Trending now

CVE-2026-42211 describes a vulnerability in React Router versions 7.0.0 through 7.14.1, specifically when the library is used in Framework Mode. This flaw can potentially lead to unauthorized remote code execution (RCE) through external requests. The vulnerability stems from a deserialization issue within React Router's vendored `turbo-stream` v2, which permits arbitrary constructor invocation via `TYPE_ERROR` deserialization. Exploiting CVE-2026-42211 is a two-step process. It first requires the application code to have an existing prototype pollution vulnerability, which can then be leveraged to trigger the unauthorized RCE on the remote server. Applications utilizing Declarative Mode (`<BrowserRouter>`) or Data Mode (`createBrowserRouter/<RouterProvider>`) are not affected by this vulnerability. The issue has been addressed in React Router version 7.14.2.

CVE-2026-20245 is a command injection vulnerability found in the command-line interface (CLI) of Cisco Catalyst SD-WAN Manager, previously known as SD-WAN vManage. This flaw arises from insufficient validation of user-supplied input, allowing an authenticated attacker with netadmin privileges to upload a specially crafted file. Upon successful exploitation, the attacker can execute arbitrary commands as root on the affected system. Cisco has observed limited instances of this vulnerability being exploited in the wild, with some cases resulting in configuration changes being pushed to edge devices. It is noted that the required netadmin privileges can be obtained either through valid credentials or by leveraging other vulnerabilities, such as CVE-2026-20182 or CVE-2026-20127.

CVE-2026-46243, dubbed "CIFSwitch," is a local privilege escalation vulnerability found in the Linux kernel's Common Internet File System (CIFS) client implementation. The flaw allows an unprivileged local user to forge `cifs.spnego` key descriptions. These descriptions, which typically contain authority-bearing fields like `pid`, `uid`, and `creduid`, are usually treated by the `cifs.upcall` helper as originating from the kernel. However, userspace can also create keys of this type, enabling an attacker to supply these fields without CIFS origin. The vulnerability arises because the kernel's CIFS subsystem fails to verify that `cifs.spnego` key requests originate from the kernel's CIFS client. This allows an unprivileged user to create a forged `cifs.spnego` request, triggering the normal authentication workflow and causing the root-privileged `cifs.upcall` helper to trust attacker-controlled data.

CVE-2026-50261 describes a use-after-free vulnerability found in the `SyncChangeCounter()` function of the X.Org X server and Xwayland. This flaw can be exploited by a client that establishes multiple `SyncCounters` and subsequently destroys them through a separate client connection while these counters are in the process of being modified. The successful exploitation of this vulnerability could lead to a server crash. Additionally, if the X server is operating with root privileges, it could potentially result in privilege escalation.

CVE-2026-50259 describes a stack-based buffer overflow vulnerability affecting the X.Org X server and Xwayland. The flaw originates within the `_XkbSetMapChecks()` function, which utilizes a fixed-size stack buffer named `mapWidths[256]`. A client-controlled offset allows the helper function `CheckKeyTypes()` to write beyond the bounds of this buffer, resulting in a stack buffer overflow. This vulnerability could potentially be exploited to crash the server or to achieve privilege escalation if the X server is operating with root privileges.

CVE-2026-50263 describes a use-after-free vulnerability found in the `CreateSaverWindow()` function of the X.Org X server and Xwayland. This flaw allows a client to trigger a use-after-free read operation. By manipulating window attributes and forcing the screen saver, an attacker can exploit this vulnerability, which ultimately leads to information disclosure. This issue has been identified in products such as Red Hat Enterprise Linux 10.

CVE-2026-20230 is an unauthenticated Server-Side Request Forgery (SSRF) vulnerability found in the WebDialer component of Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition. This flaw stems from improper input validation of specific HTTP requests, allowing a remote, unauthenticated attacker to send crafted requests. Successful exploitation of this vulnerability enables an attacker to write arbitrary files to the underlying operating system. These files can subsequently be used to escalate privileges to root on the affected system. While proof-of-concept exploit code is publicly available, Cisco has not observed active exploitation of this vulnerability. The affected WebDialer service is disabled by default, meaning only deployments where it has been explicitly enabled are susceptible.

CVE-2025-48595 is an elevation of privilege vulnerability affecting the Android platform. This flaw allows an attacker to gain elevated access without requiring any additional execution privileges or user interaction for successful exploitation. Google has noted that there are indications of limited, targeted exploitation of CVE-2025-48595, making the June 2026 security patch, which addresses this vulnerability, particularly important.

CVE-2022-0492 is a privilege escalation vulnerability found in the Linux kernel, specifically within the `cgroup_release_agent_write` function in the cgroups v1 implementation. This flaw allows an attacker to bypass namespace isolation and escalate privileges. The core issue stems from a missing authorization or capability check, enabling users who should not have such permissions to interact with a critical system file. The vulnerability exploits the `release_agent` feature of cgroups v1. This feature is designed to execute a specified program as the root user when a control group becomes empty. Under normal circumstances, only privileged users should be able to modify the `release_agent` file. However, CVE-2022-0492 allowed unprivileged users to manipulate this file, leading to the execution of arbitrary code with root privileges on the host system, thereby facilitating container escape.

CVE-2024-21182 is an authentication bypass vulnerability found in the Core component of Oracle WebLogic Server, part of Oracle Fusion Middleware. This flaw allows an unauthenticated attacker to gain unauthorized access to the server by exploiting network access via the T3 or IIOP protocols. Successful exploitation of this vulnerability can lead to unauthorized access to critical data or even complete access to all data accessible by the Oracle WebLogic Server. The affected versions include 12.2.1.4.0 and 14.1.1.0.0.