Trending CVEs

Vulnerability: CVE-2026-31431, known as "Copy Fail," is a local privilege escalation vulnerability in the Linux kernel's crypto API (AF_ALG sockets) that allows attackers to write arbitrary data into the page cache of files they do not own, affecting every major Linux distribution.

Trending: The vulnerability is trending due to its severity as a critical LPE flaw disclosed on April 29, 2026, with working proof-of-concept code available, active exploitation in the wild, and a CISA deadline for patching. The disclosure has sparked broader discussions about Linux kernel security and proposals for "kill switch" mechanisms to disable vulnerable functions before patches are available.

Vulnerability: CVE-2026-41940 is an authentication bypass vulnerability in cPanel and WHM versions after 11.40 that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

Trending: Multiple threat actors are actively exploiting this vulnerability in the wild to deploy the Filemanager backdoor, steal credentials, plant SSH keys, and gain remote admin access to hosting environments. Security researchers have documented coordinated attack campaigns, and the widespread exploitation poses significant supply-chain risks to enterprises relying on affected hosting infrastructure.

Vulnerability: CVE-2026-46300, known as Fragnesia, is a Linux kernel local privilege escalation flaw in the XFRM ESP-in-TCP/IPsec path that allows unprivileged users to gain root access by corrupting page-cache memory. The vulnerability affects multiple Linux distributions.

Trending: This vulnerability is trending due to the availability of public exploit code and active patching efforts across major Linux distributions. Security researchers at Wiz published detailed analysis of the flaw, and multiple news outlets and security communities are discussing it as part of a concerning trend of reliable privilege escalation bugs in kernel memory handling.

Vulnerability: NGINX Plus and NGINX Open Source contain a heap buffer overflow vulnerability in the ngx_http_rewrite_module when rewrite directives are combined with unnamed PCRE captures and question mark characters in replacement strings. An unauthenticated attacker can exploit this via crafted HTTP requests to cause worker process restarts, and potentially achieve remote code execution on systems with ASLR disabled.

Trending: CVE-2026-42945 (also known as "NGINX Rift") is trending due to widespread disclosure and rapid patching efforts, with vendors like Bitnami releasing patched container images within hours. Security researchers are actively sharing proof-of-concept exploits and writeups, while discussions highlight that exploitation requires specific configuration conditions and ASLR to be disabled, limiting its real-world impact despite the critical severity designation.

Vulnerability: A buffer overflow vulnerability in the User-ID Authentication Portal service of Palo Alto Networks PAN-OS allows unauthenticated attackers to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls through specially crafted packets. Prisma Access, Cloud NGFW, and Panorama appliances are not affected.

Trending: The vulnerability is trending due to confirmed active exploitation in the wild by suspected nation-state actors beginning in early April 2026, with reports of attackers gaining root access and covering their tracks on exposed firewalls. Additionally, AI-powered exploitation of the zero-day has been documented, and exploit code is circulating on platforms like Telegram.

Vulnerability: A heap-based buffer overflow vulnerability in Microsoft Windows DNS allows unauthorized attackers to execute code over a network. The flaw affects Windows DNS client and was patched as part of Microsoft's May 2026 Patch Tuesday release alongside 137 other vulnerabilities.

Trending: CVE-2026-41096 is generating significant attention due to its critical severity rating and inclusion in a record-breaking May 2026 Patch Tuesday cycle where Microsoft addressed over 130 vulnerabilities, with security researchers highlighting the DNS client vulnerability as particularly alarming despite no confirmed active exploitation at the time of disclosure.

Vulnerability: CVE-2026-40361 is a use-after-free vulnerability in Microsoft Office Word that allows unauthorized attackers to execute code locally. The flaw affects Microsoft Word and was patched as part of Microsoft's May 2026 Patch Tuesday updates.

Trending: This vulnerability is trending due to its critical severity rating and zero-click exploitation capability affecting Outlook and Word, making it a significant threat to enterprise environments. Multiple cybersecurity sources and threat intelligence platforms have flagged it as a priority patch with "exploitation more likely" ratings, prompting urgent calls for organizations to apply May 2026 updates.

Vulnerability: A stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network. The vulnerability affects Windows Server and related Microsoft products used for network authentication and identity infrastructure.

Trending: CVE-2026-41089 is trending as part of Microsoft's May 2026 Patch Tuesday release, which addressed over 130 vulnerabilities including multiple critical remote code execution flaws in Windows networking components. Security researchers have highlighted this Netlogon vulnerability alongside DNS RCE flaws as requiring immediate attention due to high impact, though no active exploitation has been reported at the time of patching.

Vulnerability: CVE-2026-33825 is a privilege escalation vulnerability in Microsoft Defender caused by insufficient granularity of access control that allows an authorized attacker to elevate privileges locally.

Trending: The vulnerability is trending due to active exploitation in the wild as a zero-day, with publicly available proof-of-concept code released and confirmed exploit code documented in CISA's Known Exploited Vulnerabilities catalog. CISA added it to its KEV catalog following evidence of active attacks in the wild.

Vulnerability: A double free vulnerability in Windows IKE Extension (ikeext.dll) allows an unauthorized attacker to execute arbitrary code over a network during IKEv2 fragment reassembly. The vulnerability affects Windows systems including Windows 10 and other versions running the vulnerable IKE service.

Trending: This vulnerability is trending due to its discovery by Microsoft's new AI-powered vulnerability discovery system (MDASH), which identified it as one of four critical Windows remote code execution flaws patched in April 2026. Security researchers and organizations are actively discussing mitigation strategies, with recommendations including firewall blocking and IP-based restrictions for known IKE negotiation endpoints.

Vulnerability: CVE-2026-44664 is an XML injection vulnerability in fast-xml-parser versions up to 1.1.5 where the sanitization fix for CVE-2026-41650 is incomplete, allowing attackers to bypass comment content filtering using three consecutive dashes (---) to break out of XML comments and inject arbitrary XML/HTML content. The vulnerability affects fast-xml-builder and AWS Lambda base images.

Trending: The vulnerability is trending due to its detection in multiple AWS Lambda base images, with security researchers flagging the medium-severity issue across cloud infrastructure. Multiple social media mentions from Lambda-focused security accounts highlight the impact on serverless deployments and the need for updates to affected base images.

Vulnerability: fast-xml-builder versions prior to 1.1.7 are vulnerable to attribute injection when processing JSON input containing quotes in attribute values with entity processing disabled. This allows attackers to insert unwanted attributes into generated XML/HTML output.

Trending: The vulnerability is trending due to its impact on AWS Lambda base images, with multiple mentions across Mastodon and Bluesky highlighting that CVE-2026-44665 affects fast-xml-builder in three Lambda base images, generating significant attention in the serverless and cloud security communities.

Vulnerability: urllib3 versions 2.6.0 to before 2.7.0 contain a decompression flaw that can cause excessive resource consumption (high CPU and memory allocation) when HTTPResponse.read() is called multiple times or when drain_conn() is used after partial decompression. This vulnerability affects Python applications using urllib3, including AWS Lambda base images.

Trending: The vulnerability is gaining attention due to its impact on six AWS Lambda base images, with multiple social media mentions highlighting the HIGH severity rating and widespread exposure in serverless environments used by organizations relying on AWS infrastructure.

Vulnerability: urllib3 versions 1.23 to before 2.7.0 contain a cross-origin redirect vulnerability where sensitive headers are still forwarded when following redirects from the low-level API via ProxyManager.connection_from_url().urlopen() with assert_same_host=False. This affects Python HTTP client applications relying on affected urllib3 versions.

Trending: The vulnerability is trending due to its detection in six AWS Lambda base images, with multiple social media posts highlighting the security impact on serverless deployments and AWS infrastructure.

Vulnerability: CVE-2026-42898 is a code injection vulnerability in Microsoft Dynamics 365 (on-premises) that allows authorized attackers to execute code over a network. The flaw affects the on-premises version of Dynamics 365 and was addressed in Microsoft's May 2026 Patch Tuesday release.

Trending: The vulnerability is receiving attention as part of Microsoft's May 2026 Patch Tuesday, which addressed approximately 137-138 total CVEs including 29-30 critical severity issues. Security researchers have flagged this Dynamics 365 flaw as requiring immediate attention due to its high impact severity, though no active exploitation in the wild has been reported at the time of patching.

Vulnerability: SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerability that allows authenticated attackers to inject malicious SQL statements through unsanitized user input, potentially leading to unauthorized database access and application crashes.

Trending: The vulnerability is trending due to its critical CVSS 9.6 score and inclusion in SAP's May 2026 security patch release covering 15 vulnerabilities across enterprise systems widely used by multinational corporations, government agencies, and financial institutions. Multiple security vendors and researchers have flagged it as an active patching priority with widespread organizational impact.

Vulnerability: PraisonAI versions 2.5.6 to 4.6.33 contain an authentication bypass vulnerability where the legacy Flask API server ships with authentication disabled by default, allowing any caller with network access to trigger configured agent workflows through unauthenticated endpoints without providing a token. The vulnerability was patched in version 4.6.34.

Trending: Security scanners began probing for this vulnerability less than four hours after its public disclosure, according to Sysdig observations, indicating rapid reconnaissance activity targeting the flaw. The quick exploitation attempts and widespread coverage across security news outlets and social media highlight the risks posed by default-insecure configurations in AI orchestration frameworks.

Vulnerability: CVE-2026-41103 is a critical-severity flaw in the Microsoft SSO Plugin for Jira & Confluence that stems from incorrect implementation of the authentication algorithm, allowing unauthorized attackers to elevate privileges over a network.

Trending: The vulnerability is receiving attention as part of Microsoft's May 2026 Patch Tuesday release, which addressed 137-138 vulnerabilities across multiple products. CVE-2026-41103 is flagged with an exploitability rating of "exploitation more likely," indicating threat actors could begin abusing it in attacks, though no active exploitation in the wild has been reported at the time of disclosure.

Vulnerability: The InfusedWoo Pro plugin for WordPress (versions up to 5.1.2) is vulnerable to privilege escalation through missing authorization checks in the iwar_save_recipe() AJAX handler. Unauthenticated attackers can create malicious automation recipes that enable authentication bypass and privilege escalation, allowing any visitor to receive authentication cookies for targeted user accounts including administrators.

Trending: The vulnerability is receiving immediate attention on security-focused social media platforms, with analysts highlighting it as a critical authentication bypass flaw. Reports emphasize the lack of available patches and recommend restricting plugin access or disabling it entirely as an interim mitigation measure.

Vulnerability: CVE-2026-43284, part of the "Dirty Frag" vulnerability chain, is a local privilege escalation flaw in the Linux kernel's ESP (Encapsulating Security Payload) subsystem that allows in-place decryption on shared socket buffer fragments, affecting major Linux distributions including Tails, QNAP, Synology, and others.

Trending: The vulnerability is trending due to active exploitation in the wild and widespread media coverage following a broken embargo that forced premature public disclosure. Security researchers, major Linux vendors, and NAS manufacturers are rushing to release patches, with discussions emerging about implementing kernel "kill switches" as a mitigation strategy until fixes are available.

Vulnerability: Due to improper Spring Security configuration, SAP Commerce Cloud allows unauthenticated users to perform malicious configuration uploads and code injection, resulting in arbitrary server-side code execution with high impact on confidentiality, integrity, and availability.

Trending: This vulnerability is trending due to SAP's May 2026 emergency security patch release addressing 15 vulnerabilities, with CVE-2026-34263 being flagged as critical across multiple security outlets and social media platforms given the widespread use of Commerce Cloud by multinational corporations, government agencies, and financial institutions.

Vulnerability: Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. The vulnerability affects Microsoft SharePoint systems, with over 1,370 servers exposed online.

Trending: CVE-2026-32201 is trending due to active exploitation in the wild, with confirmed exploit code in circulation. The vulnerability received significant social media attention following Microsoft's April Patch Tuesday release, ranking among the top discussed CVEs and prompting security professionals to emphasize the importance of timely patching.

Vulnerability: A race condition in Windows TCP/IP allows an unauthorized attacker to execute code over a network. This vulnerability affects Windows networking components and is classified as critical.

Trending: CVE-2026-33827 is trending due to Microsoft's April 2026 Patch Tuesday release, which addressed it as one of eight critical vulnerabilities, including four critical RCEs discovered by Microsoft's new MDASH AI-powered vulnerability discovery system. Security analysts have highlighted it as part of a notably large patch cycle with multiple actively exploited zero-days requiring immediate attention from IT security teams.

Vulnerability: CVE-2026-42826 is an exposure of sensitive information vulnerability in Azure DevOps that allows an unauthorized attacker to disclose information over a network. The flaw affects Azure DevOps and requires no privileges to exploit.

Trending: This vulnerability is trending as part of Microsoft's May 2026 Patch Tuesday release, which addressed 137-138 security flaws across multiple product families. Security researchers are highlighting CVE-2026-42826 specifically due to its critical severity rating and the requirement for immediate patching, with urgent advisories circulating across security communities and social media platforms.

Vulnerability: CVE-2026-44194 is an authenticated Remote Code Execution (RCE) vulnerability in OPNsense prior to version 26.1.8 that allows users with user-management privileges to execute arbitrary system commands as root by bypassing input validation through specially formatted email address payloads in the local user synchronization flow.

Trending: The vulnerability is receiving significant attention across security communities due to its critical CVSS 9.1 severity rating and active exploitation potential, with multiple security researchers and threat intelligence platforms issuing urgent alerts urging immediate upgrades to version 26.1.8 or later.

Vulnerability: OPNsense, a FreeBSD-based firewall and routing platform, contains a remote code execution vulnerability in versions prior to 26.1.7 where the XMLRPC method opnsense.restore_config_section fails to sanitize user-supplied input, allowing unauthenticated attackers to execute arbitrary code.

Trending: This critical vulnerability (CVSS 9.1) is receiving urgent attention across security communities with calls for immediate patching to version 26.1.7 or later, reflecting the severity of the RCE risk and the widespread use of OPNsense in firewall deployments.

Vulnerability: The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'MWP-Key-Name' HTTP request header in all versions up to and including 4.9.31. Unauthenticated attackers can inject arbitrary web scripts that execute when administrators visit the plugin's connection management page with debug parameters due to insufficient input sanitization and output escaping.

Trending: CVE-2026-3718 is receiving attention on social media platforms with multiple posts highlighting the HIGH severity rating (CVSS 7.2) and the risk it poses to WordPress administrators. The vulnerability is being actively discussed within cybersecurity communities focused on WordPress security.

Vulnerability: PackageKit versions 1.0.2 through 1.3.4 contain a time-of-check time-of-use (TOCTOU) race condition on transaction flags that allows unprivileged local users to install arbitrary RPM packages as root without authentication, leading to local privilege escalation. The vulnerability affects multiple Linux distributions in their default configurations and is fixed in version 1.3.5.

Trending: CVE-2026-41651, nicknamed "Pack2TheRoot," is trending due to its combination of easy exploitability with a high CVSS score of 8.1, widespread impact across Linux distributions, and the fact that it has existed undetected for approximately 12 years. Media coverage from major security outlets, German cybersecurity firm Deutsche Telekom's public disclosure, and active discussion across social media platforms have driven significant attention to this vulnerability.

Vulnerability: CVE-2026-43500 is a local privilege escalation vulnerability in the Linux kernel's rxrpc subsystem that allows unsafe decryption of DATA and RESPONSE packets when paged fragments are present, enabling attackers with local access to escalate privileges to root. The flaw affects multiple major Linux distributions including Fedora, Pop!_OS, Tails, and NAS systems from vendors like QNAP and Synology.

Trending: This vulnerability is trending due to active exploitation in the wild as part of the "Dirty Frag" exploit chain, which Microsoft reports is already being used to escalate compromised systems to root access. The disclosure gained additional attention after an embargo was broken, prompting rushed patching efforts across the Linux ecosystem, with fixes landing in Linux 7.0.6 and 6.18.29 LTS, and researchers discovering new variants of the same flaw still unpatched.

Vulnerability: Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Trending: CVE-2026-35439 is receiving attention as part of Microsoft's May 2026 Patch Tuesday release, which addressed 132-138 security flaws across multiple product families. The vulnerability is among numerous critical issues patched by Microsoft, with several expected to be exploited within 30 days.

Vulnerability: A file and directory accessibility vulnerability in Microsoft Teams allows unauthorized attackers to perform spoofing locally. The vulnerability affects Microsoft Teams, particularly on Android environments in enterprise settings.

Trending: The vulnerability is trending as part of Microsoft's May 2026 Patch Tuesday release, which addressed 132-138 security flaws across multiple product families. It has garnered attention in enterprise IT and cybersecurity communities due to concerns about local spoofing risks in Teams deployments.

Vulnerability: The Motors – Car Dealership & Classified Listings Plugin for WordPress (versions up to 1.4.107) is vulnerable to arbitrary file deletion due to insufficient file path validation in the become-dealer logo upload flow. Authenticated users with subscriber-level access and above can exploit this to delete arbitrary files on affected servers.

Trending: The vulnerability is trending due to its recent publication on May 14, 2026, with a high CVSS score of 8.1, and is receiving active coverage across CVE tracking platforms and social media channels documenting the details and severity of the flaw.

Vulnerability: An Improper Input Validation flaw in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows remotely authenticated users with administrative access to achieve remote code execution.

Trending: CVE-2026-6973 is actively trending due to zero-day exploitation in the wild targeting Ivanti EPMM 12.8.0.0 and earlier versions, with multiple security agencies and researchers reporting active attacks and urging immediate patching of affected systems.

Vulnerability: An improper access control vulnerability in Fortinet FortiAuthenticator versions 8.0.2, 8.0.0, 6.6.0-6.6.8, and 6.5.0-6.5.6 allows attackers to execute unauthorized code or commands remotely without authentication, with a CVSS score of 9.1.

Trending: This vulnerability is trending due to Fortinet's history of critical zero-day and n-day exploits being actively weaponized in the wild, prompting urgent patch deployment recommendations across the security community on Patch Tuesday.

Vulnerability: A heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally. The vulnerability affects Windows and related Microsoft products.

Trending: CVE-2026-35421 is receiving attention as part of Microsoft's May 2026 Patch Tuesday release, which addressed 132-138 security flaws across multiple product families. While no active zero-day exploits in the wild have been reported, Microsoft expects this vulnerability and others in the batch to be exploited within the next 30 days, contributing to the significance of this month's patch cycle.

Vulnerability: CVE-2026-44007 affects vm2, an open source sandbox for Node.js. Prior to version 3.11.1, when a NodeVM is created with nesting: true, sandbox code can unconditionally require('vm2') regardless of the outer VM's require configuration, allowing attackers to construct an inner NodeVM with unrestricted settings and execute arbitrary OS commands on the host.

Trending: This vulnerability is trending due to its critical severity rating (9.1) and widespread impact, with multiple security outlets reporting that thirteen critical vulnerabilities exist in vm2 that enable sandbox escape. Developers are being urgently advised to upgrade to version 3.11.2 to patch all identified vulnerabilities in the library.

Vulnerability: A missing authorization vulnerability in multiple versions of Fortinet FortiSandbox (versions 4.4.0-4.4.8, 5.0.0-5.0.1, Cloud 5.0.2-5.0.5, and PaaS versions 21.3-23.4) allows unauthenticated attackers to execute unauthorized code or commands via HTTP requests.

Trending: CVE-2026-26083 is trending due to its critical severity rating (CVSS 9.1) and classification as a remote code execution vulnerability affecting FortiSandbox. The vulnerability has received significant media coverage as part of Fortinet's patch Tuesday announcement addressing multiple critical flaws, with security organizations emphasizing the need for rapid deployment given Fortinet's history of zero-day and n-day exploits in the wild.

Vulnerability: Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network. This vulnerability was patched as part of Microsoft's May 2026 Patch Tuesday release.

Trending: This vulnerability is trending due to its inclusion in Microsoft's May 2026 Patch Tuesday update, which addressed 132-138 security flaws across multiple product families. The patch cycle garnered significant attention due to the volume of critical vulnerabilities fixed and expectations that several of these issues would be exploited within 30 days.

Vulnerability: A type confusion vulnerability in Microsoft Office Word allows unauthorized attackers to execute code locally by accessing resources using an incompatible type. This flaw affects Microsoft Office Word across multiple versions.

Trending: CVE-2026-40364 is trending as part of Microsoft's May 2026 Patch Tuesday release, which addressed 137-138 vulnerabilities across multiple product families. The vulnerability gained attention within the broader context of this significant monthly patch cycle that included multiple critical flaws and Microsoft's announcement of its agentic AI security system discovering new vulnerabilities.

Vulnerability: CVE-2026-0073 is a logic error in Android's wireless ADB authentication (adbd_tls_verify_cert in auth.cpp) that allows bypass of mutual authentication, leading to remote code execution as the shell user without additional privileges or user interaction. The vulnerability affects Android's System component.

Trending: The vulnerability is trending due to public disclosure of working exploits and proof-of-concept code, with security researchers highlighting it as a zero-click remote code execution flaw that can be exploited via wireless debugging. Multiple security outlets and researchers are discussing the critical nature of the flaw and Google's recent security update to address it.

Vulnerability: Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over a network. The vulnerability affects Microsoft 365 Copilot and related products.

Trending: CVE-2026-26129 is trending as part of Microsoft's May 2026 Patch Tuesday release, which addressed 132-138 security flaws across multiple product families. The vulnerability is one of three critical information disclosure vulnerabilities in Microsoft 365 Copilot that Microsoft disclosed and remediated on May 7, 2026, with news coverage highlighting the critical severity rating and wide scope of this month's patch cycle.

Vulnerability: CVE-2026-26164 is an improper neutralization of special elements in output used by a downstream component (injection) in M365 Copilot that allows unauthorized attackers to disclose information over a network. The vulnerability affects Microsoft 365 Copilot and related Microsoft services.

Trending: The vulnerability is trending as part of Microsoft's May 2026 Patch Tuesday release, which addressed 132-138 security flaws across multiple product families. CVE-2026-26164 is one of three critical information disclosure vulnerabilities affecting Microsoft 365 Copilot that were disclosed and patched on May 7, 2026, with Microsoft noting that 13 issues in this month's patch cycle are expected to be exploited within 30 days.

Vulnerability: A command injection vulnerability in Copilot Chat for Microsoft Edge allows unauthorized attackers to execute commands and disclose information over a network. The vulnerability affects Microsoft Edge's Copilot Chat functionality.

Trending: The vulnerability is trending due to its inclusion in Microsoft's May 2026 Patch Tuesday release, which addressed 132-138 security flaws across multiple product families. CVE-2026-33111 is one of three critical information disclosure vulnerabilities affecting Copilot products that Microsoft disclosed and patched on May 7, 2026, as part of a month with multiple critical-severity issues expected to be exploited within 30 days.

Vulnerability: CVE-2026-33823 is an improper authorization vulnerability in Microsoft Teams that allows an authorized attacker to disclose information over a network.

Trending: This vulnerability is trending as part of Microsoft's May 2026 Patch Tuesday release addressing 132-138 security flaws across multiple product families, with CVE-2026-33823 specifically highlighted on social media as a critical information disclosure issue with a CVSS score of 9.6 affecting Microsoft Teams.

Vulnerability: Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.

Trending: The vulnerability is gaining attention as part of Microsoft's May 2026 Patch Tuesday release, which addressed 138 total security flaws across major products. Security researchers are highlighting CVE-2026-33844 as a critical issue affecting Azure infrastructure, with alerts urging administrators to confirm their services are updated.

Vulnerability: CVE-2026-35428 is a command injection vulnerability in Azure Cloud Shell that allows unauthorized attackers to perform spoofing over a network through improper neutralization of special elements used in commands.

Trending: The vulnerability is trending as part of Microsoft's May 2026 Patch Tuesday release, which addressed 132-138 security flaws across multiple product families. Security researchers and vendors are actively alerting users to update their Azure environments immediately, with the vulnerability highlighted as critical requiring urgent patching.

Vulnerability: Next.js versions 13.4.13 through before 15.5.16 and 16.2.5 are vulnerable to server-side request forgery (SSRF) through crafted WebSocket upgrade requests in self-hosted applications using the built-in Node.js server. An attacker can exploit this to proxy requests to arbitrary internal or external destinations, potentially exposing internal services or cloud metadata endpoints.

Trending: The vulnerability is being actively discussed across security communities on Bluesky and Mastodon with a CVSS score of 8.6, and has been featured in security news recaps covering recent critical vulnerabilities. The issue has gained attention due to its impact on self-hosted Next.js deployments, though Vercel-hosted deployments remain unaffected.

Vulnerability: Next.js versions before 15.5.16 and 16.2.5 are vulnerable to denial of service through connection exhaustion in applications using Partial Prerendering with Cache Components. Malicious POST requests to server actions can trigger request-body handling deadlocks that exhaust file descriptors and server capacity, denying service to legitimate users.

Trending: The vulnerability is receiving attention across security-focused social media platforms including Bluesky and Mastodon, with security news outlets covering it as a high-severity issue affecting a widely-used React framework for full-stack web applications.

Vulnerability: CVE-2026-42208 is a critical SQL injection flaw in LiteLLM versions 1.81.16 to 1.83.6 that allows unauthenticated attackers to read and modify database data by sending specially crafted Authorization headers to LLM API routes. The vulnerability exists in the proxy API key verification process where user-supplied input is directly mixed into database queries instead of being passed as separate parameters.

Trending: CVE-2026-42208 is trending due to active exploitation in the wild occurring within 36 hours of public disclosure, with CISA adding it to its Known Exploited Vulnerabilities catalog. Security researchers and vendors are actively warning about the vulnerability's critical nature and urging immediate patching, with widespread coverage across cybersecurity news outlets and social media platforms highlighting the rapid exploitation timeline.

Vulnerability: CVE-2026-44009 is a sandbox breakout vulnerability in vm2, an open source virtual machine and sandbox for Node.js, affecting versions prior to 3.11.2. The vulnerability enables arbitrary code execution by bypassing the sandbox restrictions through a null prototype exception.

Trending: The vulnerability is receiving attention across multiple security platforms including Bluesky, Mastodon, and security news outlets, with reports highlighting its critical severity rating (9.8) and the ability to achieve sandbox escape and arbitrary code execution on affected systems.