Vulnerabilities - TrustStrike Labs

vulnerability

CVE-2026-20188

2026-05-06

Cisco network management products have a flaw that lets attackers crash them remotely - victims need to manually reboot the device to recover (CVE-2026-20188)

Cisco patched a high-severity denial-of-service flaw in Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO) that lets unauthenticated remote attackers exhaust connection resources and force the system into an unresponsive state. CVE-2026-20188. Recovery requires manual reboot. Cisco's PSIRT has not seen exploitation in the wild yet, but Cisco previously patched similar DoS bugs (CVE-2025-20362, CVE-2025-20333) that ended up being weaponized to force ASA and FTD firewalls into reboot loops, which CISA addressed with an emergency directive in November 2025.

Check: Inventory Cisco CNC and Cisco NSO instances. Check whether their management interfaces are reachable from untrusted networks. Set up monitoring alerts for connection-resource exhaustion on these systems.
Affected: Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO) running unpatched versions. CVE-2026-20188, high severity. The DoS condition requires manual reboot to recover, meaning a successful attack creates extended outages. Service-provider and enterprise customers using Cisco network orchestration are in scope.
Fix: Upgrade Cisco CNC and NSO to fixed versions per Cisco's advisory. Restrict management interfaces to trusted internal networks. Implement rate limiting at the network edge to throttle connection attempts to CNC/NSO ports. Document recovery procedures including console access for manual reboot - a remote-only management plan fails if the box itself becomes unreachable.

vulnerability

CVE-2026-23918 CVE-2026-24072 CVE-2026-28780 CVE-2026-29168 CVE-2026-29169

2026-05-05

Apache web server has a critical flaw in HTTP/2 that crashes servers and could let attackers run code (CVE-2026-23918)

Apache patched a double-free vulnerability in mod_http2 yesterday. CVE-2026-23918 (CVSS 8.8) lets a remote attacker crash the server immediately, with a path to remote code execution under specific memory-layout conditions. The bug is in the stream cleanup code in h2_mplx.c and is triggered by a crafted sequence of HTTP/2 frames including an early stream reset. mod_http2 ships in default Apache builds and HTTP/2 is widely enabled in production. The MPM prefork worker is not affected. Researchers warn practical RCE requires an info leak and probabilistic heap spray, but in lab conditions execution lands in minutes.

apache http2 mod_http2 double-free rce dos cvss-8-8 striga-ai isec apache-http-server

Check: Identify Apache HTTP Server 2.4.66 installations. Run 'httpd -v' or 'apache2 -v' on each server, and check whether mod_http2 is enabled with 'apache2ctl -M | grep http2'.
Affected: Apache HTTP Server 2.4.66 with mod_http2 enabled (default in most builds). CVE-2026-23918, CVSS 8.8. The MPM prefork worker is not affected; MPM event and worker (default in modern installs) are vulnerable. No public proof-of-concept yet but exploitation is straightforward for DoS. Internet-facing Apache servers running HTTP/2 are at acute risk.
Fix: Upgrade to Apache HTTP Server 2.4.67. If immediate upgrade isn't possible, disable mod_http2 with 'a2dismod http2' - but this drops HTTP/2 support entirely. The 2.4.67 release also patches mod_rewrite (CVE-2026-24072), mod_proxy_ajp (CVE-2026-28780), mod_md, and mod_dav_lock - apply all fixes together.

vulnerability

CVE-2026-4670 CVE-2026-5174

2026-05-04

Critical MOVEit Automation flaw lets attackers take over file-transfer servers without logging in - Cl0p hit MOVEit's sister product in 2023 and stole data from 62 million people (CVE-2026-4670)

Progress Software released emergency patches Sunday for two MOVEit Automation flaws. The worst, CVE-2026-4670 (CVSS 9.8), lets remote attackers reach the management interface without logging in - and from there take administrative control. Airbus researchers disclosed both flaws privately and Progress hasn't seen exploitation in the wild, but the comparison with MOVEit's history is uncomfortable: the Cl0p ransomware gang exploited MOVEit Transfer in 2023 to steal data from 2,100 organizations and 62 million individuals. Shodan shows 1,400+ MOVEit Automation instances exposed online, including a dozen linked to US local and state government agencies.

moveit-automation progress-software authentication-bypass airbus-seclab cl0p-history mft cvss-9-8 emergency-patch

Check: Inventory MOVEit Automation instances and check the version under Web Admin > Help > About. Search firewall logs for inbound traffic to the service backend command port.
Affected: MOVEit Automation versions before 2025.1.5, 2025.0.9, and 2024.1.8. CVE-2026-4670 (CVSS 9.8, auth bypass) and CVE-2026-5174 (CVSS 7.7, privilege escalation). 1,400+ internet-exposed instances per Shodan, including state and local government agencies. Internet-reachable management interfaces face acute risk.
Fix: Upgrade to MOVEit Automation 2025.1.5, 2025.0.9, or 2024.1.8 using the full installer (the standard service installer does not patch the flaw). Restrict the management interface to internal networks only. Rotate every credential MOVEit holds for downstream destinations - cloud storage, SFTP servers, partner systems. Block external traffic to the service backend command port at the firewall.

vulnerability

2026-04-30

Google patched a critical 'Gemini CLI' bug that let attackers run code on developer machines through CI pipelines (CVSS 10.0)

Google patched a critical flaw in Gemini CLI, the command-line tool developers use to interact with Gemini models from CI pipelines and dev workstations. CVSS 10.0. The bug let an attacker execute arbitrary code on the developer's machine by feeding crafted input to the CLI - specifically through the same pattern that compromised LiteLLM and several other AI tools recently. A separate but related set of flaws in Cursor, the AI-powered IDE, also enables code execution. The pattern across all these AI dev tools is the same: input validation gaps where attacker-controlled prompts or model output reach a shell or code execution path.

google gemini-cli cursor ai-tools rce cvss-10 ci-pipelines input-validation ai-supply-chain

Check: Upgrade Gemini CLI on every developer machine and CI runner today, and update Cursor to the latest version through the in-app updater.
Affected: Developers and CI/CD pipelines using Gemini CLI before the May 2026 patch. Cursor IDE users on versions before the recent security release. The broader pattern affects every AI command-line tool and IDE extension that processes untrusted input - LiteLLM, LMDeploy, MCP servers, Anthropic's MCP STDIO design, and the npm @validate-sdk/v2 trojan share the same root cause.
Fix: Upgrade Gemini CLI and confirm via 'gemini --version'. Update Cursor through the in-app updater. For CI pipelines, pin Gemini CLI version and rebuild base images. Treat all AI CLI tools as code execution surfaces and run them in sandboxed environments. Audit for any unusual outbound connections from dev machines or CI runners that ran Gemini CLI in the past month.

vulnerability

CVE-2026-3854

2026-04-29

GitHub patched a flaw in March that let any developer take over millions of repos with a single 'git push' - 88% of self-hosted GitHub Enterprise Servers still haven't installed the fix (CVE-2026-3854)

Update on the GitHub flaw covered yesterday: Wiz, who found the bug, published its full disclosure showing 88% of self-hosted GitHub Enterprise Servers were still unpatched at public disclosure on April 28. The bug let any user with push access to one repository run code on the GitHub server itself with a single 'git push'. On GitHub.com, the same bug exposed millions of public and private repositories belonging to other users sharing the same storage node. GitHub.com was patched within 75 minutes, but Enterprise Server installs need patching manually. Wiz found the bug using AI-augmented reverse engineering on closed-source GitHub binaries.

github ghes enterprise-server rce x-stat wiz ai-reverse-engineering 88-percent-unpatched followup

Check: If you run a self-hosted GitHub Enterprise Server, check today whether you're on a patched version and upgrade if not.
Affected: Self-hosted GitHub Enterprise Server instances on versions before the March 2026 patches. CVSS 8.7. Wiz data shows 88% of GHES instances were unpatched at disclosure. The bug needs push access to any repository, including one the attacker creates themselves. GitHub.com and Enterprise Cloud variants are already patched.
Fix: Upgrade to GHES 3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.7, 3.19.4, 3.20.0, or later. Audit /var/log/github-audit.log for push operations with semicolons or unusual special characters in push option values - that's the exploit signature. Until patched, restrict push access and remove unnecessary repository creators.

vulnerability

CVE-2026-24898 CVE-2026-24908 CVE-2026-23627 CVE-2026-24487

2026-04-29

AI security tool finds 38 previously unknown bugs in OpenEMR, the open-source health records system used by 100,000 healthcare providers - two of them rated maximum severity

Aisle, an AI-driven application security firm, ran its analyzer over OpenEMR's source code and found 38 previously unknown vulnerabilities, including two with maximum severity (CVSS 10.0). OpenEMR is the open-source electronic health records system used by 100,000 healthcare providers serving 200 million patients. The two critical bugs let attackers reach into patient databases without logging in: CVE-2026-24898 lets any unauthenticated visitor receive the medical practice's API tokens by sending a single POST request, and CVE-2026-24908 is a SQL injection in the patient REST API. OpenEMR has now patched all 38.

openemr aisle ai-security healthcare ehr sql-injection unauthenticated 100k-providers 200m-patients hipaa

Check: If your organization runs OpenEMR, upgrade to the latest patched build today and audit access logs for unauthenticated POST requests to MedEx recall/reminder endpoints.
Affected: OpenEMR deployments before the April 2026 security update. Particularly acute for any internet-reachable instance because CVE-2026-24898 is unauthenticated. The 100,000 OpenEMR healthcare providers are typically smaller US clinics and under-resourced settings worldwide - the segments least likely to have a fast patching process.
Fix: Upgrade OpenEMR to the latest 8.x patched release. Audit application logs for any POST to the MedEx recall/reminder endpoint and for unusual _sort parameter values in the patient REST API - those are the exploit signatures. Restrict OpenEMR's admin and API endpoints to internal management networks. Rotate API tokens issued before the patch was applied since they may have been exposed via CVE-2026-24898.

vulnerability

CVE-2026-31431

2026-04-29

9-year-old Linux kernel bug 'Copy Fail' lets any user with shell access become root in seconds - works on every major distribution since 2017 (CVE-2026-31431)

Researchers at Theori and Xint disclosed Copy Fail yesterday, a Linux kernel bug introduced in 2017 that lets any unprivileged user with shell access become root in seconds. The exploit is a 732-byte Python script that works without version-specific tweaks on every major Linux distribution since 2017 - Ubuntu, Amazon Linux, RHEL, SUSE. Unlike previous kernel bugs (Dirty Cow, Dirty Pipe), Copy Fail has no race condition and no per-kernel offsets. It also leaves no trace on disk because it only modifies the in-memory page cache. The bug was found using AI-assisted reverse engineering and has been hiding in the open for nearly nine years.

linux kernel copy-fail privilege-escalation page-cache theori xint container-escape ai-assisted authencesn af-alg 9-year-old

Check: Update the kernel on every Linux server, container host, and CI runner you operate today, especially anything that runs untrusted code or hosts multiple tenants.
Affected: Every Linux distribution since 2017 with kernel 4.14 or later. CVE-2026-31431, CVSS 7.8. Acute risk: shared-kernel multi-tenant environments (Kubernetes nodes, Docker hosts), CI/CD runners that execute untrusted PR code (GitHub Actions self-hosted, GitLab runners, Jenkins agents), notebook hosts, and anything using Linux containers as a security boundary. Firecracker microVMs and gVisor are not affected.
Fix: Apply the kernel update from your distribution that includes commit a664bf3d603d. Until patched, blacklist the algif_aead module: 'echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf' then 'rmmod algif_aead'. The disable does not break dm-crypt, kTLS, IPsec, or SSH. For multi-tenant Kubernetes clusters, treat container boundaries as broken until patched.

vulnerability

CVE-2026-0204 CVE-2026-0205 CVE-2026-0206

2026-04-29

SonicWall patches three SonicOS firewall flaws after CrowdStrike disclosed them - the worst lets attackers reach the management interface without logging in (CVE-2026-0204)

SonicWall released emergency firmware updates for Gen 6, Gen 7, and Gen 8 firewalls after CrowdStrike's research team disclosed three SonicOS flaws on April 29. The worst is CVE-2026-0204 (CVSS 8.0), a weak authentication bug in the management interface that lets an attacker on an adjacent network reach management functions without logging in - and from there change firewall rules, disable security protections, or open new holes. The other two are post-authentication: CVE-2026-0205 is a path traversal that breaks out of restricted directories, and CVE-2026-0206 is a buffer overflow that crashes the firewall. No public exploits yet.

sonicwall sonicos firewall authentication-bypass crowdstrike gen6-7-8 management-interface ssl-vpn

Check: Patch every SonicWall Gen 6, Gen 7, and Gen 8 firewall to the latest firmware today, and confirm no SonicWall management interface or SSL-VPN is reachable from the public internet.
Affected: Gen 6 firewalls (TZ 300/400/500/600, NSA, SM, SOHO) running 6.5.5.1-6n or older. Gen 7 firewalls and NSv (TZ270-TZ670, NSa 2700-6700, NSsp, NSv on ESX/KVM/Hyper-V/AWS/Azure) running 7.0.1-5169 or 7.3.1-7013 or older. Gen 8 (TZ80-TZ680, NSa 2800-5800) running 8.1.0-8017 or older.
Fix: Upgrade to Gen 8 firmware 8.2.0-8009, Gen 7 firmware 7.3.2-7010, or Gen 6 6.5.5.2-28n. Until patched, disable HTTP and HTTPS firewall management on all interfaces, disable SSL-VPN, and restrict management to SSH only from trusted IPs. Take a full configuration backup before upgrading Gen 6 - downgrading from 6.5.5.2-28n deletes all LDAP users and resets MFA.

vulnerability

CVE-2026-42208

2026-04-28

Hackers raced to exploit a critical LiteLLM flaw 36 hours after disclosure - any attacker who could reach the proxy could read all stored AI API keys (CVE-2026-42208)

LiteLLM, the popular open-source gateway used to centralize API access for OpenAI, Anthropic, and other AI providers, has a critical pre-authentication SQL injection bug that attackers started exploiting just 36 hours after the security advisory went public. The flaw lets anyone who can reach the proxy port read all the API keys stored inside - including master keys, virtual keys, and provider credentials. The bug was in the bearer-token check: the token was concatenated into a SQL query instead of passed as a parameter. Sysdig saw the first attack at 04:24 UTC on April 26, hitting three tables that hold the most valuable secrets.

litellm ai-gateway sql-injection pre-auth openai anthropic credential-theft sysdig actively-exploited

Check: If you run any internet-facing LiteLLM proxy, patch to v1.83.7-stable today and treat every API key, virtual key, and stored provider credential as compromised.
Affected: LiteLLM versions 1.81.16 through 1.83.6, internet-reachable on the default proxy port. CVE-2026-42208, CVSS 9.3, pre-auth SQL injection. Blast radius is closer to a full cloud account compromise than a typical web app bug because LiteLLM holds OpenAI, Anthropic, and AWS Bedrock credentials.
Fix: Patch to LiteLLM v1.83.7-stable. If you can't upgrade, set 'disable_error_logs: true' under 'general_settings' as a workaround. Rotate every virtual key, master key, and upstream provider credential. Audit upstream provider billing for unexpected API calls since April 24. Block traffic from 65.111.27.132 and 65.111.25.67 (AS200373).

vulnerability

CVE-2026-3854

2026-04-28

Critical GitHub flaw lets a single 'git push' run code remotely on the server - patched, but most self-hosted GitHub Enterprise instances haven't updated yet (CVE-2026-3854)

Researchers disclosed CVE-2026-3854, a critical GitHub Enterprise Server flaw that lets anyone with push access execute arbitrary commands on the GitHub server with a single git push. The bug is in how Enterprise Server handles repository hooks during push operations - a crafted commit message or filename bypasses the sanitization that normally prevents shell injection. GitHub patched it last week, but self-hosted instances need to apply the patch manually, and telemetry shows most haven't yet. Anyone with developer-level access to a vulnerable Enterprise Server can take over the entire instance, then pivot into every repository and CI/CD secret it hosts.

github-enterprise-server rce git-push supply-chain ci-cd self-hosted critical

Check: If you run a self-hosted GitHub Enterprise Server, apply the latest patch this week and review push activity from any low-privilege accounts since the patch was released.
Affected: Self-hosted GitHub Enterprise Server instances on versions before the April 2026 patch. The bug requires push access to any repository, which means every developer with commit rights is a potential entry point. CI/CD secrets, signing keys, and source code are exposed. GitHub.com (the SaaS product) is not affected.
Fix: Upgrade GitHub Enterprise Server to the patched release per GitHub's advisory. Until patched, restrict push access to trusted accounts and require code review on all pushes. Audit Enterprise Server logs for unusual git operations or shell processes spawning from the GitHub system user. Rotate any CI/CD secrets, signing keys, and webhook tokens stored on the server.