VulnCheck reports that attackers are actively exploiting an unpatched flaw in Langflow, a popular open-source platform for building AI applications. The bug (CVE-2026-5027, rated 8.8) is a path-traversal weakness: the file-upload endpoint does not clean the supplied filename, so an attacker can use directory-climbing sequences to write files anywhere on the server, a foothold that leads to remote code execution. Tenable, which found it, says the maintainers did not respond after three contact attempts in early 2026, and there is still no official fix. Early exploitation appears to be probing, with attackers writing harmless test files, but that usually precedes heavier attacks.
Microsoft has shipped the first full patch for an Exchange Server zero-day that attackers have been exploiting since May. The flaw (CVE-2026-42897) is a cross-site scripting bug in Outlook Web Access: an attacker emails a victim, and when the message is opened in OWA, malicious JavaScript runs inside the victim's authenticated session, allowing session-token theft and mailbox impersonation without ever touching the server. It affects Exchange Server 2016, 2019, and Subscription Edition, and CISA added it to its known-exploited list back in May. Until this week only temporary mitigations existed; the June security updates provide the permanent fix.
Google has shipped an emergency Chrome fix for a zero-day in V8, the browser's JavaScript and WebAssembly engine, that attackers are already exploiting in the wild. The flaw (CVE-2026-11645, rated 8.8) is an out-of-bounds memory read and write that lets a malicious web page run code inside Chrome's sandbox, and can help defeat protections like ASLR to set up a fuller compromise. Google confirmed an exploit exists but withheld details until most users update. It is the fifth actively exploited Chrome zero-day of 2026. The fix is in Chrome 149.0.7827.102/103 for desktop; Chromium-based browsers like Edge and Brave need the same update.
Attackers are actively exploiting a flaw in LiteLLM, a widely used open-source gateway that routes requests to AI models, and CISA has added it to its known-exploited-vulnerabilities list. The bug (CVE-2026-42271) lets any authenticated user run commands on the host through test endpoints that spawn whatever command is supplied in the request. Chained with a separate Host-header bypass in the Starlette web framework (CVE-2026-48710), it becomes unauthenticated remote code execution, giving full control of the server, credential theft, and a foothold in connected AI infrastructure. Horizon3.ai has published a proof-of-concept. It follows a LiteLLM SQL injection flaw exploited within 36 hours last month.
Check Point has rushed out a fix for a critical flaw in its Remote Access VPN, Mobile Access, and Spark firewall products that attackers have been exploiting since May 7. The bug (CVE-2026-50751, rated 9.3) is a logic error in how the software checks certificates, letting an unauthenticated attacker log into the VPN with no password, but only on gateways still using the old IKEv1 key-exchange protocol. So far a few dozen organizations have been hit, and at least one intrusion was tied to an affiliate of the Qilin ransomware gang, which used the access to steal data with Rclone before deploying ransomware. A second, unexploited flaw was also patched.
Cisco has warned of an actively exploited, unpatched zero-day in Cisco Catalyst SD-WAN Manager (CVE-2026-20245) that enables root privilege escalation across all deployment types, including on-prem, Cloud, Managed, and FedRAMP Government. The flaw stems from insufficient validation of user-supplied input: an attacker who uploads a crafted file can perform command injection and run arbitrary commands as root. Exploitation requires netadmin privileges - obtained via valid credentials or by chaining CVE-2026-20182 or CVE-2026-20127. Mandiant reported the activity to Cisco's PSIRT in June. Cisco has observed limited cases where exploitation pushed configuration changes to edge devices, and published IoCs pointing to suspicious tenant-list uploads in scripts.log.
CISA has warned that attackers are actively exploiting CVE-2026-28318, a high-severity SolarWinds Serv-U denial-of-service flaw, and added it to the Known Exploited Vulnerabilities catalog. Serv-U is SolarWinds' Windows and Linux managed-file-transfer and FTP software. The flaw is an uncontrolled-resource-consumption weakness: specially crafted POST requests using Content-Encoding: deflate crash the Serv-U service without authentication, in low-complexity attacks needing no user interaction. SolarWinds shipped Serv-U 15.5.4 Hotfix 1 and advised admins who cannot patch to restrict access and block POST requests containing content-encoding. Shodan tracks over 12,000 exposed Serv-U servers (Shadowserver around 3,100). FCEB agencies must patch by June 19 under BOD 22-01.
Wordfence reports active exploitation of CVE-2026-3300 (CVSS 9.8), a remote code execution flaw in the Everest Forms Pro WordPress plugin (about 4,000 active installations) affecting all versions up to 1.9.12. The Calculation Addon's process_filter() function concatenates user-submitted form-field values into a PHP string and passes it to eval() without proper escaping; sanitize_text_field() does not escape single quotes, so unauthenticated attackers can inject and run arbitrary PHP by submitting a crafted value in any string-type field when a form uses the Complex Calculation feature. Exploitation began April 13; Wordfence has blocked 29,300+ attempts. The common payload creates a rogue admin named 'diksimarina.' Patch 1.9.13 shipped March 18.
Google has released the June 2026 Android security patches addressing 124 vulnerabilities, including CVE-2025-48595, a high-severity Android Framework flaw under limited, targeted exploitation. Local attackers can abuse it to gain code execution and escalate privileges on Android 14 or later. Google fixed 18 critical vulnerabilities this cycle across System, Framework, and Qualcomm closed-source components; the most severe is a critical Framework flaw enabling remote privilege escalation with no user interaction. Two patch levels shipped (2026-06-01 and 2026-06-05). CISA added CVE-2025-48595 to its KEV catalog the same day. Pixel devices get updates immediately; other vendors typically lag. Similar Android Framework flaws have historically been abused by commercial spyware.
Hackers are exploiting CVE-2026-8206, a critical privilege-escalation flaw in the Kirki - Freeform Page Builder WordPress plugin, to take over any account including administrators. Defiant's Wordfence blocked over 222 attempts against customers in 24 hours. The plugin is active on more than 500,000 sites; the bug was introduced in version 6.0.0 and affects up to 6.0.6 (nearly 40% of the userbase). It stems from a custom REST password-reset endpoint that accepts an arbitrary email: when a username is supplied, the plugin sends a valid reset link to the attacker-controlled address instead of the owner's. The vendor fixed it in 6.0.7 on May 18; admins should upgrade or disable immediately.