Activity

Vulnerability name

Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability

Product

Cisco Catalyst SD-WAN Manager

CVE-2026-20245 is a command injection vulnerability found in the command-line interface (CLI) of Cisco Catalyst SD-WAN Manager, previously known as SD-WAN vManage. This flaw arises from insufficient validation of user-supplied input, allowing an authenticated attacker with netadmin privileges to upload a specially crafted file. Upon successful exploitation, the attacker can execute arbitrary commands as root on the affected system. Cisco has observed limited instances of this vulnerability being exploited in the wild, with some cases resulting in configuration changes being pushed to edge devices. It is noted that the required netadmin privileges can be obtained either through valid credentials or by leveraging other vulnerabilities, such as CVE-2026-20182 or CVE-2026-20127.

Vulnerability name

Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability

Product

Arista Extensible Operating System

CVE-2026-7473 describes a vulnerability affecting Arista EOS platforms that have a tunnel decapsulation configuration enabled. This includes configurations such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface. The core issue is that the affected switch will incorrectly decapsulate and forward unexpected tunneled packets if their destination IP matches the configured decapsulation IP. This vulnerability arises because the switch fails to verify the tunnel protocol type, which can lead to the processing of non-configured tunnel traffic. This issue has been reported as being actively exploited in the wild and is included in CISA's Known Exploited Vulnerabilities Catalog.

Vulnerability name

Google Chromium V8 Out-of-Bounds Read and Write Vulnerability

Product

Google Chromium V8

CVE-2026-11645 is an out-of-bounds read and write vulnerability found in the V8 JavaScript engine of Google Chrome. This flaw allows a remote attacker to execute arbitrary code within the browser's sandbox by enticing a user to visit a specially crafted HTML page. The vulnerability affects Google Chrome versions prior to 149.0.7827.103, as well as other Chromium-based browsers that utilize the V8 engine. Google has confirmed that an exploit for CVE-2026-11645 exists and is being actively used in the wild.

Vulnerability name

Check Point Security Gateway Improper Authentication Vulnerability

Product

Check Point Security Gateway

CVE-2026-50751 is an authentication bypass vulnerability affecting Check Point Remote Access VPN, Mobile Access, and Spark Firewall products. This flaw arises from a logic flow weakness in the certificate validation process within the deprecated IKEv1 key exchange protocol. Exploitation of this vulnerability allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without requiring a valid user password. Successful exploitation requires specific conditions, including the enablement of Remote Access VPN or Mobile Access, active IKEv1 for remote access, and gateways that accept legacy Remote Access clients without demanding a machine certificate for connections. While a VPN session can be established, additional post-authentication activity is necessary to access internal resources or escalate privileges.

Vulnerability name

BerriAI LiteLLM Command Injection Vulnerability

Product

BerriAI LiteLLM

CVE-2026-42271 is a command injection vulnerability found in LiteLLM, an open-source proxy server designed to expose Large Language Model (LLM) APIs in an OpenAI-compatible format. This flaw affects LiteLLM versions from 1.74.2 up to, but not including, 1.83.7. The vulnerability resides in two Model Context Protocol (MCP) preview endpoints, `POST /mcp-rest/test/connection` and `POST /mcp-rest/test/tools/list`, which incorrectly accepted full server configurations, including fields for `command`, `args`, and `env` used by the `stdio` transport. Exploitation of CVE-2026-42271 allows an authenticated attacker, even with a low-privilege API key, to execute arbitrary commands on the LiteLLM proxy host. This occurs because the vulnerable endpoints would spawn the supplied command as a subprocess with the privileges of the proxy process. The issue has been patched in LiteLLM version 1.83.7, which introduced additional authorization controls requiring the `PROXY_ADMIN` role for these test endpoints. Furthermore, this vulnerability can be chained with CVE-2026-48710, a Starlette "BadHost" host header validation bypass, to achieve unauthenticated remote code execution.