Microsoft fixed 120 vulnerabilities on Tuesday - 17 Critical, no zero-days for the first time since June 2024. Two Word RCEs (CVE-2026-40361 and CVE-2026-40364) trigger just by viewing a malicious document in Outlook's Preview Pane and are rated 'Exploitation More Likely.' Windows DNS Client (CVE-2026-41096) lets an attacker-controlled DNS server execute code on any Windows machine resolving a hostile name - echoing SigRed. Other priorities: Netlogon RCE (CVE-2026-41089) and Microsoft SSO Plugin for Jira and Confluence (CVE-2026-41103, CVSS 9.1).
Fortinet patched two critical RCE flaws Tuesday. CVE-2026-44277 in FortiAuthenticator (Fortinet's IAM/MFA platform) lets unauthenticated attackers execute code via crafted requests. CVE-2026-26083 (CVSS 9.1) in FortiSandbox's web UI lets unauthenticated attackers run code via HTTP requests. Neither is confirmed exploited yet, but Fortinet products have a long exploitation history - CISA flagged FortiClient EMS as actively exploited in April. FortiSandbox is the threat-detection backbone for many Fortinet-centric SOCs; FortiAuthenticator gates MFA and SSO.
SAP's May Patch Day included two CVSS 9.6 critical flaws. CVE-2026-34263 in Commerce Cloud is a missing authentication check from improperly ordered Spring Security rules - unauthenticated attackers can upload configurations and inject code. CVE-2026-34260 in S/4HANA is a SQL injection in the ABAP Enterprise Search component that lets low-privilege authenticated users steal sensitive database records. Both land less than two weeks after four SAP npm packages were hit in the Mini Shai-Hulud attack, putting SAP customers under compounding patch pressure.
Google's Threat Intelligence Group says it caught the first known case of a real attacker using a large language model to find and weaponize a zero-day - a 2FA bypass in a popular but unnamed open-source web-based system administration tool. Google has high confidence the Python exploit was AI-generated, citing textbook code structure, abundant educational docstrings, and a hallucinated CVSS score in the script. The flaw was a high-level logic bug, the kind LLMs excel at spotting, rather than a memory corruption issue. Google rules out Gemini and warns that AI-assisted exploit development is being industrialized via account-pooling and proxy relays for premium models.
Researchers at Cyera disclosed a critical bug in Ollama, the open-source tool that runs large language models locally on laptops and servers. The flaw, called Bleeding Llama (CVE-2026-7482), lets anyone with network access send a malformed model file and read raw process memory back - which typically contains API keys, environment variables, system prompts, and other users' chat history. Ollama ships without authentication by default, so an estimated 300,000 instances are exposed on the internet. Ollama 0.17.1 fixes it. Separately, Striga disclosed two unpatched Ollama Windows desktop flaws (CVE-2026-42248 and CVE-2026-42249) that chain into persistent code execution at login.
cPanel released patches Friday for three new vulnerabilities. The two worst (CVE-2026-29202 and CVE-2026-29203, both CVSS 8.8) let authenticated users execute arbitrary Perl code through the create_user API or escalate privileges via unsafe symlink chmod. The third (CVE-2026-29201, CVSS 4.3) lets authenticated users read arbitrary files. No exploitation observed yet. The disclosure lands while attackers are still mass-exploiting CVE-2026-41940 to deploy 'Sorry' ransomware against cPanel hosts, including a wave targeting government agencies and MSPs (covered May 5). Hosting providers face a compounding patch burden.
Researcher Hyunwoo Kim disclosed Dirty Frag yesterday after an unrelated third party broke the embargo five days early. The flaw chains two Linux kernel page-cache write bugs (xfrm-ESP and RxRPC) to give any local user root access on every major distribution - Ubuntu, RHEL, CentOS Stream, AlmaLinux, openSUSE Tumbleweed, Fedora. Like Dirty Pipe and last week's Copy Fail, it's a deterministic logic bug with no race condition required and no kernel panic on failure. PoC is public on GitHub. The ESP variant patch was merged into the netdev tree on May 7 but distribution kernels remain unpatched. No CVE assigned yet because the embargo broke early.
Ivanti disclosed Wednesday that attackers are exploiting a zero-day in Endpoint Manager Mobile (EPMM) to gain admin-level remote code execution on enterprise MDM servers. CVE-2026-6973. Successful exploitation gives the attacker control over the MDM platform that pushes apps and configurations to managed mobile fleets - a foothold that can pivot into managed devices and the corporate identity layer. CISA added the flaw to its Known Exploited Vulnerabilities catalog the same day with a federal patch deadline next week. Ivanti products have a long history of zero-day exploitation.
Palo Alto Networks confirmed Wednesday that attackers are exploiting a zero-day in its firewall login portal to run code as root on PA-Series and VM-Series firewalls. CVE-2026-0300 (CVSS 9.3) is a buffer overflow in the User-ID Authentication Portal (Captive Portal) that lets unauthenticated attackers send crafted packets and execute code without any login. Palo Alto Unit 42 attributed the activity to CL-STA-1132, a likely state-sponsored cluster that started probing on April 9 and achieved RCE a week later. Attackers deploy tunneling tools and enumerate Active Directory using the firewall's service account. First patches arrive May 13. Shadowserver counts 5,800+ exposed VM-Series firewalls.
vm2 maintainers disclosed a fresh batch of a dozen sandbox-escape vulnerabilities yesterday, including CVE-2026-43997, CVE-2026-44005, and CVE-2026-44006 - all CVSS 10.0. The library is used by 1.3 million weekly downloads worth of Node.js projects to run untrusted JavaScript inside a supposedly safe sandbox - online code runners, chatbots, automation tools, and SaaS platforms with user scripts. Each bug breaks the sandbox in a different way: prototype pollution, sandbox escape via inspect functions, allowlist bypass to reach child_process. vm2 was deprecated in 2023 over similar issues, then resurrected last October. Over 20 documented sandbox-escape bugs - the maintainer himself recommends Docker isolation instead.
TrustStrike Labs