Skip to main content
CVE-2026-7452 HIGH PATCH This Week

Arbitrary code execution in Autodesk 3ds Max 2026 (<2026.1) and 2027 (<2027.1) is possible when a user opens a maliciously crafted WRL (VRML) file, triggering a memory corruption (buffer overflow) condition that runs attacker code in the context of the 3ds Max process. The flaw was reported by Autodesk itself and carries a CVSS 7.8 (local, user-interaction required); no public exploit has been identified and EPSS is 0.01%, indicating no observed exploitation activity to date. SSVC rates technical impact as total but exploitation as none and not automatable, consistent with a file-format parser bug requiring social engineering.

Buffer Overflow RCE 3ds Max
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-7451 HIGH PATCH This Week

Out-of-bounds write in Autodesk 3ds Max 2026 and 2027 enables arbitrary code execution when a user opens a maliciously crafted TIF image file, with impact ranging from process crash to data corruption to code execution in the context of the running application. The flaw requires local file handling and user interaction (UI:R), and there is no public exploit identified at time of analysis. EPSS is negligible (0.01%) and SSVC marks exploitation status as none, but the technical impact is rated total, making this a credible client-side risk for design and VFX workstations.

Memory Corruption Buffer Overflow RCE 3ds Max
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43306 HIGH PATCH This Week

Local privilege escalation in Apple macOS allows a malicious app already running with low privileges to elevate to root by exploiting a logic flaw (improper privilege management) that was resolved with additional validation checks. The flaw affects macOS Sonoma before 14.8, macOS Sequoia before 15.7, and macOS Tahoe before 26, and was reported by Apple itself. There is no public exploit identified at time of analysis and no EPSS or KEV signal was provided, indicating no confirmed active exploitation.

Apple Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-9496 HIGH PATCH This Week

Denial of service in npm's pacote package (versions 11.2.7 and later) allows remote unauthenticated attackers to exhaust CPU by submitting a crafted spec.rawSpec value to the addGitSha function, where vulnerable regex and string-manipulation logic exhibits catastrophic backtracking. CVSS 4.0 scores this 7.7 (high availability impact, no integrity/confidentiality impact) and SSVC labels exploitation as POC with automatable=yes, though EPSS remains low at 0.04% (11th percentile). No active exploitation has been reported and no public exploit identified at time of analysis, but the bug is trivially triggerable wherever pacote parses untrusted package specs.

Denial Of Service Pacote Org Webjars Npm
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.0%
CVE-2026-8856 HIGH PATCH This Week

Denial of service in IBM HTTP Server 8.5 and 9.0 allows local attackers with write access to server configuration files to crash or render the web server unavailable. The CVSS vector (AV:L/PR:N) indicates a local attack vector with high integrity and availability impact, and no public exploit has been identified at time of analysis. EPSS exploitation probability is very low at 0.03% (9th percentile), and SSVC scores exploitation as 'none' with partial technical impact, suggesting limited real-world urgency.

Denial Of Service IBM Http Server
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-45082 HIGH PATCH This Week

Server-side request forgery in Karakeep self-hosted bookmark manager versions prior to 0.32.0 allows authenticated users to bypass internal-network protections by chaining attacker-controlled HTTP redirects, reaching Docker-internal services from the crawler and video download flows. Publicly available exploit code exists per SSVC, though EPSS is low at 0.03% and the issue is not in CISA KEV. Fixed in version 0.32.0.

Docker SSRF Karakeep
NVD GitHub VulDB
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-39661 HIGH This Week

Local File Inclusion in Magentech SW Core WordPress plugin (versions through 1.7.18) allows authenticated remote attackers to coerce the application into including arbitrary PHP files via improperly validated filename input. Successful exploitation results in disclosure of sensitive server-side files and potential code execution under the web server context. No public exploit has been identified at time of analysis, and EPSS exploitation probability is low at 0.11%.

PHP Information Disclosure LFI Sw Core
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-48133 HIGH This Week

Unauthenticated information disclosure in Check Point Quantum Security Gateway allows remote attackers to read internal files on the appliance when the Identity Awareness blade is configured with Browser-Based Authentication. The flaw maps to CWE-98 (PHP file inclusion) and carries a CVSS 7.5 with confidentiality-only impact; EPSS is low (0.10%) and there is no public exploit identified at time of analysis, but the unauthenticated network reach against a perimeter gateway makes triage urgent for affected deployments.

PHP Information Disclosure LFI Quantum Security Gateway
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-44847 HIGH PATCH This Week

Authentication bypass in MaxKB (1Panel-dev) versions prior to 2.9.0 allows remote unauthenticated attackers to invoke webhook trigger endpoints and execute their bound tasks. The flaw stems from the WebhookAuth class unconditionally returning a successful authentication tuple, which Django REST Framework interprets as a valid identity, combined with no backend enforcement of per-trigger token requirements. No public exploit identified at time of analysis, but the trivial nature of the bypass and open-source visibility of the patch make exploitation straightforward for any attacker who can enumerate or guess trigger IDs.

Python Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-8620 HIGH PATCH This Week

HTTP request smuggling in IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5 and 9.0 allows remote unauthenticated attackers to send specially crafted requests that desynchronize front-end and back-end HTTP parsing. Successful exploitation enables cache poisoning, security control bypass, and limited disclosure or modification of data passing through the plug-in, with a CVSS 7.5 reflecting a Changed scope and high confidentiality impact. There is no public exploit identified at time of analysis, EPSS is low at 0.05% (15th percentile), and CISA SSVC marks exploitation status as none.

Information Disclosure IBM Request Smuggling Web Server Plug Ins For Websphere Application Server And Websphere Liberty
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-43988 HIGH PATCH This Week

Remote denial of service in Vanetza 26.02 and earlier lets unauthenticated attackers crash the C-ITS protocol stack by sending malformed network packets containing corrupted ASN.1/OER structures, such as invalid length fields or malformed certificate encodings. The ASN.1 wrapper (asn1c_wrapper.cpp) raises a std::runtime_error that is never caught at the parsing boundary, so it propagates to std::terminate and kills the process. No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV; EPSS data was not provided.

Information Disclosure Vanetza
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-48688 HIGH This Week

Out-of-bounds read in FastNetMon Community Edition through 1.2.9 allows remote unauthenticated attackers to leak adjacent process memory by sending crafted BGP UPDATE messages containing malformed MP_REACH_NLRI IPv6 attributes. The flaw resides in decode_mp_reach_ipv6() where attacker-controlled length fields drive memcpy operations without bounds validation, and is acknowledged by an in-source TODO comment by the maintainer. No public exploit identified at time of analysis, EPSS is low (0.03%), and CISA SSVC classifies exploitation as 'none' but 'automatable: yes', meaning weaponization is technically straightforward if a threat actor invests effort.

Information Disclosure Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-44905 HIGH This Week

Denial of service in Vanetza (riebl) versions 26.02 and earlier lets remote unauthenticated attackers crash the V2X message-processing daemon by sending a crafted Secured Message whose signing certificate carries an out-of-range or invalid-CHOICE Psid value. The malformed certificate passes the permissive ASN.1 decode step but trips a semantic constraint check during OER re-encoding inside the signature-verification path, raising an exception that is never caught and forcing std::terminate. There is no public exploit identified at time of analysis and the issue is not in CISA KEV, but the network-reachable, no-authentication, low-complexity profile (CVSS 7.5) makes it a credible availability risk for any node that verifies untrusted V2X traffic.

Information Disclosure Vanetza
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-48901 HIGH This Week

Information disclosure in Joomla! CMS arises because InputFilter::getInstance() builds its instance cache key without including a security-sensitive parameter, allowing a previously cached filter instance to be returned even when a different security posture was requested. Remote unauthenticated attackers can leverage the resulting filter mismatch to retrieve sensitive data (CVSS 7.5, C:H only). No public exploit identified at time of analysis and EPSS is 0.02% (5th percentile), indicating low predicted exploitation in the near term.

Information Disclosure Joomla Cms
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-42497 HIGH PATCH This Week

Arbitrary file modification in the Perl Archive::Tar module before version 3.08 allows a malicious tar archive to create hardlinks pointing outside the extraction directory. Any application or service that extracts attacker-supplied tarballs is affected: because extraction chmods the shared inode of a hardlink, an attacker can alter permissions of sensitive files outside the intended target path. EPSS is very low (0.02%, 5th percentile) and there is no public exploit identified at time of analysis; it is not listed in CISA KEV.

Buffer Overflow Red Hat
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-9538 HIGH PATCH This Week

Memory exhaustion in the Perl Archive::Tar module before version 3.10 lets remote attackers cause a denial of service by supplying a crafted tar archive whose per-entry header declares an arbitrarily large size, which the module trusts and uses to drive allocation before reading. The flaw is unauthenticated and network-reachable (CVSS 7.5, A:H only - no confidentiality or integrity impact) but affects only applications that parse untrusted tarballs with this module. There is no public exploit identified at time of analysis and EPSS is very low (0.02%, 4th percentile); the vendor shipped a fix in 3.10.

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-8850 HIGH PATCH This Week

Denial of service in IBM HTTP Server 8.5 and 9.0 allows remote unauthenticated attackers to crash the web server when the optional mod_ibm_upload module is loaded, triggering a null pointer dereference (CWE-476). No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.02% (4th percentile), though SSVC flags the issue as automatable with partial technical impact. Affected deployments include HTTP Server 8.5 up to Interim Fix 002 and HTTP Server 9.0, with a vendor patch available via IBM support note 7274065.

Denial Of Service Null Pointer Dereference IBM Http Server
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-8854 HIGH PATCH This Week

Denial of service in IBM HTTP Server 8.5 and 9.0 allows remote unauthenticated attackers to crash or degrade the service when the optional mod_mem_cache module is loaded. The flaw carries a CVSS 7.5 (availability-only impact) and has no public exploit identified at time of analysis, though the SSVC framework rates exploitation as automatable. EPSS probability is very low (0.01%, 3rd percentile), suggesting limited near-term exploitation interest.

Denial Of Service IBM Http Server
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-24212 HIGH This Week

Cleartext transmission of sensitive information in NVIDIA Isaac Launchable for Linux (all versions prior to 1.2) exposes credentials or other sensitive data to attackers on the same adjacent network, potentially enabling downstream code execution, privilege escalation, information disclosure, and data tampering. The flaw carries a CVSS 7.5 (High) rating, but exploitation requires adjacent-network access and high attack complexity, and there is no public exploit identified at time of analysis. EPSS is 0.00% and the issue is not on the CISA KEV list.

Information Disclosure Nvidia RCE Isaac Launchable
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-40383 HIGH This Week

Local file inclusion in Joomla! CMS versions 3.2.1 through 5.4.5 and 6.0.0 through 6.1.0 allows authenticated high-privilege attackers to read arbitrary server files via improper validation of the layout parameter in htmlview. The flaw is reported by the Joomla project itself (EUVD-2026-31888) and no public exploit identified at time of analysis, with EPSS scoring 0.00% and CISA SSVC marking exploitation status as none despite total technical impact.

Path Traversal Joomla Cms
NVD VulDB
CVSS 4.0
7.5
EPSS
0.0%
CVE-2026-48048 HIGH PATCH GHSA This Week

Information disclosure in XWiki Platform's LiveTableResults macro allows unauthenticated remote attackers to reconstruct user password hashes and salts one bit at a time by sending approximately 768 crafted requests with manipulated class-per-property parameters. This is a bypass of the prior fix for GHSA-5cf8-vrr8-8hjm, which failed to account for an alternate parameter path. No public exploit is identified at time of analysis, but the technique is fully described in the vendor advisory.

Information Disclosure Atlassian
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-48697 HIGH This Week

Man-in-the-middle interception of telemetry traffic affects FastNetMon Community Edition through version 1.2.9 due to missing TLS certificate validation in outbound HTTPS connections. Network-positioned attackers can intercept, modify, or redirect telemetry data sent to community-stats.fastnetmon.com - including system fingerprints, kernel version, traffic statistics, and configuration details - and potentially serve malicious responses. EPSS is very low (0.01%), and there is no public exploit identified at time of analysis, though a technical write-up by Lorikeet Security details the root cause.

OpenSSL Information Disclosure N A
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-8835 HIGH PATCH This Week

Invalid pointer dereference in IBM HTTP Server 8.5 and 9.0 allows an authenticated privileged user on the Administration Server to expose sensitive information or trigger a denial-of-service condition. The flaw requires adjacent network access and existing low-level privileges, and no public exploit identified at time of analysis. EPSS exploitation probability is negligible (0.01%) and CISA SSVC indicates no observed exploitation.

Denial Of Service IBM Http Server
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-8046 HIGH PATCH This Week

Privilege escalation through unauthorized account deletion in CODESYS Control runtime products (versions below 3.5.22.20 / 4.21.0.0) allows authenticated low-privileged remote users to delete other accounts, including administrators. Reported by CERT@VDE under advisory VDE-2026-056, with no public exploit identified at time of analysis and a low EPSS score of 0.10% (26th percentile), suggesting limited near-term exploitation likelihood despite the vendor-confirmed authorization flaw.

Authentication Bypass Codesys Control Rte Sl Codesys Control Rte For Beckhoff Cx Sl Codesys Control Win Sl Codesys Hmi Sl +12
NVD VulDB
CVSS 4.0
7.2
EPSS
0.1%
CVE-2026-44730 HIGH PATCH GHSA This Week

Privilege escalation in OpenCTI prior to 6.9.7 allows an organization admin to gain elevated platform-wide privileges by adding a higher-privileged user from a different organization into their own organization, exploiting incorrect ACL enforcement on the userEdit relationAdd GraphQL mutation. The flaw yields full platform access and exposure of sensitive intelligence data; no public exploit identified at time of analysis and EPSS is very low (0.04%, 11th percentile), but the vendor-confirmed GHSA advisory and trivial attack complexity make this a meaningful tenancy-isolation issue for multi-organization deployments.

Authentication Bypass Opencti
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-4051 HIGH PATCH This Week

Remote code execution in IBM Engineering Lifecycle Management (ELM) versions 7.0.3 through Interim Fix 021, 7.1.0 through Interim Fix 009, and 7.2.0 through Interim Fix 001 allows an attacker with administrative privileges to execute arbitrary code via an exposed method that is not properly restricted (CWE-749). At time of analysis there is no public exploit identified and EPSS is very low (0.01%), but the SSVC technical impact is rated total, making this a high-impact post-authentication issue against ELM administrators. IBM has published a patch advisory and CVSS is 7.2 (AV:N/AC:L/PR:H/UI:N/C:H/I:H/A:H).

Information Disclosure IBM Engineering Lifecycle Management
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-42012 HIGH PATCH This Week

Improper certificate validation in GnuTLS (CWE-295) lets a remote attacker defeat TLS hostname verification by presenting a certificate that carries URI or SRV Subject Alternative Names, causing GnuTLS to incorrectly fall back to matching the connection's DNS hostname against the certificate's Common Name (CN) and enabling service spoofing or man-in-the-middle interception of sensitive data. The flaw was reported by Red Hat against GnuTLS as shipped in Red Hat Enterprise Linux 6 through 10, OpenShift Container Platform 4, and Red Hat Hardened Images, and carries a CVSS 3.1 base score of 7.1 driven by high integrity impact. No public exploit has been identified at time of analysis and the issue is not listed in CISA KEV; exploitation requires the victim to initiate a connection to attacker-controlled infrastructure (UI:R).

Information Disclosure Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +3
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-41401 HIGH PATCH This Week

Heap use-after-free write in libyang before 5.2.6 enables remote authenticated attackers to crash processes or potentially execute code by submitting crafted YANG XML documents to applications using the library for parsing. The flaw resides in lyd_parser_set_data_flags, which mishandles metadata list pointers when freeing non-head default metadata entries. No public exploit identified at time of analysis, EPSS is low at 0.03%, and SSVC rates technical impact as partial with no automatable exploitation.

Use After Free Memory Corruption RCE Libyang
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-3603 HIGH PATCH This Week

XML External Entity (XXE) injection in IBM Engineering Lifecycle Management (ELM) 7.0.3, 7.1.0, and 7.2.0 allows authenticated attackers to disclose sensitive information or exhaust memory resources by submitting crafted XML data to the application. The flaw carries a CVSS 7.1 (High) rating with low attack complexity over the network, but EPSS is only 0.02% (5th percentile) and there is no public exploit identified at time of analysis. SSVC classifies exploitation as 'none' with partial technical impact, indicating low immediate urgency despite the vendor-released patch.

XXE IBM Engineering Lifecycle Management
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-24196 HIGH PATCH This Week

Out-of-bounds read in NVIDIA Display Driver for Linux (GeForce, RTX/Quadro/NVS, Tesla, and vGPU Guest drivers) allows a locally authenticated user to trigger denial of service and information disclosure. The flaw carries a CVSS 3.1 score of 7.1 (AV:L/AC:L/PR:L), and per CISA SSVC there is no public exploit identified at time of analysis (Exploitation: none), with EPSS at 0.01% indicating negligible near-term exploitation likelihood. NVIDIA has published fixed driver versions across all affected branches in advisory ID 5821.

Denial Of Service Information Disclosure Nvidia Buffer Overflow
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-48690 HIGH This Week

Heap corruption in FastNetMon Community Edition through 1.2.9 allows authenticated local users to trigger an integer overflow in the packet capture buffer allocation routine, resulting in undersized allocations followed by out-of-bounds heap writes during packet storage. The flaw stems from 32-bit unsigned arithmetic in allocate_buffer() in src/packet_storage.hpp, where a sufficiently large ban_details_records_count configuration value causes the memory size calculation to wrap. No public exploit identified at time of analysis and EPSS exploitation probability is negligible at 0.01%.

Heap Overflow Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-14361 HIGH This Week

Missing authorization in the AA-Team Woocommerce Envato Affiliates WordPress plugin (versions up to and including 1.2.1) lets a low-privileged authenticated user invoke functionality that is not properly gated by access-control checks, most likely modifying plugin settings as indicated by the Patchstack advisory slug. Because the action carries a high integrity impact, an attacker holding even a basic account can tamper with configuration that should be reserved for administrators. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-8606 HIGH This Week

Server-Side Request Forgery in GitHub Enterprise Server lets an attacker coerce the appliance into issuing HTTP requests to internal services through the security advisories package-lookup feature, then use response-timing differences as an oracle to infer sensitive environment variables such as signing secrets and private keys. All versions prior to 3.21.1 are affected, and exploitation is unauthenticated on instances not running in private mode (GitHub Packages must be enabled), or available to any authenticated user otherwise. No public exploit identified at time of analysis; the issue was reported through the GitHub Bug Bounty program and carries a CVSS 4.0 base score of 7.0.

SSRF Enterprise Server
NVD GitHub VulDB
CVSS 4.0
7.0
EPSS
0.1%
CVE-2026-42462 HIGH PATCH GHSA This Week

Linked Data Signature forgery in Fedify (the @fedify/fedify ActivityPub server framework) before 2.2.3 lets remote unauthenticated attackers reshape a third-party-signed activity so it is interpreted differently while its signature still verifies. Because the signature covers the canonical RDF graph rather than the JSON-LD serialization, an attacker who has received a signed activity can use JSON-LD keywords (@graph, @reverse, @included) or context-alias tricks to promote, hide, or rewrite fields and have the forged result accepted as authentic. There is no public exploit identified at time of analysis and the issue is not in CISA KEV, but the GitHub Security Advisory documents the exact restructuring techniques in detail.

RCE Canonical
NVD GitHub
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-24200 HIGH This Week

Local privilege escalation and code execution in NVIDIA Virtual GPU Manager arises from a use-after-free on stack memory within the vGPU hypervisor component. Authenticated local attackers on the host or guest side of an affected vGPU deployment (vGPU branches 16.x through 20.x) can trigger memory corruption that may yield DoS, info disclosure, data tampering, or arbitrary code execution. No public exploit identified at time of analysis and EPSS is 0.01%, but SSVC rates technical impact as total.

Nvidia Memory Corruption RCE Information Disclosure Use After Free +2
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-46284 HIGH PATCH This Week

Local privilege escalation in Apple macOS allows a malicious or compromised application to win a race condition (CWE-362) and elevate from a normal user context to root. The flaw affects macOS releases prior to Sequoia 15.7 and Tahoe 26, was reported by Apple itself, and is resolved by additional validation in the patched builds. No public exploit has been identified at time of analysis, and the CVSS 7.0 rating reflects high attack complexity tied to reliably hitting the timing window.

Race Condition Apple Information Disclosure
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-43947 HIGH PATCH GHSA This Week

Unauthenticated remote code execution in FUXA 1.3.0 (the fuxa-server npm package) lets any network-reachable attacker run arbitrary OS commands on the SCADA/HMI host when secureEnabled is true. The POST /api/runscript endpoint authorizes a request against a stored script's permission, but with test:true it instead compiles and runs attacker-supplied code via Node's Module._compile, so a guest who knows a valid script ID and name (leaked via the unauthenticated GET /api/project endpoint) can execute code with full Node runtime access. Publicly available exploit code exists in the vendor advisory; no CVSS, EPSS, or CISA KEV data is provided.

RCE Information Disclosure Node.js Authentication Bypass
NVD GitHub
EPSS
0.6%
CVE-2026-43946 HIGH PATCH GHSA This Week

Unauthenticated disclosure of arbitrary industrial tag values in FUXA 1.3.0 lets remote actors read live process data through the /api/getTagValue endpoint. Per the vendor advisory (GHSA-fwcm-rqvw-j3p7), the API mints a signed 'guest' identity when no API key or access token is supplied, and the per-script authorization check fails open when the referenced sourceScriptName points to a non-existent script, so the guest request is treated as authorized. No CISA KEV listing and no weaponized public exploit code were identified, though the advisory documents the exact vulnerable code paths; the flaw is fixed in v1.3.1.

Authentication Bypass
NVD GitHub
EPSS
0.1%
CVE-2026-43945 HIGH PATCH GHSA This Week

Pre-authentication remote code execution affects FUXA, an open-source web-based SCADA/HMI platform, in versions >= 1.2.11 and < 1.3.1 (the advisory references build v1.3.0-2706). The flaw is a path-confusion authentication bypass: the login middleware performs a substring match against the full request URL (including the query string), so appending a benign-looking parameter such as ?x=/socket.io to any administrative request causes the server to treat it as a public WebSocket handshake and skip the secureEnabled and nodeRedAuthMode checks entirely. When Node-RED is enabled with command-capable nodes, this reaches the /nodered/* admin interface and yields code execution in the container context (advisory states 'as root'). The GitHub Security Advisory (GHSA-p69w-mmfv-xrfj) discloses the exact bypass payload, so publicly available exploit details exist; there is no CISA KEV listing and no public report of active exploitation at time of analysis.

RCE Code Injection
NVD GitHub
EPSS
0.7%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy