Skip to main content
CVE-2026-8037 CRITICAL POC Act Now

Unauthenticated OS command injection in the API of Progress ADC products - LoadMaster, ECS Connections Manager, Object Scale Connection Manager, and MOVEit WAF - allows remote attackers to execute arbitrary commands on the appliance by supplying unsanitized input to multiple command endpoints. The flaw carries a CVSS of 9.8 (pre-auth, network-reachable) and publicly available exploit code exists (a GitHub PoC and watchTowr Labs write-up), though EPSS remains low at 0.30% and CISA SSVC currently rates exploitation status as 'none'. Fixed builds (7.2.63.2 and 7.2.54.18) are available from Progress.

RCE Command Injection Loadmaster Ecs Connections Manager Object Scale Connection Manager +1
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2019-25741 CRITICAL POC Act Now

Mobatek MobaXterm 12.1 contains a structured exception handling (SEH) based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Mobatek Mobaxterm
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2019-25727 CRITICAL POC Act Now

WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal WordPress
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2019-25738 CRITICAL POC Act Now

WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hc_ajax_save_option. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass WordPress
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2019-25729 CRITICAL POC Act Now

PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF PHP
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2025-71316 CRITICAL POC PATCH Act Now

Arbitrary DLL loading in SQLite's sqldiff.exe utility on Windows allows attackers to achieve code execution by abusing the Microsoft C runtime's Unicode-to-ANSI Best-Fit character conversion. Specially crafted Unicode characters in command-line arguments can be transformed into ASCII characters that sqldiff then parses as the '-L' option, loading an attacker-supplied DLL. Publicly available exploit research (Blackhat EU 2024 'WorstFit' presentation) demonstrates the technique, though no public exploit identified targeting sqldiff specifically and it is not listed in CISA KEV.

Microsoft RCE
NVD
CVSS 4.0
9.2
EPSS
0.0%
CVE-2026-48567 CRITICAL PATCH NEWS NO ACTION HOSTED Monitor

Privilege elevation in Microsoft Azure HorizonDB allows remote unauthenticated attackers to bypass authentication via identity spoofing and gain elevated access across trust boundaries. The CVSS 10.0 score reflects network-reachable exploitation with no privileges or user interaction required, and a scope change indicating impact beyond the initially vulnerable component. No public exploit identified at time of analysis, but a Microsoft-issued patch is available via MSRC.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-48579 CRITICAL PATCH NEWS NO ACTION HOSTED Monitor

Information disclosure in Microsoft Exchange Online allows remote unauthenticated attackers to access sensitive data due to improper authorization enforcement (CWE-285). The flaw carries a CVSS 9.1 score reflecting network-reachable exploitation without privileges or user interaction, though no public exploit identified at time of analysis. Microsoft has issued a fix through its cloud service, and the CVSS vector indicates high confidentiality and integrity impact despite the description focusing on disclosure.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-49185 CRITICAL Act Now

Unauthenticated remote command injection in Acer Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019) allows attackers to inject OS commands via the FieldX MDM adb messaging topic, which forwards unverified payloads to Runtime.exec(). The CVSS 4.0 score of 10.0 with network attack vector and no authentication required indicates a critical, trivially exploitable flaw; no public exploit identified at time of analysis but the simplicity of the bug pattern makes weaponization straightforward.

Command Injection Connect M6E 5G Portable Wifi Router
NVD VulDB
CVSS 4.0
10.0
EPSS
0.0%
CVE-2026-43986 CRITICAL PATCH Act Now

Unauthenticated server-side request forgery in Tautulli versions prior to 2.17.1 allows remote attackers to coerce the Tautulli or Plex Media Server host into fetching arbitrary attacker-chosen URLs via the public `/image/<hash>` route. A low-privilege guest first seeds a malicious external URL into the `image_hash_lookup` table, after which any unauthenticated external user can trigger the SSRF by requesting the resulting hash. No public exploit identified at time of analysis, but the GitHub Security Advisory GHSA-m6j6-rc2c-8vpm and a vendor patch in v2.17.1 confirm the issue.

Python SSRF
NVD GitHub VulDB
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-35905 CRITICAL Act Now

Hardcoded root credentials in T3 Technology CPE devices (models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03) allow remote unauthenticated attackers to gain full root-level control via the built-in 'superadmin' account. The CVSS 9.8 rating reflects network-reachable, no-interaction exploitation with total impact to confidentiality, integrity, and availability, and SSVC marks the issue as automatable with total technical impact. No public exploit identified at time of analysis, and EPSS remains very low (0.02%) despite the severity, suggesting limited current scanning activity.

Authentication Bypass N A
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-36182 CRITICAL Act Now

Weak password hashing on the GNCC GP5 IP camera (firmware v7.1.76) allows attackers who obtain the password hash to recover the root credential via offline brute-force, yielding full device takeover. The CVSS 9.8 score reflects network-reachable impact, but real-world exploitation first requires extracting the hash from the device; no public exploit identified at time of analysis and EPSS is very low at 0.02%.

Information Disclosure N A
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-35904 CRITICAL Act Now

Unauthenticated Telnet service activation in T3 Technology CPE devices (models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03) allows remote attackers to enable Telnet by sending a crafted request to a vulnerable CGI component in the web management interface. SSVC scores the technical impact as total with automatable exploitation and a public proof-of-concept available, although EPSS remains low at 0.02% and the CVE is not currently listed in CISA KEV.

Authentication Bypass N A
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-10880 CRITICAL PATCH Act Now

Authentication bypass via SQL injection in OSNexus QuantaStor SDS Manager allows unauthenticated remote attackers to log in as administrator by injecting crafted input into the login endpoint's username field. The flaw carries a CVSS 9.8 rating and grants full administrative control over the storage management plane without any valid credentials. No public exploit identified at time of analysis, though the vulnerability was disclosed by researchers at Black Lantern Security (BLSOPS).

SQLi Quantastor
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-4104 CRITICAL Act Now

SQL injection in Akmer Informatics TeknoPass versions 20210501 through 20260429 allows remote unauthenticated attackers to bypass authorization by manipulating a user-controlled SQL primary key. With a CVSS 9.8 score and full CIA impact under network-reachable, low-complexity conditions, successful exploitation can yield database compromise and authorization bypass. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

SQLi
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-67447 CRITICAL Act Now

OS command injection in the Neterbit NW-431F Router (firmware 20241014-IR03 and earlier) allows remote unauthenticated attackers to execute arbitrary commands via the ping diagnostic module's IP address field. With a CVSS of 9.8 and a low-complexity network attack vector, exploitation runs with web-server privileges and no public exploit has been identified at time of analysis, though a researcher-published reference on GitHub may contain technical details.

Command Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-67446 CRITICAL Act Now

Authentication bypass in Neterbit NW-431F routers running firmware 20241014-IR03 and earlier allows remote unauthenticated attackers to gain administrative access by simply setting a session cookie value to a predictable string such as 'admin'. The CVSS 9.8 rating reflects trivial network exploitability with full confidentiality, integrity, and availability impact, and a public proof-of-concept exists in the referenced GitHub repository, though the issue is not currently listed in CISA KEV.

Authentication Bypass Session Fixation
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-10886 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows remote attackers to exploit a use-after-free condition in the FileSystem component via a crafted HTML page, with user interaction required. Google has rated the underlying Chromium issue as Critical severity, and a vendor patch is available; no public exploit identified at time of analysis, though the high CVSS score (9.6) and scope-changed impact warrant rapid patching.

Denial Of Service Use After Free Memory Corruption Google Red Hat +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-10881 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 149.0.7827.53 allows a remote attacker to trigger an out-of-bounds read and write via a crafted HTML page, with a CVSS 9.6 reflecting scope change and high impact across confidentiality, integrity, and availability. The flaw was rated Critical internally by Chromium and reported by Google's own CVE admin team; no public exploit identified at time of analysis, and CISA SSVC currently lists exploitation status as none.

Information Disclosure Google Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-11213 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that abuses Reading Mode's insufficient input validation. The CVSS 9.6 rating reflects the scope-changing impact (S:C) when chained from a renderer compromise, though EPSS is very low (0.05%) and no public exploit identified at time of analysis. Chromium rates the underlying issue Medium severity, reflecting that prior renderer compromise is a prerequisite.

Information Disclosure Google Red Hat Suse Chrome
NVD
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11207 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows remote attackers to break out of the browser's renderer sandbox by sending malicious network traffic processed by the Autofill component. The flaw is rated CVSS 9.6 due to scope change and high impact across confidentiality, integrity, and availability, though Chromium itself assigns it Medium severity and EPSS exploitation probability is currently very low (0.05%). No public exploit identified at time of analysis, but a vendor-released patch is available.

Information Disclosure Google Red Hat Suse Chrome
NVD
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11198 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker to break out of the browser's renderer sandbox by serving a crafted video file processed by Chrome's media codec stack. The flaw stems from insufficient validation of untrusted input in the Codecs component and requires the victim to load attacker-controlled video content, but successful exploitation yields cross-origin impact (Scope: Changed) with high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis and EPSS exploitation probability is low (0.05%, 15th percentile), though the 9.6 CVSS rating and sandbox-escape primitive make this a high-priority browser patch.

Information Disclosure Google Red Hat Suse Chrome
NVD
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11146 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's Chromoting component prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw stems from insufficient input validation (CWE-20) and carries a CVSS 9.6 due to scope change, though Chromium itself rated the severity Medium and EPSS shows only 0.05% exploitation probability with no public exploit identified at time of analysis.

Information Disclosure Google Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11120 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's Enterprise Reporting component prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw stems from insufficient input validation (CWE-20) and carries a CVSS 9.6 due to scope change, though no public exploit is identified at time of analysis and EPSS sits at 0.05% (15th percentile).

Information Disclosure Google Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11119 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that abuses an inappropriate implementation in the GPU component. The flaw requires user interaction (visiting a malicious page) and presupposes a prior renderer compromise, but a successful chain yields full sandbox escape on the mobile platform. No public exploit identified at time of analysis, and EPSS exploitation probability is very low (0.05%, 15th percentile).

Information Disclosure Google Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11113 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's ANGLE graphics layer (versions prior to 149.0.7827.53) allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The CVSS 9.6 score reflects the scope-changing impact (S:C) from renderer to host context, though Chromium itself rates this Medium severity and no public exploit identified at time of analysis. EPSS is very low at 0.05%, suggesting limited near-term mass exploitation despite the high CVSS.

Information Disclosure Google Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11112 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Linux versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the Chromium sandbox via a crafted Chrome Extension targeting the Chromoting (Chrome Remote Desktop) component. The flaw is rated CVSS 9.6 due to scope change and full CIA impact, though EPSS exploitation probability is very low (0.05%, 15th percentile) and no public exploit identified at time of analysis. Google has shipped a patch in the stable channel update for desktop.

Information Disclosure Google Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11095 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page processed by the codec subsystem. The flaw requires user interaction (visiting a malicious page) and a prior renderer compromise, but if chained successfully it enables full code execution on the host with a scope change. No public exploit identified at time of analysis and EPSS probability is very low (0.05%), but the 9.6 CVSS reflects the high impact of a successful sandbox escape.

Information Disclosure Google Red Hat Suse Chrome
NVD
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11070 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer/network process to break out of the browser sandbox via crafted Chromoting (Chrome Remote Desktop) network traffic. The flaw is rated CVSS 9.6 due to the scope change from sandboxed process to host, though Google classifies the Chromium severity as Medium. EPSS is very low (0.05%) and no public exploit identified at time of analysis, but a vendor patch is available.

Information Disclosure Google Microsoft Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11066 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome prior to 149.0.7827.53 allows remote attackers to break out of the renderer sandbox via a crafted HTML page that exploits insufficient input validation in the ANGLE graphics layer. The flaw requires the victim to visit attacker-controlled content (UI:R) but no authentication, and the scope-changing CVSS 9.6 reflects the impact of escaping browser process isolation. EPSS is very low (0.05%, 15th percentile) and there is no public exploit identified at time of analysis.

Information Disclosure Google Red Hat Suse Chrome
NVD
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11056 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the Site Isolation sandbox via a crafted HTML page. The flaw stems from insufficient validation of untrusted input in the Site Isolation component (CWE-20) and is rated CVSS 9.6 due to scope change, though Chromium itself classifies the underlying severity as Medium. No public exploit has been identified at time of analysis and EPSS is very low (0.05%, 15th percentile), but the chained-exploit potential makes it a meaningful browser-security risk.

Information Disclosure Google Microsoft Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11047 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw resides in the Base component and is rated Medium severity by Chromium despite the CVSS 9.6 score, reflecting the prerequisite of a prior renderer compromise. No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.05%.

Information Disclosure Google Microsoft Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11029 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Android before 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page exploiting the Drag and Drop component. The flaw carries a CVSS 9.6 due to scope change, but no public exploit identified at time of analysis and EPSS is very low (0.05%, 15th percentile), indicating limited near-term exploitation likelihood. Google rates the underlying Chromium severity as Medium despite the high CVSS.

Information Disclosure Google Red Hat Suse
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11021 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that exploits insufficient input validation in the GPU component. The CVSS 9.6 score reflects the scope change from renderer to host, but real-world exploitation requires chaining with a separate renderer compromise and user interaction. EPSS is low at 0.05% and no public exploit is identified at time of analysis.

Information Disclosure Google Microsoft Chrome Red Hat +1
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-10983 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's Dawn component (versions prior to 149.0.7827.53) allows remote attackers to break out of the renderer sandbox via a crafted HTML page when a user visits a malicious site. Google Chromium rates the severity as High and a fix has shipped in the stable channel; no public exploit identified at time of analysis and EPSS exploitation probability is currently very low (0.05%).

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-10974 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 149.0.7827.53 allows a remote attacker to break out of the renderer sandbox via a crafted HTML page when a victim visits a malicious site. The flaw is rated CVSS 9.6 due to scope change (S:C) and full CIA impact, though EPSS estimates only a 0.05% near-term exploitation probability and no public exploit has been identified at time of analysis.

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-10971 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page abusing the Printing component. Chromium rates the issue High severity and a vendor patch is available, though no public exploit has been identified at time of analysis and EPSS remains very low at 0.05%.

Information Disclosure Google Microsoft Red Hat Suse +1
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-10966 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows remote attackers to break out of the renderer process sandbox by delivering a crafted video file processed by the browser's codec implementation. The CVSS 9.6 score reflects a scope-changing impact across confidentiality, integrity, and availability, though exploitation requires user interaction such as visiting a malicious page. No public exploit identified at time of analysis, and EPSS exploitation probability remains low at 0.05%.

Information Disclosure Google Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11063 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows before 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that abuses the WebNN (Web Neural Network) API. The flaw stems from insufficient validation of untrusted input (CWE-20) reaching the WebNN component, and exploitation requires user interaction (visiting an attacker-controlled page) plus a prior renderer-compromise primitive. There is no public exploit identified at time of analysis, and the EPSS probability is very low (0.04%).

Information Disclosure Google Microsoft Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11163 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows remote attackers to break out of the browser's renderer sandbox via a use-after-free in the Messages component triggered by a crafted HTML page. The CVSS vector indicates a scope-changing impact requiring only user interaction (visiting a malicious page), and a vendor patch is available. No public exploit identified at time of analysis and EPSS is low (0.03%), but the sandbox-escape primitive makes this a high-priority browser update.

Denial Of Service Use After Free Memory Corruption Google Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11152 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's Dawn (WebGPU) component prior to version 149.0.7827.53 allows a remote attacker to break out of the renderer sandbox by luring a user to a crafted HTML page. The flaw is a use-after-free (CWE-416) object lifecycle bug; no public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.03% (11th percentile). Google rates the underlying Chromium severity as Medium, but the CVSS 3.1 score of 9.6 reflects the scope change inherent to a sandbox escape.

Information Disclosure Use After Free Memory Corruption Google Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11131 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Android versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free bug in the Autofill component. Exploitation requires a victim to load a crafted HTML page and the attacker to already control the renderer, making this a second-stage primitive rather than a single-shot RCE. No public exploit identified at time of analysis and EPSS is very low (0.03%, 11th percentile), but the high CVSS reflects the impact of full sandbox escape on a mobile platform.

Denial Of Service Use After Free Memory Corruption Google Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11114 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on macOS prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a use-after-free in the Device Trust component. The flaw carries a CVSS 9.6 due to scope change and full CIA impact, though Chromium rates the underlying severity as Medium and EPSS is very low (0.03%, 11th percentile); no public exploit identified at time of analysis.

Denial Of Service Use After Free Memory Corruption Google Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11100 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on macOS prior to 149.0.7827.53 allows remote attackers to break out of the renderer sandbox via a use-after-free in the File Input component when a victim is lured to perform specific UI gestures on a crafted HTML page. Although Google classified the upstream severity as Medium, the CVSS 3.1 score of 9.6 reflects the scope-change impact of sandbox escape; no public exploit identified at time of analysis and EPSS is very low at 0.03%.

Denial Of Service Use After Free Memory Corruption Google Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11094 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the Codecs component triggered by a crafted HTML page. The flaw requires user interaction (visiting a malicious page) and chains with a prior renderer compromise; no public exploit identified at time of analysis and EPSS exploitation probability is very low (0.03%, 11th percentile).

Google Memory Corruption Use After Free Microsoft Denial Of Service +1
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11088 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page. The flaw stems from an integer overflow (CWE-472) in ANGLE and requires user interaction (visiting a malicious page) plus a prior renderer compromise to chain into full sandbox escape. No public exploit identified at time of analysis, and EPSS is very low (0.03%), but Google rates the underlying issue as Medium severity within Chromium.

Google Buffer Overflow Red Hat Suse Chrome
NVD
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11082 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a race condition in the GPU process triggered by a crafted HTML page. The flaw is a use-after-free (CWE-416) reachable through normal web content rendering, and while no public exploit is identified at time of analysis, the EPSS percentile of 11% suggests low near-term opportunistic exploitation likelihood.

Information Disclosure Use After Free Memory Corruption Google Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11065 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome versions prior to 149.0.7827.53 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page targeting a use-after-free in the ANGLE graphics layer. The flaw requires user interaction (visiting a malicious page) and changes scope, yielding high confidentiality, integrity, and availability impact on the host. No public exploit identified at time of analysis and EPSS probability is very low (0.03%, 11th percentile), but a vendor patch is available.

Denial Of Service Use After Free Memory Corruption Google Red Hat +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11061 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome versions prior to 149.0.7827.53 stems from a type confusion bug in the ANGLE graphics translation layer that a remote attacker can trigger via a crafted HTML page. Despite a CVSS of 9.6 and a vendor-released patch, EPSS is only 0.03% and no public exploit identified at time of analysis, though Chromium-rated Medium browser bugs are routinely targeted once details are public.

Information Disclosure Google Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11052 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that triggers a type confusion in the GPU process. The CVSS score of 9.6 reflects the scope-changing nature of escaping the sandbox boundary, though exploitation requires user interaction (visiting a malicious page) and a pre-existing renderer compromise. No public exploit identified at time of analysis, and EPSS is low at 0.03%.

Microsoft Information Disclosure Google Memory Corruption Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy