CVE-2026

A high-severity Linux vulnerability, 'Copy Fail' (CVE-2026-31431), enables root privilege escalation across cloud environments and Kubernetes workloads. With a working exploit already in the wild, organizations should act quickly to detect, mitigate, and reduce risk. Source: Microsoft Security Blog.

A critical remote code execution vulnerability (CVE-2026-1731) has been identified in remote monitoring and management software that could be exploited to deploy ransomware and compromise supply chain integrity. The flaw enables attackers to execute arbitrary code, creating significant risk for downstream organizations and critical infrastructure.

A critical security vulnerability (CVE-2026-3854, CVSS 8.7) has been disclosed affecting GitHub.com and GitHub Enterprise Server. The flaw is a command injection issue allowing authenticated users with repository push access to achieve remote code execution through a single git push command.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation: CVE-2024-1708 (ConnectWise ScreenConnect Path Traversal) and CVE-2026-32202 (Microsoft Windows Protection Mechanism Failure). CISA urges all organizations to prioritize timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practices, as these represent significant active threats to enterprise security.

A high-severity SSRF vulnerability in LMDeploy, an open-source toolkit for large language model deployment, is actively being exploited in the wild within 13 hours of public disclosure. CVE-2026-33626 (CVSS 7.5) could allow attackers to access sensitive systems through Server-Side Request Forgery attacks.

CISA has added CVE-2026-33825, a Microsoft Defender Insufficient Granularity of Access Control Vulnerability, to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation. This vulnerability type is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. CISA urges all organizations to prioritize remediation of KEV Catalog vulnerabilities as part of their vulnerability management practices.

CISA added CVE-2026-31431, a Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability, to its Known Exploited Vulnerabilities Catalog based on active exploitation evidence. Federal agencies must remediate this vulnerability per Binding Operational Directive 22-01, and CISA urges all organizations to prioritize remediation as part of vulnerability management practices.

CISA added CVE-2026-41940, a missing authentication vulnerability in WebPros cPanel & WHM and WP2 (WordPress Squared), to its Known Exploited Vulnerabilities Catalog based on active exploitation evidence. The vulnerability is classified as a critical function bypass and represents a frequent attack vector for malicious actors. CISA urges all organizations to prioritize remediation as part of their vulnerability management practices, with federal agencies required to remediate by applicable due dates under BOD 22-01.

CISA has added CVE-2026-39987 (Marimo Remote Code Execution Vulnerability) to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation. Federal agencies are required to remediate by established deadlines under BOD 22-01, while CISA urges all organizations to prioritize remediation of KEV Catalog vulnerabilities as part of their vulnerability management practices.

Microsoft revised its advisory for CVE-2026-32202, a high-severity Windows Shell spoofing vulnerability (CVSS 4.3) that has been actively exploited in the wild. The flaw allows attackers to access sensitive information and was patched as part of Microsoft's Patch Tuesday update.

A new disclosed cPanel flaw tracked as CVE-2026-41940 is being mass-exploited to breach websites and encrypt data in "Sorry" ransomware attacks. [...]