of-scope documents or exfiltrate stored embeddings. Patched in Spring AI 1.1.5.

A SQL injection vulnerability in LiteLLM — an open-source AI gateway proxy used by enterprises to route requests to OpenAI, Anthropic, Azure OpenAI, and other AI providers — allows an attacker to read and modify LiteLLM's backend database. The database contains the API keys LiteLLM holds for connected AI providers, enabling theft of credentials equivalent to prepaid AI compute budgets. LiteLLM request logs may also contain sensitive business context submitted to LLMs by the organisation. CISA added CVE-2026-42208 to the Known Exploited Vulnerabilities catalogue on 7 May 2026 — the first AI infrastructure component to be confirmed exploited and listed in KEV.

An unauthenticated remote code execution vulnerability in FreeBSD's NFS server daemon (nfsd) allows a network-accessible attacker to execute arbitrary code without credentials. The vulnerability originates in the NFSv4 implementation introduced in FreeBSD 8.x and has been present for approximately 17 years. It was discovered by Anthropic's Claude Mythos AI vulnerability research model and disclosed through Project Glasswing in April 2026. FreeBSD NFS is widely deployed in NetApp storage appliances, BSD-based NAS devices, enterprise file servers, and network equipment. A patch is available in FreeBSD security advisories issued following Project Glasswing coordinated disclosure.

A use-after-free vulnerability in Dawn, Chrome's cross-platform WebGPU implementation, allows a remote attacker to execute arbitrary code in the renderer process via a malicious web page. The flaw is the fourth Chrome zero-day exploited in attacks in 2026, following use-after-free and out-of-bounds write vulnerabilities in CSS, Skia, and V8 earlier in the year. CISA added CVE-2026-5281 to the Known Exploited Vulnerabilities catalogue on 1 April 2026 with a deadline of 15 April for federal agencies.

An improper handling of length parameter inconsistency in MongoDB Server's zlib compressed protocol headers allows unauthenticated clients to trigger the server to respond with content from uninitialised heap memory. Since zlib compression is enabled by default, any internet-exposed MongoDB instance is potentially vulnerable with no authentication required. Heap memory contents may include fragments of recently processed queries, cached credentials, API keys, session tokens, and application data from collections. Approximately 87,000 internet-exposed MongoDB instances remain vulnerable globally. CISA added CVE-2025-14847 to the Known Exploited Vulnerabilities catalogue on 29 December 2025 with a federal remediation deadline of 19 January 2026.

An improper locking vulnerability in Apple operating systems allows attackers who have achieved initial code execution via the WebKit entry point (CVE-2025-31277) to escape sandbox confinement and access broader OS capabilities. CVE-2025-43510 is the second stage of the DarkSword exploit chain, enabling the transition from browser-process execution to OS-level access. CISA added this CVE to the Known Exploited Vulnerabilities catalogue on 20 March 2026 as part of the confirmed DarkSword active exploitation advisory.

A classic buffer overflow vulnerability in Apple operating system core components is the final stage of the DarkSword exploit chain, enabling attackers to write directly to kernel memory and achieve complete control over the compromised device. CVE-2025-43520 converts the OS-level access obtained via CVE-2025-43510 into full kernel compromise, allowing persistent implant installation, data exfiltration, and surveillance capabilities that survive reboots. CISA added CVE-2025-43520 to the Known Exploited Vulnerabilities catalogue on 20 March 2026.

An authentication bypass vulnerability in Ivanti Endpoint Manager (EPM) prior to version 2024 SU5 allows unauthenticated remote attackers to bypass login controls entirely by submitting a crafted HTTP request containing a specific magic number value. Successful exploitation grants direct access to the EPM Credential Vault, exposing Domain Administrator NTLM password hashes and service account credentials stored within the management system. CISA added CVE-2026-1603 to the Known Exploited Vulnerabilities catalogue on 9 March 2026 with a federal agency remediation deadline of 23 March 2026.

A prototype pollution vulnerability in Adobe Acrobat Reader allows arbitrary code execution when a user opens a specially crafted PDF file. The embedded JavaScript exploit executes automatically upon opening — no macros or additional interaction required. Exploitation since at least November 2025 followed a staged C2-driven model: the PDF contacts an attacker server, which fingerprints the victim's environment and delivers tailored RCE and sandbox escape payloads to selected targets. This staging made the malicious PDFs appear benign in automated analysis. CISA added CVE-2026-34621 to the KEV catalogue on 13 April 2026. Patched in Adobe Security Bulletin APSB26-43 released 13 April 2026.

A path traversal vulnerability in Fortinet FortiSandbox's JRPC (JSON Remote Procedure Call) API allows unauthenticated remote attackers to bypass authentication controls and invoke privileged API functions without valid credentials. The flaw enables administrative access to sandboxing configuration, policy settings, and verdict data without authentication. Disclosed as part of Fortinet's April 2026 advisory cycle alongside CVE-2026-39808.

Filter expression injection in Spring AI's FilterExpressionConverter, the shared filter translation layer used by Pinecone, Weaviate, Qdrant, Milvus, and CosmosDB vector store backends. String values containing quote characters and boolean operators are not escaped before being embedded in backend query strings, allowing attackers to inject arbitrary filter logic. In RAG applications, this can bypass document-level access controls implemented through metadata filters. Patched in Spring AI 1.1.5.

A command injection vulnerability in the Palo Alto Networks PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges. While requiring authentication in isolation, CVE-2026-3201 is being actively chained with CVE-2026-3197 (SAML authentication bypass) to produce an unauthenticated root-level remote code execution attack against internet-exposed GlobalProtect portals. The combined exploit has been confirmed in Unit 42 incident response engagements and proof-of-concept code is publicly available.

An improper authentication vulnerability in PaperCut NG and MF allows unauthenticated remote attackers to access protected functionality and extract user account information including usernames, email addresses, department information, and hashed passwords from internal user accounts. Patched in 2023 but added to CISA KEV on 20 April 2026, confirming ongoing exploitation of unpatched PaperCut deployments across enterprise and education environments.

A command injection vulnerability in VMware Aria Operations (formerly vRealize Operations) allows unauthenticated remote attackers to execute arbitrary operating system commands on the management appliance when support-assisted product migration is in use. The vulnerability was patched by Broadcom on 24 February 2026 as part of advisory VMSA-2026-0001. CISA added CVE-2026-22719 to the Known Exploited Vulnerabilities catalogue with a federal agency remediation deadline of 24 March 2026, confirming active exploitation.

A race condition in the Windows TCP/IP network driver allows an unauthenticated, network-adjacent attacker to achieve remote code execution without user interaction on systems with IPv6 or IPSec enabled. The vulnerability was demonstrated at Pwn2Own 2026 prior to the April Patch Tuesday release. Its wormable characteristics — autonomous spread from host to host without attacker involvement — place it in the same risk category as the EternalBlue class of vulnerabilities. IPv6 is enabled by default on all modern Windows installations, making the attack surface universal across unpatched Windows environments.

A certificate authentication bypass vulnerability in OpenSSH, nicknamed SplitSSHell, allows an attacker to authenticate to an SSH server configured for certificate-based authentication by presenting a specially crafted certificate with a comma character in the Subject Alternative Name field. The comma is misinterpreted as a field separator, causing OpenSSH's certificate validation logic to incorrectly evaluate the principal validation check. Environments relying on SSH certificates for zero-trust access — including HashiCorp Vault SSH, Teleport, and similar certificate-issuing infrastructure — are at elevated risk. Fixed in OpenSSH 9.9p1.

An improper input validation vulnerability (CWE-20) in the Windows Active Directory RPC interface allows an authenticated attacker within the same AD domain to execute arbitrary code on domain controllers and member servers by sending specially crafted RPC calls. The attacker must hold a valid domain user account but requires no administrative privileges; successful exploitation achieves code execution with the permissions of the RPC host service. Microsoft rates exploitation as 'More Likely' and patched the vulnerability in the April 2026 Patch Tuesday release on 14 April 2026.

A path traversal vulnerability in the Cisco SD-WAN Software CLI allows an authenticated local attacker to gain elevated privileges and execute arbitrary commands as root. Though first disclosed in 2022, this vulnerability has been actively weaponised since early 2026 as the second stage of an attack chain paired with CVE-2026-20127. Threat actors obtain unauthenticated remote access via CVE-2026-20127, then deliberately downgrade the SD-WAN Controller to a version where CVE-2022-20775 remains present, escalate to root, and restore the original software version to conceal the downgrade. CISA includes this vulnerability in Emergency Directive 26-03.

A link-following vulnerability (CWE-59) in the Windows Host Process for Tasks allows a local attacker with standard user privileges to substitute a symbolic link or junction at a path used by the Task Host service during a privileged file operation. Because the Task Host service operates under the SYSTEM account, successful exploitation grants the attacker complete SYSTEM-level control of the compromised device. Patched in November 2025; CISA confirmed active exploitation and added CVE-2025-60710 to the Known Exploited Vulnerabilities catalogue on 13 April 2026. Four public proof-of-concept exploits are available on GitHub.

An integer overflow (CWE-190) in Qualcomm chipset firmware allows an attacker with local access to achieve memory corruption and potentially arbitrary code execution within the firmware subsystem context. Qualcomm confirmed limited, targeted exploitation consistent with commercial spyware or nation-state intelligence collection operations. Addressed in Google's March 2026 Android Security Bulletin (patch level 2026-03-05).

A privilege escalation vulnerability in the Dell iDRAC Service Module (iSM), the OS-level software agent that bridges server operating systems with the iDRAC out-of-band management controller on PowerEdge servers. The flaw arises from improper access control (CWE-284) in iSM's exposed interfaces. A local user with standard OS privileges can exploit the vulnerability to escalate to SYSTEM or root, as iSM operates with elevated privileges required for hardware management communication. Affects Windows iSM versions prior to 6.0.3.1 and Linux iSM versions prior to 5.4.1.1.

CVE-2026-26117 is a race condition in the Azure Arc Connected Machine Agent for Windows that allows an unprivileged domain user to obtain a handle to an internal named pipe before access controls are applied during service startup or metadata refresh. Through this handle, the attacker can request the machine's Azure managed identity access token, which can then be used to authenticate to Azure resources the machine identity has been granted access to — potentially including Key Vaults, storage accounts, and Azure RBAC-controlled APIs.

A privilege escalation vulnerability in Huawei's Versatile Routing Platform (VRP) operating system allows an authenticated local attacker with operator-level access to execute arbitrary commands as a higher-privileged system process via CLI input validation bypass. Affected platforms include Huawei enterprise switches and routers running VRP V200R021 through V200R025. An attacker with network device operator credentials can escalate to full administrative control of the device, enabling configuration tampering, credential extraction, or persistent backdoor installation.

A privilege escalation vulnerability in the Linux kernel's AP VLAN (access point virtual LAN) network driver. A local user with access to a network namespace can exploit a boundary condition in the AP VLAN driver to escalate privileges to the host kernel context. Particularly significant in containerised and virtualised environments where container processes have network namespace access by default, creating a container escape path. Affects multiple kernel release lines across Red Hat Enterprise Linux, Ubuntu, Debian, and SUSE distributions.

A use-after-free vulnerability in the Linux kernel network stack's socket buffer (SKB) memory management subsystem allows an unprivileged local attacker to escalate privileges to root. The flaw arises from improper reference counting in the SKB clone operation path under concurrent network I/O conditions, resulting in a freed memory region being accessible to attacker-controlled data. Successful exploitation requires local code execution on an affected system. Affects Linux kernel versions 5.15 through 6.12-rc; a patch has been merged into kernel mainline.

A race condition in the Linux kernel's copy-on-write (CoW) page fault handling path allows an unprivileged local user to obtain a writable reference to a page marked read-only, enabling overwrite of kernel memory structures and privilege escalation to root. Affects kernel versions 4.15 through the unfixed 6.18 and 6.19 series. All major Linux distributions have issued patched kernel updates. CISA added this vulnerability to the Known Exploited Vulnerabilities catalogue on 1 May 2026 following confirmation of active exploitation in post-initial-access privilege escalation chains.

A privilege escalation vulnerability in the Tenable Nessus Agent component allows a locally authenticated user to elevate their privileges to the account under which the Nessus service runs. The flaw exists in the agent's inter-process communication handling, which fails to enforce adequate access controls on local service operations. In enterprise deployments where the Nessus service account holds elevated domain or local administrator privileges for scanning purposes, this vulnerability enables an attacker with local access to escalate to those privileged credentials.

A local privilege escalation vulnerability in the Windows Defender antimalware signature-update mechanism allows any authenticated local user to gain SYSTEM-level code execution. The flaw combines a time-of-check to time-of-use (TOCTOU) race condition with a path-confusion issue in the Defender update staging path, enabling an attacker to substitute a temporary update file with a malicious DLL loaded under the SYSTEM-privileged Defender service context. A working public exploit was available and active exploitation was observed in post-compromise scenarios preceding ransomware deployment. Patched in Microsoft's April 2026 Patch Tuesday.

A heap buffer overflow vulnerability in Hashcat's binary hash file parser allows a specially crafted hash input file or .hcmask wordlist to trigger an out-of-bounds write to heap memory, potentially enabling code execution in the context of the Hashcat process. The vulnerability affects all Hashcat versions prior to 7.2.0 and is triggered at parse time without requiring the cracking session to complete. Fixed in Hashcat 7.2.0.

A stack buffer overflow in Hashcat's rule engine parser is triggered by rule files containing specially crafted function chain sequences. The overflow allows an attacker who can supply a malicious rule file to a Hashcat instance to potentially achieve code execution in the Hashcat process context. Affects all versions prior to 7.2.0. Fixed in Hashcat 7.2.0.

A heap buffer overflow in Wireshark's PCAP and PCAPNG file parser can be triggered by a specially crafted capture file, leading to arbitrary code execution on the analyst's workstation. The vulnerability resides in the per-packet dissector state processing during file load. Affects all Wireshark versions prior to 4.4.6 on Windows, macOS, and Linux; TShark is equally affected. Fixed in Wireshark 4.4.6.

A NoSQL injection vulnerability in the Ubiquiti UniFi Network Application allows authenticated attackers to escalate their privileges to administrative level within the controller. While requiring authentication, this vulnerability is primarily exploited as the second step in a two-stage attack chain with CVE-2026-22557: the unauthenticated path traversal flaw provides initial access, and this injection flaw converts that access to full administrator rights. Both vulnerabilities were disclosed together in Ubiquiti's security advisory on 18 March 2026.

A race condition vulnerability in Citrix NetScaler ADC and NetScaler Gateway affects appliances configured as a gateway (ICA Proxy, RDP Proxy, SSL VPN, or CVPN) or as an AAA virtual server. The flaw is present in version 14.1-66.54 specifically. No exploitation in the wild has been confirmed at time of disclosure; the vulnerability was patched in the same advisory release as CVE-2026-3055.

A credential storage flaw in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager allows a sufficiently positioned attacker to retrieve DCA credential files stored on disk and use them to authenticate within the SD-WAN management environment. Confirmed exploited in the wild by Cisco PSIRT in March 2026 and added to CISA KEV on 20 April 2026.

Insufficient filesystem restrictions in the vshell subsystem of Cisco Catalyst SD-WAN Manager (formerly vManage) allow unauthenticated remote attackers to read sensitive files from the SD-WAN Manager host OS, including configuration files, authentication tokens, and WAN edge certificate material. Added to CISA Known Exploited Vulnerabilities catalogue April 2026; FCEB remediation deadline May 12, 2026. Fixed in SD-WAN Manager 20.15.1.

A use-after-free vulnerability in the Linux kernel's nf_tables netfilter subsystem arises from improper synchronisation in the nft_chain_release_hook() function during concurrent chain deletion and packet traversal. An unprivileged local attacker who can create network namespaces can exploit the race condition to corrupt kernel memory and escalate to root. A public proof-of-concept targeting Ubuntu 24.04 LTS has been published alongside the CVE disclosure.

A security feature bypass vulnerability in the Windows Kerberos authentication implementation caused by a race condition in concurrent request processing. An unauthenticated remote attacker with network access to a Kerberos-speaking service can exploit the race condition to bypass security validation checks in the authentication flow. Requires no user interaction. Patched in the March 2026 Patch Tuesday. No active exploitation confirmed at time of disclosure.

In OpenSSH before 10.3, files downloaded via scp in legacy mode (-O flag) as root without the -p (preserve modes) flag may retain setuid or setgid permission bits from the remote source. If an attacker controls the remote server, they can upload a crafted file with setuid bits set; when an administrator downloads and another user executes it, arbitrary privilege escalation becomes possible. The flaw is fixed in OpenSSH 10.3.

Out-of-bounds read in the Apache Thrift binary protocol parser when processing a container field with a size value exceeding available buffer bytes. Affects all language bindings. C++ and native bindings may expose adjacent heap memory or crash; JVM-based bindings throw an exception causing service DoS; Go returns an error without crashing. Any client that can send Thrift requests to the service can trigger this flaw. Patched in Apache Thrift 0.23.0.

A path traversal vulnerability (CWE-22) in JetBrains TeamCity's web component allows unauthenticated attackers to bypass authentication by using path segments containing '../' to reach protected endpoints. Exploitation allows limited information disclosure and limited system modification, including replacement of the HTTPS certificate served by the TeamCity instance with an attacker-supplied certificate. When chained with CVE-2024-27198 (CVSS 9.8), full authentication bypass and administrative access can be achieved. Added to CISA KEV on 20 April 2026.

Uncontrolled recursion in the Apache Thrift JavaScript/Node.js library's deserialisation path for nested Thrift structures. No depth limit is enforced on recursive calls processing nested structs or container types. A remote attacker can send a crafted request with approximately 8,000–12,000 levels of nesting to exhaust the V8 call stack, causing an unhandled RangeError that terminates the process. Affects all Apache Thrift versions prior to 0.23.0. Patched in 0.23.0 with a configurable recursion depth limit defaulting to 64 levels.

An integer overflow in Hashcat's potfile (.pot) parser can lead to a heap buffer overflow when processing large potfile entries from untrusted sources. The vulnerability is triggered when Hashcat loads a potfile containing entries crafted to exceed expected size boundaries, causing heap memory corruption. Affects all versions prior to 7.2.0. Fixed in Hashcat 7.2.0.

A remote code execution vulnerability in Ivanti Endpoint Manager Mobile (EPMM) allows an attacker with administrator-level access to the management console to execute arbitrary commands on the underlying server. EPMM manages the enrolled mobile device fleet for an organisation — a compromised server provides access to the configuration, certificates, and management functions for all enrolled devices. CISA added CVE-2026-6973 to the Known Exploited Vulnerabilities catalogue on 7 May 2026. Ivanti EPMM has been targeted repeatedly by nation-state actors since 2023, including the Norwegian government breach and three subsequent campaigns.

An authenticated remote attacker can exploit incorrect use of privileged APIs in Cisco Catalyst SD-WAN Manager to upload a malicious file and overwrite arbitrary files on the local filesystem, resulting in vManage user privilege acquisition. vManage access provides control over the entire SD-WAN orchestration plane. Confirmed exploited in the wild by Cisco PSIRT in March 2026 and added to CISA KEV on 20 April 2026.

CVE-2026-34256 is an authorisation bypass in SAP NetWeaver ABAP Server's Workbench object transport handling that allows an authenticated user with standard developer authorisations to overwrite compiled ABAP load objects in production systems, bypassing the transport system's write-lock. The vulnerability requires authentication but no special administrative role, enabling an attacker with inadvertently assigned developer authorisation objects to modify payroll, financial reporting, or procurement ABAP programmes.

A spoofing vulnerability in Microsoft SharePoint Server allows an authenticated attacker to view sensitive information beyond their authorised scope and make unauthorised modifications to disclosed content, bypassing SharePoint's information barrier and permission controls. The vulnerability was under active exploitation before a patch was available; CISA added it to the Known Exploited Vulnerabilities catalogue on 14 April 2026, the day before Microsoft released the patch in April 2026 Patch Tuesday. The one-day gap between KEV addition and patch release required organisations to make explicit risk acceptance or compensating control decisions.