Trending now

CVE-2026-20262 is identified as a directory or path traversal vulnerability affecting Cisco Catalyst SD-WAN Manager, previously known as SD-WAN vManage. This flaw stems from insufficient validation of user-supplied input during file uploads. An authenticated, remote attacker can exploit this by sending a specially crafted HTTP request to an affected API endpoint of the system. Successful exploitation of CVE-2026-20262 allows an attacker to create or overwrite any file on the underlying operating system. This capability can then be leveraged to elevate privileges to root. The vulnerability impacts all deployment types of Cisco Catalyst SD-WAN Manager, including on-premise, cloud-based, and government deployments.

CVE-2026-39808 is an operating system (OS) command injection vulnerability affecting Fortinet FortiSandbox versions 4.4.0 through 4.4.8. This flaw stems from the improper neutralization of special elements used in OS commands, which allows attackers to inject malicious commands into system operations. Successful exploitation of CVE-2026-39808 enables remote attackers to execute unauthorized code or commands on the target system. This can be achieved without requiring any authentication or user interaction, typically through specially crafted HTTP requests to an API endpoint.

CVE-2026-39813 is a path traversal vulnerability identified in Fortinet FortiSandbox. This flaw, specifically a '../filedir' path traversal, exists within the FortiSandbox JRPC API due to insufficient input validation. Exploitation of this vulnerability allows an unauthenticated attacker to bypass authentication and potentially escalate privileges on the system by sending specially crafted HTTP requests. The affected versions include FortiSandbox 4.4.0 through 4.4.8 and FortiSandbox 5.0.0 through 5.0.5.

CVE-2026-25089 is an operating system (OS) command injection vulnerability affecting Fortinet FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS. This flaw, categorized as CWE-78 (Improper Neutralization of Special Elements used in an OS Command), allows an unauthenticated, remote attacker to execute unauthorized commands on the appliance. The vulnerability is triggered by sending specially crafted HTTP requests, specifically exploiting a second-order command injection within the JSON input of the "start VNC" feature in the web-based management interface. Successful exploitation of CVE-2026-25089 can lead to the execution of arbitrary OS commands on the underlying system. Affected versions include FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, all FortiSandbox 4.2 versions, FortiSandbox Cloud 5.0.4 through 5.0.5, and FortiSandbox PaaS 5.0.4 through 5.0.5.

CVE-2026-54420 identifies a vulnerability within the LiteSpeed cPanel plugin, affecting versions prior to 2.4.8, which are included in LiteSpeed WHM PlugIn versions before 5.3.2.0. This flaw stems from the plugin's inadequate handling of symbolic links (symlinks). The vulnerability can be leveraged by a user possessing FTP or web shell access on a shared hosting server that utilizes CloudLinux/CageFS. Through the manipulation of symlinks, an attacker could potentially access or execute arbitrary files located outside of their designated directories, a scenario categorized as a path traversal vulnerability (CWE-61). This issue was actively exploited in May 2026.

CVE-2026-46529 is identified as a command injection vulnerability impacting document viewers such as Evince, Atril, and Xreader. The flaw stems from inadequate quoting of shell-like input within the `ev_spawn()` function in `ev-application.c`. This vulnerability can be exploited through a PDF /GoToR action argv injection, which leverages the `--gtk-module dlopen` mechanism. This allows for the execution of arbitrary code, potentially via a single-click interaction with a specially crafted PDF file.

CVE-2026-27509 describes a vulnerability found in specific firmware versions of the Unitree Go2 robot. This flaw stems from the absence of DDS (Data Distribution Service) authentication or authorization for the `rt/api/programming_actuator/request` topic, which is managed by `actuator_manager.py`. As a result, a network-adjacent and unauthenticated attacker can connect to DDS domain 0. They can then publish a specially crafted message containing arbitrary Python code. This code is subsequently written to the robot's disk under `/unitree/etc/programming/` and linked to a physical controller keybinding. When this keybinding is activated, the injected code executes with root privileges and persists even after the robot reboots. The affected firmware versions include V1.1.7 through V1.1.9, and V1.1.11 (EDU).

CVE-2026-27510 is a remote code execution vulnerability impacting Unitree Go2 quadruped robot firmware versions 1.1.7 through 1.1.11, specifically when these robots are used in conjunction with the Unitree Go2 Android application (com.unitree.doggo2). The vulnerability arises from a lack of integrity protection and validation for user-created programs. The Android application stores these programs, which can contain Python code, in a local SQLite database. When a user initiates a program via a controller keybinding, the application transmits the program's content, including the Python code, to the robot without any cryptographic signing or integrity verification. This allows for the injection of arbitrary Python code, which is then executed with root privileges on the robot by its `actuator_manager.py` component. An attacker with local access to the Android device could tamper with these stored programs, or a malicious program distributed through the application's community marketplace could lead to unauthorized code execution on any robot that imports and runs it.

CVE-2026-54157 is currently in a "RESERVED" state, meaning that a CVE Numbering Authority (CNA) has allocated this identifier for a potential vulnerability. However, as of now, a detailed description of the vulnerability has not been provided, and it is not yet available in the National Vulnerability Database (NVD). Consequently, there are no popular articles or public disclosures detailing the specifics of CVE-2026-54157, such as the affected software, the nature of the flaw, or its potential impact. Information regarding this CVE will be updated by the assigning CNA once details become available.

CVE-2025-8088 is a path traversal vulnerability affecting the Windows version of WinRAR. It allows attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild. It was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. The vulnerability was exploited in phishing attacks to deliver RomCom malware. The attackers can trick the program into saving a file in a different location than the user intended, such as the computer's Startup folder. This allows the attackers to execute their own code. WinRAR patched the vulnerability in version 7.13.