Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: rce (62 articles)Clear

Critical FortiSandbox flaw lets unauthenticated attackers run commands

Fortinet has patched a critical flaw in FortiSandbox, the appliance that detonates suspicious files and feeds malware verdicts to the rest of a Fortinet security deployment. The bug (CVE-2026-25089, rated 9.8) is an OS command injection in the web interface that lets a remote, unauthenticated attacker run arbitrary commands by sending crafted HTTP requests. Compromising a sandbox is especially dangerous because attackers can both pivot deeper into the network and blind the very system meant to catch malware. Fixed versions are FortiSandbox 5.0.6 and 4.4.9, with matching updates for the Cloud and PaaS editions.

Check
Identify FortiSandbox appliances and their version and whether the web interface is reachable from untrusted networks, and review HTTP and admin logs for unexpected command execution.
Affected
FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS web interfaces before the fixed releases (CVE-2026-25089), reachable by remote unauthenticated attackers over HTTP.
Fix
Upgrade FortiSandbox to 5.0.6 or 4.4.9 (and the matching Cloud and PaaS releases) now, and restrict management-interface access to trusted networks until patched.

Attackers exploit unpatched Langflow flaw for unauthenticated code execution

VulnCheck reports that attackers are actively exploiting an unpatched flaw in Langflow, a popular open-source platform for building AI applications. The bug (CVE-2026-5027, rated 8.8) is a path-traversal weakness: the file-upload endpoint does not clean the supplied filename, so an attacker can use directory-climbing sequences to write files anywhere on the server, a foothold that leads to remote code execution. Tenable, which found it, says the maintainers did not respond after three contact attempts in early 2026, and there is still no official fix. Early exploitation appears to be probing, with attackers writing harmless test files, but that usually precedes heavier attacks.

Check
Identify any internet-facing Langflow instances, confirm the version, and review the server filesystem and web logs for unexpected files written via the /api/v2/files upload endpoint.
Affected
Internet-exposed Langflow deployments where the file-upload endpoint is reachable (CVE-2026-5027). No vendor patch is available yet, and active exploitation is already under way.
Fix
Until a fix ships, take Langflow off the public internet or place it behind authentication and a WAF that blocks path-traversal payloads, and restrict the upload endpoint.

Critical Ivanti Sentry flaw gives unauthenticated attackers root

Ivanti has patched two critical flaws in Sentry, its mobile gateway appliance (formerly MobileIron Sentry) that sits in line between mobile devices and back-end systems like Exchange. The worst, CVE-2026-10520, rated a perfect 10, is an OS command injection in an internal configuration API that mistakenly accepts commands from anyone who can reach it over the internet, with no login, granting remote code execution as root. The second, CVE-2026-10523 (9.9), is an authentication bypass that lets attackers create their own admin accounts. No exploitation has been seen yet, but watchTowr has already published a patch analysis and a detection script, so the window is closing fast.

Check
Identify Ivanti Sentry appliances and their version, restrict who can reach the management and configuration endpoints, and run watchTowr's detection script to confirm whether instances are vulnerable.
Affected
Ivanti Sentry (formerly MobileIron Sentry) versions 10.5.1, 10.6.1, 10.7.0 and earlier, exposed to untrusted networks (CVE-2026-10520 root RCE; CVE-2026-10523 admin-account auth bypass).
Fix
Upgrade Ivanti Sentry to R10.5.2, R10.6.2, or R10.7.1 immediately, then review appliances for rogue administrator accounts and any signs of command execution before patching.

Six protobuf.js flaws let malicious schemas run code in Node.js apps

Researchers at Cyera have disclosed six vulnerabilities, collectively named Proto6, in protobuf.js, a JavaScript and TypeScript library for Google's Protocol Buffers data format that sees more than 50 million downloads a week. The flaws stem from the library trusting schema and metadata by default, so a single malicious schema or crafted payload can crash a service, inject code, or lead to remote code execution. Cyera demonstrated real attacks including poisoning CI/CD pipelines to leak build secrets and crashing WhatsApp automation bots. Because protobuf.js is embedded across cloud services, AI platforms, and build systems, the reach is broad. Fixed versions are 7.5.6 and 8.0.2.

Check
Inventory applications and pipelines that depend on protobuf.js directly or transitively, and identify any that deserialize Protobuf data or generate code from schemas supplied by untrusted sources.
Affected
Node.js applications, cloud client libraries, CI/CD pipelines, and messaging frameworks using protobuf.js before 7.5.6 or 8.0.2 (CVEs include CVE-2026-44289, CVE-2026-44295) that process untrusted schemas.
Fix
Upgrade protobuf.js to 7.5.6 or 8.0.2 and protobufjs-cli to 1.2.1 or 2.0.2, and treat incoming schemas and descriptors as untrusted input rather than safe data.

LiteLLM AI gateway flaw exploited for unauthenticated remote code execution

Attackers are actively exploiting a flaw in LiteLLM, a widely used open-source gateway that routes requests to AI models, and CISA has added it to its known-exploited-vulnerabilities list. The bug (CVE-2026-42271) lets any authenticated user run commands on the host through test endpoints that spawn whatever command is supplied in the request. Chained with a separate Host-header bypass in the Starlette web framework (CVE-2026-48710), it becomes unauthenticated remote code execution, giving full control of the server, credential theft, and a foothold in connected AI infrastructure. Horizon3.ai has published a proof-of-concept. It follows a LiteLLM SQL injection flaw exploited within 36 hours last month.

Check
Identify internet-facing LiteLLM proxy deployments and their version, check the Starlette version in use, and review logs of the /mcp-rest/test endpoints for unexpected command execution.
Affected
LiteLLM AI gateway and Python SDK (BerriAI) deployments exposing the vulnerable test endpoints (CVE-2026-42271), especially when paired with Starlette versions vulnerable to the Host-header bypass (CVE-2026-48710).
Fix
Upgrade LiteLLM and Starlette to the fixed releases immediately, restrict the affected endpoints to trusted networks, and rotate any credentials or API keys reachable from the LiteLLM host.

Veeam backup server flaw lets low-privilege domain users run code

Veeam has patched a critical flaw in Backup and Replication, one of the most widely deployed enterprise backup tools, that lets any authenticated low-privilege domain user run code remotely on the backup server. The bug (CVE-2026-44963, rated 9.4) only affects version 12 installations joined to an Active Directory domain; version 13, which uses a different architecture, is not affected, and workgroup setups are safe. No exploitation has been seen yet, but Veeam warns attackers often move quickly once patches reveal the flaw, and backup servers are a prime ransomware target because compromising them cripples recovery. The fix is build 12.3.2.4854.

Check
Identify Veeam Backup and Replication version 12 servers, determine which are joined to an Active Directory domain, and review the domain-user access granted to the backup console.
Affected
Domain-joined Veeam Backup and Replication 12.3.2.4465 and earlier version 12 builds (CVE-2026-44963). Version 13 and workgroup-only deployments are not affected.
Fix
Upgrade to Veeam Backup and Replication 12.3.2.4854 now. Where patching must wait, isolate backup servers from the domain network and tighten which domain users can reach the console.

Chained UniFi OS flaws give unauthenticated root on Ubiquiti gateways

Researchers at Bishop Fox have shown that three maximum-severity flaws Ubiquiti patched in May can be chained into a single attack that hands an unauthenticated attacker root access to UniFi OS Server with one crafted web request. Two flaws (CVE-2026-34908 and CVE-2026-34909) bypass the login gateway by abusing how the server reads encoded web addresses; the third (CVE-2026-34910) injects commands into the package-update feature, which runs with passwordless sudo, making escalation to root trivial. The flaws hit version 5.0.6 and earlier across widely used gear like UDM, UCG, and UNVR appliances. Bishop Fox released a free script to check for exposure.

Check
Inventory UniFi OS Server and gateway appliances (UDM, UCG, UNVR) for version 5.0.6 or earlier, and run Bishop Fox's detection script against the management interface to confirm exposure.
Affected
UniFi OS Server 5.0.6 and earlier on UDM, UDM-Pro, UCG, UNVR, and related Ubiquiti appliances; the chain (CVE-2026-34908/34909/34910, all CVSS 10.0) yields unauthenticated root.
Fix
Update to UniFi OS Server 5.0.8 (unifi-core 5.0.153) or later. Because patching does not undo prior compromise, rotate credentials and run incident response where exposure is suspected.

Gogs patches critical RCE zero-day exposing private repos and credentials

Gogs, a popular self-hosted Git service, has finally patched a critical zero-day that Rapid7 disclosed in late May when no fix existed. The flaw (CVSS 9.4, no CVE assigned yet) lets a logged-in user with no admin rights run commands on the server by opening a pull request whose branch name secretly injects an exec option into a git rebase. Because Gogs ships with open registration on by default, an attacker can simply create an account to reach it. Successful exploitation means full server takeover: reading every private repository, dumping password hashes, API tokens, SSH keys, and 2FA secrets, and tampering with hosted source code.

Check
Identify internet-facing Gogs instances and their version, check whether open registration is enabled, and review logs for unexpected pull requests with unusual branch names or new low-privilege accounts.
Affected
Self-hosted Gogs servers up to and including 0.14.2 and 0.15.0+dev, especially those with the default open registration and unlimited repository creation enabled.
Fix
Upgrade to the patched Gogs release immediately. As interim mitigation, disable open registration and restrict repository creation, and rotate any credentials or tokens stored on the server.

AI agent finds 21 FFmpeg zero-days, public exploit code released

A security startup's autonomous AI agent scanned FFmpeg, the open-source media library built into countless video and audio tools, and turned up 21 previously unknown bugs, each with working proof-of-concept code that crashes or corrupts memory when the software processes a malicious media file. Several flaws are 15 to 20 years old; one dates back to 2003. Nine already carry CVE numbers (CVE-2026-39210 through CVE-2026-39218), and the rest are fixed but not yet numbered. The whole run cost about $1,000. Because FFmpeg sits inside browsers, media servers, and apps everywhere, any product that decodes untrusted video could be at risk.

Check
Inventory software and services that bundle FFmpeg or libav, especially media servers and transcoding pipelines that decode untrusted, user-supplied video or audio files.
Affected
FFmpeg builds containing the affected parsers and demuxers (TS, VP9, DASH, and others). Nine flaws tracked as CVE-2026-39210 through CVE-2026-39218; remaining bugs fixed but unnumbered.
Fix
Apply upstream fixes by updating to the newest official FFmpeg build; distributions are shipping patches now. Rebuild any app that statically bundles FFmpeg against the fixed code.

Chrome patches record 429 flaws, including a sandbox-escape RCE

Google shipped Chrome 149 with fixes for 429 security bugs, the most ever in a single Chrome release. More than 100 are rated critical or high. The worst, an out-of-bounds read and write in the ANGLE graphics engine that Chrome uses to render web pages, lets a booby-trapped website break out of the browser's protective sandbox and run code on the victim's computer; Google paid a $97,000 bounty for it. None are confirmed under attack yet, but a sandbox escape is the kind of bug attackers race to weaponize, so patching before that happens matters.

Check
Check the Chrome version on every managed endpoint (chrome://version or your MDM inventory) and confirm Chromium-based browsers like Edge and Brave are also updated.
Affected
Google Chrome before version 149 on Windows, macOS, and Linux. Worst flaw CVE-2026-10881 (CVSS 9.6), an ANGLE out-of-bounds read and write enabling sandbox escape.
Fix
Update Chrome to version 149 or later and relaunch to apply it. Push the update through enterprise policy and patch Edge, Brave, and other Chromium browsers.