Tag: cve-2026-21262

soc

CVE-2026-20182: Critical Authentication Bypass in Cisco SD-WAN Can Grant Admin Access

A vulnerability affecting Cisco Catalyst SD-WAN Controller has drawn urgent attention after Cisco, Rapid7, and CISA confirmed active exploitation. CVE-2026-20182 is a critical authentication bypass flaw in Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager that carries a CVSS 10.0 score and can let an unauthenticated remote attacker gain administrative privileges on an affected […]

Mehr lesen →
soc

CVE-2026-42897: Exchange Server OWA Spoofing Flaw Exploited via Crafted Email

Microsoft has disclosed a vulnerability impacting on-premise versions of Exchange Server that is already seeing active exploitation in the wild. Tracked as CVE-2026-42897, the issue carries a CVSS score of 8.1 and affects Exchange Server 2016, Exchange Server 2019, and Exchange Server Subscription Edition, while Exchange Online is not impacted. Microsoft describes it as a […]

Mehr lesen →
soc

CVE-2026-20182: Cisco Catalyst SD-WAN Auth Bypass Added to CISA KEV

CVE-2026-20182: Cisco Catalyst SD-WAN Auth Bypass Added to CISA KEV Cisco has disclosed CVE-2026-20182, a critical authentication bypass affecting Cisco Catalyst SD-WAN Controller (formerly vSmart) and Cisco Catalyst SD-WAN Manager (formerly vManage). The flaw is in the peering authentication / control-connection handshake process and can allow an unauthenticated remote attacker to bypass authentication and gain […]

Mehr lesen →
soc

CVE-2026-42945: 18-Year-Old NGINX Rewrite Flaw May Enable Unauthenticated RCE

Web infrastructure bugs remain especially dangerous when they sit in widely deployed request-handling logic for years without detection. Among the latest vulnerabilities impacting NGINX Plus and NGINX Open, the CVE-2026-42945 vulnerability stands out as an 18-year-old heap buffer overflow in ngx_http_rewrite_module that can be reached by an unauthenticated attacker through crafted HTTP requests and may […]

Mehr lesen →
soc

CVE-2026-46300: Fragnesia Linux Kernel Flaw Grants Root via Page Cache Corruption

Local privilege-escalation bugs remain especially dangerous when they turn an ordinary user foothold into immediate root access. The CVE-2026-46300 vulnerability, nicknamed Fragnesia, is a high-severity Linux kernel flaw in the XFRM ESP-in-TCP subsystem that allows an unprivileged local attacker to write arbitrary bytes into the page cache of read-only files and escalate privileges. Public reporting […]

Mehr lesen →
soc

CVE-2026-42945: NGINX Rewrite Heap Overflow Enables Remote DoS & Potential RCE

CVE-2026-42945: NGINX Rewrite Heap Overflow Enables Remote DoS & Potential RCE CVE-2026-42945 is a heap-based buffer overflow in NGINX that occurs in ngx_http_rewrite_module (the rewrite module). The bug is remotely reachable over HTTP and can be triggered without authentication when specific rewrite-rule patterns are present, which makes it relevant for internet-facing NGINX reverse proxies. Many […]

Mehr lesen →