Vulnerability intelligence

CVE-2026-3227 is a command injection vulnerability affecting specific TP-Link router models, including the TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6. This flaw stems from the improper neutralization of special elements within an operating system command. The vulnerability allows an authenticated attacker to upload a specially crafted configuration file via the router's import function. During the processing of this file, specifically during port-trigger processing, the embedded malicious commands are executed with root privileges.

CVE-2026-24207 is an authentication bypass vulnerability found in the NVIDIA Triton Inference Server. This flaw allows an attacker to circumvent security mechanisms, potentially leading to unauthorized access to affected systems. Successful exploitation of this vulnerability could result in various outcomes, including code execution, escalation of privileges, data tampering, denial of service, or information disclosure. The vulnerability can be exploited remotely over a network without requiring authentication or user interaction.

CVE-2026-23111 is a local privilege escalation vulnerability found in the Linux kernel's `nf_tables` subsystem, which is responsible for packet filtering. The flaw stems from a logic error within the `nft_map_catchall_activate()` function, specifically an inverted `genmask` check during the abort path of a failed transaction. This incorrect check prevents the proper reactivation of catchall map elements and, for `NFT_GOTO` verdict elements, can lead to a permanently decremented reference count for `nf_tables` chain objects. This issue can result in a use-after-free condition, where a chain can be prematurely freed while other `nf_tables` state still holds a stale reference to it. An unprivileged local user can exploit this vulnerability on systems where user namespaces and `nftables` are enabled, potentially gaining root access. The vulnerability was patched by removing a single character (an exclamation mark) that caused the inverted logic.

CVE-2026-20230 is an unauthenticated Server-Side Request Forgery (SSRF) vulnerability found in the WebDialer component of Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition. This flaw stems from improper input validation of specific HTTP requests, allowing a remote, unauthenticated attacker to send crafted requests. Successful exploitation of this vulnerability enables an attacker to write arbitrary files to the underlying operating system. These files can subsequently be used to escalate privileges to root on the affected system. While proof-of-concept exploit code is publicly available, Cisco has not observed active exploitation of this vulnerability. The affected WebDialer service is disabled by default, meaning only deployments where it has been explicitly enabled are susceptible.

CVE-2026-12569 is a remote code execution (RCE) vulnerability found in PTC Windchill PDMlink and PTC FlexPLM. This flaw arises from improper input validation and the deserialization of untrusted data. An unauthenticated, remote attacker can exploit this vulnerability by sending specially crafted requests to the affected systems, enabling them to execute arbitrary code. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-12569 to its Known Exploited Vulnerabilities (KEV) catalog, indicating that it is being actively exploited in the wild. Attackers have been observed deploying persistent JSP webshells to facilitate remote command execution and data exfiltration.

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.