Weekly Threat Landscape Digest – Week 21
1. Multiple Vulnerabilities in HP Linux Imaging and Printing Software
Overview:
- Two vulnerabilities have been identified in HP Linux Imaging and Printing (HPLIP) software, including critical command injection and memory corruption flaws.
Impact:
- CVE-2026-8631 (Critical, CVSS 9.3): Remote unauthenticated attackers can achieve arbitrary code execution or privilege escalation via command injection and memory corruption.
- CVE-2026-8632 (High, CVSS 8.5): Local users can escalate privileges through improper handling of user-supplied input, leading to arbitrary code execution with elevated rights.
Affected / Fixed Versions:
- Affected: HP Linux Imaging and Printing versions prior to 3.26.4
- Fixed: Version 3.26.4 and later
Recommendations:
- Upgrade to HP Linux Imaging and Printing version 3.26.4 or later to mitigate these vulnerabilities.
Reference link:
2. Security Updates – Mozilla
Overview:
- Mozilla released security updates addressing multiple vulnerabilities affecting Firefox, Firefox ESR, Firefox for iOS, and Thunderbird.
- Vulnerabilities include sandbox escapes, memory safety bugs, use-after-free conditions, JavaScript engine flaws, same-origin policy bypasses, and sensitive data leaks.
Impact:
- Exploitation can lead to remote code execution, privilege escalation, sandbox escape, and disclosure of sensitive user data.
Vulnerability Details:
- CVE-2026-8945: Sandbox escape in Firefox and Firefox Focus for Android
- CVE-2026-8946: Incorrect boundary conditions in the Audio/Video Web Codecs component
- CVE-2026-8947: Use-after-free in the DOM Bindings (WebIDL) component
- CVE-2026-8948: Same-origin policy bypass in the DOM Networking component
- CVE-2026-8973 and CVE-2026-8975: Memory safety bugs
- CVE-2026-8388: Incorrect boundary conditions in the JavaScript Engine JIT component
- CVE-2026-8391: Additional issue in the JavaScript Engine component
- CVE-2026-8401: Sandbox escape in the Profile Backup component
- CVE-2026-8706: Sensitive user data leak via Reader mode
Affected / Fixed Versions:
- Firefox 151
- Firefox ESR 115.36 and 140.11
- Firefox for iOS 151.0
- Thunderbird 151 and 140.11
Recommendations:
- Update to the latest versions listed above to mitigate these vulnerabilities.
Reference link:
3. Critical NGINX Zero-Day “nginx-poolslip” Enables Remote Code Execution
Overview:
- A zero-day vulnerability named “nginx-poolslip” affects NGINX version 1.31.0, enabling unauthenticated remote code execution.
- The flaw resides in NGINX’s internal memory pool management, allowing memory corruption and heap manipulation.
- Discovered by Vega from NebSec research team and publicly disclosed on May 21, 2026.
- No official CVE assigned, no vendor patch or public proof-of-concept exploit available at the time of disclosure.
Impact:
- Exploitation allows attackers to bypass ASLR protections and execute arbitrary code on vulnerable servers.
- Targets widely deployed internet-facing infrastructure including web hosting, reverse proxy, load balancing, and API gateway functions.
- Potential for widespread impact due to NGINX’s popularity and exposure to untrusted traffic.
- Related to residual risks from CVE-2026-42945, a critical heap buffer overflow vulnerability in ngx_http_rewrite_module.
Affected / Fixed Versions:
- Affects NGINX version 1.31.0.
- Previous fixes in versions 1.31.0 and 1.30.1 did not fully eliminate the underlying memory handling weakness.
Recommendations:
- Monitor NebSec and F5 advisories for updates and patches.
- Restrict exposure of NGINX administrative and management interfaces.
- Deploy Web Application Firewalls (WAF) to block malicious HTTP requests.
- Ensure Linux ASLR protections are enabled (randomize_va_space=2).
- Audit NGINX configurations using rewrite, if, and set directives, particularly those relying on unnamed PCRE capture groups.
- Disable unused NGINX modules and reduce unnecessary module exposure.
- Increase monitoring for signs of exploitation such as worker crashes or segmentation faults.
- Implement network segmentation and least-privilege access controls for internet-facing NGINX instances.
- Prepare for rapid patch deployment once vendor fixes are released.
Reference link:
4. Security Update- Google Chrome
Overview:
- Google Chrome Stable Desktop Channel released a security update addressing 16 vulnerabilities across Windows, macOS, and Linux.
- Vulnerabilities include Use-After-Free, Heap Buffer Overflow, Type Confusion, Out-of-Bounds Read, and Policy Enforcement issues.
- Affected components: WebRTC, GPU, QUIC, Service Workers, XR, DOM, Chromecast, and Input handling.
- Multiple vulnerabilities could allow remote code execution, memory corruption, sandbox escape, browser crashes, or unauthorized policy bypass via crafted web content.
Impact:
- Remote code execution (RCE)
- Memory corruption
- Sandbox escape
- Browser crashes
- Unauthorized policy bypass
Affected / Fixed Versions:
- Fixed in Google Chrome 148.0.7778.178/179 for Windows and macOS
- Fixed in Google Chrome 148.0.7778.178 for Linux
Vulnerabilities of note:
- CVE-2026-9111 – Critical – Use after free in WebRTC
- CVE-2026-9110 – Critical – Inappropriate implementation in UI
- CVE-2026-9112, 9113, 9114, 9115, 9116, 9117, 9118, 9119, 9120 – High severity issues affecting GPU, QUIC, Service Worker, GFX, XR, WebRTC
- CVE-2026-9126, 9121, 9122, 9123, 9124 – Medium severity issues affecting DOM, GPU, Chromecast, Input
Recommendations:
- Update Google Chrome immediately to the latest stable release.
- Restart browsers after update to activate security fixes.
Reference links:
- https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-deskt
- https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0841193308.html
5. Critical SQL Injection Vulnerability in Drupal Core
Overview:
- CVE-2026-9082 is a highly critical SQL injection vulnerability affecting Drupal core’s database abstraction API on PostgreSQL-backed sites.
- The flaw allows unauthenticated attackers to execute arbitrary SQL queries by bypassing sanitization mechanisms.
- Exploitation can lead to data exposure, privilege escalation, and remote code execution.
Impact:
- Remote, unauthenticated attackers can achieve full system compromise depending on Drupal configuration and installed modules.
Affected / Fixed Versions:
- Affected versions include:
- 8.9.0 to below 10.4.10
- 10.5.0 to below 10.5.10
- 10.6.0 to below 10.6.9
- 11.0.0 to below 11.1.10
- 11.2.0 to below 11.2.12
- 11.3.0 to below 11.3.10
- Fixed versions:
- Drupal 11.3.10
- Drupal 11.2.12
- Drupal 11.1.10
- Drupal 10.6.9
- Drupal 10.5.10
- Drupal 10.4.10
- For Drupal 9 and 8, manual security patches are available (Drupal 9.5 and Drupal 8.9).
- Older versions including Drupal 8 and 9, and 10.4.x and earlier are end-of-life and only receive community-supported patches.
Recommendations:
- Update affected Drupal installations to the fixed or latest supported versions.
- Apply manual patches for unsupported Drupal 8 and 9 versions if upgrading is not immediately possible.
Reference link:
6. Critical Unauthorized API Access Vulnerability in Cisco Secure Workload
Overview:
- Critical vulnerability (CVE-2026-20223, CVSS 10.0) in Cisco Secure Workload allows unauthenticated remote attackers to access internal REST APIs with Site Admin privileges.
- Caused by insufficient validation and authentication in internal REST API endpoints.
- Exploitation enables unauthorized administrative access, sensitive data exposure, tenant boundary violations, and unauthorized configuration changes.
Affected / Fixed Versions:
- Affected: Cisco Secure Workload versions 3.9 and earlier, 3.10, and 4.0.
- Fixed in Cisco Secure Workload 3.10.8.3, 4.0.3.17, and later supported releases for version 3.9 and earlier.
Recommendations:
- Upgrade immediately to the latest fixed release.
- Restrict access to internal REST API endpoints where possible.
- Monitor administrative and API activity logs for suspicious behavior.
- Review tenant configurations and access controls for unauthorized changes.
7. RCE Vulnerability in ExifTool
Overview:
- A high severity command injection vulnerability (CVE-2026-3102) has been identified in ExifTool.
- The flaw allows arbitrary command execution on macOS systems via specially crafted image metadata.
- The vulnerability is caused by improper sanitization of metadata fields during command execution.
Impact:
- Remote code execution on affected macOS systems.
- Exploited by embedding malicious payloads in image metadata and triggering processing workflows with specific ExifTool options.
Affected / Fixed Versions:
- Affected: ExifTool version 13.49 and earlier.
- Fixed: ExifTool version 13.50.
Recommendations:
- Update ExifTool to version 13.50 immediately to mitigate this vulnerability.
Reference link:
8. Critical Authentication Bypass Vulnerability in FreePBX
Overview:
- A critical vulnerability (CVE-2026-46376) was discovered in the FreePBX Userman module, enabling unauthenticated attackers to access User Control Panel (UCP) portals using hard-coded credentials left unchanged after deployment.
- The issue relates to CWE-798: Use of Hard-coded Credentials.
Impact:
- Unauthenticated attackers can bypass authentication controls and gain unauthorized access to UCP portals, potentially leading to system compromise.
- Attack vector: Network; no user interaction required.
- CVSS score: 9.1 (Critical).
Affected / Fixed Versions:
- Affected: FreePBX Userman module versions prior to 16.0.45 (version 16) and prior to 17.0.7 (version 17).
- Fixed: Userman 16.0.45 and 17.0.7.
Recommendations:
- Immediately patch affected FreePBX systems to the fixed versions.
- Review configurations to identify and change any default or weak credentials, especially for internet-facing deployments.
Reference link:
9. Critical Vulnerability in NGINX JavaScript Module
Overview:
- CVE-2026-8711 affects the NGINX JavaScript (njs) module, causing a heap-based buffer overflow due to improper handling of client-controlled variables in js_fetch_proxy.
- The vulnerability arises when variables like $http_*, $arg_*, and $cookie_* are used to construct proxy URLs, which are passed into ngx.fetch(), leading to potential memory corruption.
Impact:
- Allows unauthenticated remote attackers to cause denial of service or possibly execute arbitrary code in the NGINX worker process.
Affected / Fixed Versions:
- Affected: NGINX JavaScript (njs) versions 0.9.4 through 0.9.8
- Fixed: NGINX JavaScript (njs) version 0.9.9 and later
Recommendations:
- Upgrade NGINX JavaScript (njs) to version 0.9.9 or later to mitigate the vulnerability.
- Review proxy URL constructions using client-controlled variables and avoid unsafe usage patterns.
Reference link:
10. Security Updates – Atlassian
Overview:
- Atlassian released security updates in May 2026 addressing multiple critical and high-severity vulnerabilities across Atlassian Data Center and Server products including Bamboo, Bitbucket, Confluence, Fisheye/Crucible, Jira Software, and Jira Service Management.
- Vulnerabilities include remote code execution, denial of service, file inclusion, cross-site scripting, authentication issues, information disclosure, and security misconfigurations.
Impact:
- Critical issues such as broken authentication and session management (CVE-2026-29145) and security headers omission (CVE-2026-22732) allow severe exploitation risks.
- High-severity vulnerabilities include remote code execution via various dependencies (e.g., mchange-commons-java, c3p0, jackson-core), directory traversal, multiple denial of service flaws, information disclosure, injection flaws, HTTP request/response smuggling, and cross-site scripting.
Affected / Fixed Versions:
- Bamboo Data Center and Server: fixed in 12.1.7 (LTS), 10.2.19 (LTS), 9.6.26 (LTS)
- Bitbucket Data Center and Server: fixed in 10.2.3 (LTS), 9.4.20 (LTS)
- Confluence Data Center and Server: fixed in 10.2.11 (LTS), 9.2.20 (LTS)
- Fisheye/Crucible: fixed in 4.9.10
- Jira Software Data Center and Server: fixed in 11.3.6 (LTS), 10.3.21 (LTS), 9.12.35 (LTS)
- Jira Service Management Data Center and Server: fixed in 11.3.6 (LTS), 10.3.21 (LTS)
Recommendations:
- Apply the latest Atlassian updates corresponding to your product and version to mitigate critical and high-risk vulnerabilities.
- Review and monitor for exploitation attempts related to the pending vulnerabilities in affected products until updates are applied.
Reference link:
11. Security Updates-NVIDIA GPU Display Drivers and vGPU Software
Overview:
- Multiple high and medium-severity vulnerabilities found in NVIDIA GPU Display Drivers, vGPU Software, and Cloud Gaming components on Windows and Linux platforms.
- Vulnerabilities affect NVIDIA GeForce, RTX, Quadro, NVS, Tesla GPUs, and enterprise virtualization environments including VMware vSphere, XenServer, RHEL KVM, Ubuntu KVM, Azure Local, and Windows Server.
Impact:
- Privilege escalation, code execution, data tampering, denial of service, and information disclosure due to vulnerabilities including use-after-free, race conditions, heap buffer overflows, out-of-bounds reads/writes, and improper input validation.
Notable CVEs and CVSS Scores:
- CVE-2026-24187 | CVSS 8.8 | Use-after-free in Linux Display Driver.
- CVE-2026-24190 | CVSS 7.8 | Improper GPU resource access in Windows/Linux kernel mode layer.
- CVE-2026-24191 | CVSS 7.8 | TOCTOU race condition in Windows Display Driver.
- CVE-2026-24192 | CVSS 7.8 | Heap buffer overflow in Linux Display Driver.
- CVE-2026-24193 | CVSS 7.8 | Out-of-bounds write in Windows/Linux drivers.
- CVE-2026-24194 to CVE-2026-24196 | CVSS 7.1 | Input validation and out-of-bounds read flaws in Linux UVM and Display Driver.
- CVE-2026-24200 | CVSS 7.0 | Use-after-free in vGPU Manager.
Affected / Fixed Versions:
- Vulnerabilities impact driver branches R535, R570, R580, R590, R595.
- Affected drivers include NVIDIA GPU Display Drivers for Windows and Linux, vGPU Software, Cloud Gaming Software, and Virtual GPU Manager.
Recommendations:
- Immediately update all affected NVIDIA GPU Display Drivers.
- Apply the latest patches for vGPU Manager and guest drivers.
Reference link:
12. Information Disclosure Vulnerability in HP ScanJet Pro and Enterprise Devices
Overview:
- High-severity information disclosure vulnerability (CVE-2026-7540, CVSS 8.1) in the web-based management interface of HP ScanJet Pro and Enterprise devices.
- Allows unauthenticated remote attackers to access sensitive internal information due to insufficient protection mechanisms.
- Exploitation does not require user interaction and is possible over a network.
Impact:
- Exposure of security-sensitive device information to unauthorized parties.
- Increased risk in enterprise environments where affected devices are reachable internally.
Affected / Fixed Versions:
- HP ScanJet Pro N4600 fnw1 (20G07A) – update to Firmware V2.57
- HP ScanJet Enterprise Flow N7000 snw1 (6FW10A) – update to Firmware V0.100
- HP ScanJet Enterprise Flow N6600 fnw1 (20G08A) – update to Firmware V2.57
- HP ScanJet Enterprise N9000 sn1 (8Q4W1A) – update to Firmware V0.100
- HP ScanJet Pro N4000 snw1 (6FW08A) – update to Firmware V0.100
Recommendations:
- Immediately update affected devices to the specified fixed firmware versions to mitigate the vulnerability.
Reference link:
13. Security Updates – PostgreSQL
Overview:
- Multiple vulnerabilities addressed in PostgreSQL releases including SQL injection, privilege escalation, denial of service, memory disclosure, and arbitrary code execution.
Impact:
- Integer wraparound causing memory corruption or server crash (CVE-2026-6473)
- Arbitrary local file overwriting via improper symlink handling (CVE-2026-6475)
- SQL injection enabling execution of arbitrary SQL with superuser privileges (CVE-2026-6476)
- Client stack memory overwrite by malicious server superuser via libpq functions (CVE-2026-6477)
- Denial of service via uncontrolled recursion in SSL and GSS negotiation (CVE-2026-6479)
- Stack buffer overflow and SQL injection leading to potential arbitrary code execution (CVE-2026-6637)
- Missing authorization check enabling hijacking of queries via CREATE TYPE (CVE-2026-6472)
- Format string vulnerability disclosing memory contents (CVE-2026-6474)
- Timing side-channel on MD5 password authentication enabling credential recovery (CVE-2026-6478)
- Buffer over-read exposing memory during query planning (CVE-2026-6575)
- SQL injection via logical replication REFRESH PUBLICATION operations (CVE-2026-6638)
Affected / Fixed Versions:
- Fixed in PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23
Recommendations:
- Update affected PostgreSQL installations to the latest fixed versions to mitigate these vulnerabilities.
Reference link:
14. Critical Actively Exploited Vulnerability in NGINX
Overview:
- A critical heap buffer overflow vulnerability in ngx_http_rewrite_module of NGINX Open Source and NGINX Plus
- Tracked as CVE-2026-42945 with a CVSS score of 9.2
- Allows unauthenticated remote attackers to crash worker processes or potentially achieve remote code execution
Impact:
- Remote unauthenticated attackers can cause denial of service or possibly execute arbitrary code on affected servers
- Active exploitation observed shortly after public disclosure, indicating rapid weaponization by threat actors
Affected / Fixed Versions:
- Affected:
- NGINX Open Source versions 0.6.27 through 1.30.0
- NGINX Plus R32 through R36
- Fixed:
- NGINX Open Source 1.31.0, 1.30.1
- NGINX Plus R36 P4, R35 P2, R32 P6
Recommendations:
- Apply latest security updates and patches from F5 NGINX immediately
- Review and harden NGINX configurations to mitigate exploitation risk
Reference link:
15. Multiple Vulnerabilities in Cisco Catalyst SD-WAN Manager
Overview:
- Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager could allow remote attackers to access sensitive data, escalate privileges, or gain unauthorized administrative control.
- CVE-2026-20224 (Critical, CVSS 8.6): XML External Entity (XXE) injection in the web UI allows unauthenticated attackers to read arbitrary files via crafted XML requests.
- CVE-2026-20209 (Medium, CVSS 5.4): Privilege escalation due to sensitive session information in audit logs, enabling authenticated users with read-only access to elevate privileges.
- CVE-2026-20210 (Medium, CVSS 5.4): Privilege escalation caused by improper redaction of sensitive data in device configurations and templates, permitting read-only users to gain elevated permissions.
Impact:
- Disclosure of sensitive files, credentials, and configuration data.
- Unauthorized privilege escalation and potential system configuration modifications.
- Possible unauthorized administrative control over affected systems.
Affected / Fixed Versions:
- Affected across all deployment models: On-Prem, Cisco SD-WAN Cloud-Pro, Cisco SD-WAN Cloud (Cisco Managed), Cisco SD-WAN for Government (FedRAMP).
- Fixed versions include:
- For 20.9 → upgrade to 20.9.9.1
- For 20.10 and 20.11 → upgrade to 20.12.7.1
- For 20.12 → upgrade to 20.12.5.4 / 20.12.6.2 / 20.12.7.1
- For 20.13 and 20.14 → upgrade to 20.15.5.2
- For 20.15 → upgrade to 20.15.4.4 / 20.15.5.2
- For 20.16 and 20.18 → upgrade to 20.18.2.2
- For 26.1 → upgrade to 26.1.1.1
- Versions earlier than 20.9 require migration to a fixed release.
Recommendations:
- Update Cisco Catalyst SD-WAN Manager to the latest fixed versions.
- Apply patches promptly to mitigate potential exploits.
- Monitor audit logs and system configurations for unauthorized changes.
Reference link:
16. Critical Remote Code Execution Vulnerability in Apache Flink
Overview:
- A critical code injection vulnerability (CVE-2026-35194) exists in Apache Flink’s SQL code generation.
- The flaw results from improper input sanitization during Java code generation, affecting JSON functions and LIKE expressions with ESCAPE clauses.
- Exploitation requires authenticated users with SQL query submission privileges.
Impact:
- Allows authenticated attackers to execute arbitrary code on TaskManagers.
- Successful exploitation can lead to system compromise, data manipulation, or service disruption.
Affected / Fixed Versions:
- Affected: Apache Flink 1.15.0 up to but not including 1.20.4, 2.0.0 to 2.0.1, 2.1.0 to 2.1.1, 2.2.0 to 2.2.0
- Fixed in Apache Flink 1.20.4, 2.0.2, 2.1.2, and 2.2.1
Recommendations:
- Update affected Apache Flink deployments to fixed versions listed above.
- Review SQL query submission permissions and monitor for suspicious activity.
17. Critical Vulnerability in Drupal Date iCal Module
Overview:
- A critical information disclosure vulnerability (CVE-2026-8495) affects the Drupal Date iCal module.
- Caused by improper access control and insufficient input sanitization in iCal feed generation.
- Allows anonymous attackers to access sensitive information without authentication via publicly accessible iCal feed routes.
Impact:
- Unauthorized disclosure of restricted entity and field data.
- Potential privacy risks due to exposure of sensitive information.
Affected / Fixed Versions:
- Affected: Date iCal module versions before 4.0.15.
- Fixed: Upgrade to Date iCal 4.0.15 or later for Drupal 10/11.
Recommendations:
- Update the Drupal Date iCal module to version 4.0.15 or later to mitigate the vulnerability.
Reference link:
18. Multiple Vulnerabilities in HPE Telco Intelligent Assurance
Overview:
- Multiple high-severity vulnerabilities identified in HPE Telco Intelligent Assurance affecting bundled third-party components.
- Issues include Denial of Service (DoS) and HTTP Request Smuggling, impacting service availability and request integrity.
Impact:
- CVE-2025-52999 (CVSS 7.5): Unauthenticated remote attackers can trigger DoS conditions.
- CVE-2026-33870 (CVSS 7.5): HTTP Request Smuggling or inconsistent HTTP request handling, affecting request integrity.
- CVE-2026-33871 (CVSS 7.5): Unauthenticated remote attackers can cause DoS conditions.
Affected / Fixed Versions:
- Affected: HPE Telco Intelligent Assurance 4.2.14 and earlier.
- Fixed: HPE Telco Intelligent Assurance FAS & PDO 4.2.15 or later.
Recommendations:
- Upgrade to version 4.2.15 or later to mitigate vulnerabilities.
- Monitor network traffic for signs of HTTP Request Smuggling and DoS attempts.
Reference link:
19. CVE-2026-43465 net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ
Overview:
- A vulnerability in the net/mlx5e driver related to RX functionality.
- The issue involves improper handling of multi-buffer fragment counting in the XDP (eXpress Data Path) for striding Receive Queues (RQ).
- This flaw could affect packet processing performance or stability.
Impact:
- Potential for packet processing errors or denial of service conditions due to incorrect fragment counting.
- No public reports of exploitation.
Affected / Fixed Versions:
- Specific affected versions are not detailed; updating to the latest driver version with the fix is recommended.
Recommendations:
- Apply the security update that addresses the fragment counting fix in the net/mlx5e driver.
- Monitor for further advisories regarding exploitation or additional mitigations.
Reference link:
20. Discord Announces End-to-End Encryption by Default for Video and Voice Messages
Overview:
- Discord has enabled end-to-end encryption (E2EE) by default for all voice and video communications, including direct messages, group calls, voice channels, and Go Live streams, as of March 2026.
- The encryption is powered by the open-source, externally audited DAVE protocol, designed specifically for real-time audio and video across multiple platforms including desktop, mobile, browser, PlayStation, and Xbox.
- E2EE is mandatory with no fallback to unencrypted communication; clients not supporting DAVE cannot join calls.
- Stage Channels are excluded from E2EE due to architectural reasons.
- Text messaging remains unencrypted due to server-side processing dependencies.
Impact:
- Enhances privacy and security for Discord voice and video communications without impacting call quality or latency.
- Removes risks associated with potential interception of communication streams on the platform.
Recommendations:
- Users should upgrade to the latest Discord clients to benefit from enforced E2EE.
- Developers and security researchers are encouraged to review and contribute to the DAVE protocol, available as an open-source library.
Reference link:
21. Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
Overview:
- Microsoft disclosed two vulnerabilities in Microsoft Defender actively exploited in the wild: a privilege escalation (CVE-2026-41091) and a denial-of-service flaw.
- CVE-2026-41091 has a CVSS score of 7.8 and involves improper link resolution before file access (“link following”).
Impact:
- Successful exploitation of CVE-2026-41091 can allow attackers to gain SYSTEM privileges.
- The denial-of-service vulnerability can disrupt service availability.
Recommendations:
- Apply the latest security updates provided by Microsoft for Defender to mitigate these vulnerabilities promptly.
- Monitor for unusual activity indicating potential exploitation attempts.
Reference link:
22. 9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros
Overview:
- A vulnerability in the Linux kernel tracked as CVE-2026-46333 involves improper privilege management.
- The flaw remained undetected for nine years and was disclosed by cybersecurity researchers.
- It allows unprivileged local users to disclose sensitive files and execute arbitrary commands as root on default installations of several major Linux distributions.
Impact:
- Local privilege escalation leading to full root command execution.
- Potential unauthorized access to sensitive information and complete system compromise.
Affected / Fixed Versions:
- Major Linux distributions with default installations using the flawed kernel version (specific versions not detailed).
Recommendations:
- Update Linux kernel to the latest patched version provided by your distribution.
- Apply all security updates immediately to mitigate exploitation risks.
Reference link:
23. Exploit released for new PinTheft Arch Linux root escalation flaw
Overview:
- Publicly available proof-of-concept (PoC) exploit released for the PinTheft vulnerability on Arch Linux.
- PinTheft is a local privilege escalation flaw allowing attackers to gain root privileges.
Impact:
- Enables local attackers to escalate privileges to root on affected Arch Linux systems.
Recommendations:
- Apply the latest security patches released for Arch Linux to mitigate this vulnerability.
- Restrict access to the system to trusted users to reduce local attack risk.
Reference link:
24. Microsoft Exchange Zero-Day Under Attack, No Patch Available
Overview:
- CVE-2026-42897 is a cross-site scripting (XSS) vulnerability affecting Microsoft Exchange Outlook Web Access (OWA).
Impact:
- Exploitation allows attackers to compromise OWA mailboxes, potentially leading to unauthorized access of email contents.
Recommendations:
- Monitor Exchange environments closely for suspicious OWA activity.
- Apply any available workarounds and prepare to deploy patches once released.
- Harden OWA access controls and implement strict email client security policies.
Reference link: