Active exploitation hits Cisco SD-WAN as critical auth-bypass and RCE flaws surge
Executive Summary
Overview
This week's monitoring covered 1968 vulnerabilities, including 406 critical and 845 high-severity findings, with 861 critical and high-severity issues remaining unpatched. One vulnerability is confirmed on CISA's Known Exploited Vulnerabilities catalog (CVE-2026-20262, a Cisco Catalyst SD-WAN Manager path-traversal file write with no identified vendor patch), and 99 findings have public proof-of-concept or exploit code available. The top findings are dominated by critical authentication bypasses and remote code execution flaws—including WP Maps Pro, Discuz! X5.0, Network-AI, and LobeHub—several of which lack a vendor-released patch.
Critical Threats
- CVE-2026-20262 (MEDIUM, CVSS 6.5) — Cisco Catalyst SD-WAN Manager arbitrary file write via path traversal. Confirmed actively exploited (CISA KEV); no vendor-released patch identified. Authenticated low-privileged attackers can create or overwrite any file on the underlying operating system via crafted HTTP requests to affected API endpoints.
- CVE-2026-8935 (CRITICAL, CVSS 9.8) — WordPress WP Maps Pro plugin unauthenticated administrator account creation before version 6.1.1; a valid nonce publicly emitted on any frontend page allows creation of an admin account and retrieval of a magic-login URL. Public exploit code available; vendor-released patch: 6.1.1.
- CVE-2026-49952 (CRITICAL, CVSS 9.3) — Discuz! X5.0 authentication bypass (releases 20260320 through 20260501) allows unauthenticated remote attackers to access database backup and restore functionality via a shared cryptographic key flaw. Public exploit code available; upstream fix available (PR/commit).
- CVE-2026-48814 (CRITICAL, CVSS 9.1) — Authentication bypass in Network-AI versions 5.7.1 and earlier allows unauthenticated remote attackers to invoke all 22 MCP tools on the SSE server because the default secret is empty and
_isAuthorized()returns true when no secret is configured. Public exploit code available; no vendor-released patch identified. - CVE-2026-54157 (CRITICAL, CVSS 9.0) — Unauthenticated server-side request forgery in LobeHub's
/webapi/proxyendpoint (versions <= 2.1.56) allows remote attackers to proxy arbitrary HTTP requests through LobeHub's infrastructure and inject attacker-controlledSet-Cookieheaders onto thelobehub.comdomain. Public exploit code available. - CVE-2025-66391 (HIGH, CVSS 8.8) — Citrix Cloud privilege abuse allowing a read-only account to trigger write operation workflows, including sending a one-time password to an attacker-controlled email address during password reset attempts. Public exploit code available; no vendor-released patch identified.
- CVE-2026-49954 (HIGH, CVSS 8.6) — Authenticated remote code execution in Discuz! X5.0 (versions 20260320 through 20260501) via chained path traversal and file upload in the plugin import routine. Public exploit code available; no vendor-released patch identified.
- CVE-2025-71326 (HIGH, CVSS 8.5) — Local privilege escalation in Avast Antivirus 25.11 allows non-privileged Windows users to execute arbitrary code as SYSTEM via an unquoted service path in the SecureLine service. Public exploit code available; no vendor-released patch identified.
Threat Landscape
Most-affected vendors: Oracle (251), WordPress (115), Suse (76), Red Hat (75), Microsoft (68).
Most common attack techniques: Authentication Bypass (544), Information Disclosure (458), Denial Of Service (185), XSS (184), Buffer Overflow (156).
Patch coverage: 800 of 1968 CVEs have a patch; 861 Critical/High remain unpatched.
Key Trends
- Volume is 16% up week-over-week (1691 → 1968 CVEs).
- 1 CVE is in CISA's KEV catalog.
- 99 CVEs have public exploit code.
Top 8 Priority CVEs
Arbitrary file write via path traversal in Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) allows an authenticated low-privileged attacker to create or overwrite any file on the underlying operating system by sending crafted HTTP requests to affected API endpoints. The vulnerability stems from insufficient validation of user-supplied input during the file upload process (CWE-22), and a successful exploit can serve as a reliable stepping stone to root-level privilege escalation on the management host. No public exploit has been identified at time of analysis, and the vulnerability is not currently listed in CISA KEV; however, the integrity impact combined with root escalation potential elevates real-world risk above the CVSS 6.5 Medium baseline.
The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given a valid nonce that is publicly emitted on any frontend page enqueuing its map script, unconditionally creates an administrator account and returns a magic-login URL granting interactive admin access.
Authentication bypass in Discuz! X5.0 releases 20260320 through 20260501 allows unauthenticated remote attackers to access database backup and restore functionality exposed by dbbak.php. The flaw stems from a shared cryptographic key (CWE-323) between UCenter integration and the backup API, which lets an attacker abuse an encryption oracle in logging_ctl::logging_more() to mint legitimately signed authorization tokens, and chain a race condition to impersonate arbitrary users. Publicly available exploit code exists and an upstream fix has been published on Gitee.
Authentication bypass in Network-AI versions 5.7.1 and earlier allows unauthenticated remote attackers to invoke all 22 MCP tools on the SSE server because the default secret is empty and `_isAuthorized()` returns true when no secret is configured. Despite the partial fix for CVE-2026-46701 in 5.4.5 (which restricted CORS to localhost origins), any non-browser caller - curl, SSRF, or a service exposed via a 0.0.0.0 bind - can still call privileged operations like `config_set`, `agent_spawn`, `blackboard_write`, and token management with zero credentials. No public exploit identified at time of analysis, but the GHSA advisory includes annotated source-code locations that effectively serve as a roadmap for exploitation.
Unauthenticated server-side request forgery in LobeHub's `/webapi/proxy` endpoint (versions <= 2.1.56) allows any remote attacker to proxy arbitrary HTTP requests through LobeHub's infrastructure and inject attacker-controlled `Set-Cookie` headers onto the `lobehub.com` domain. The flaw stems from the route handler omitting the `checkAuth()` wrapper that protects every other webapi route, enabling SSRF, infrastructure reconnaissance against Vercel internals, and a CSRF-to-session-fixation chain against Clerk auth cookies. Publicly available exploit code exists (working curl PoCs and a CSRF HTML PoC are included in the GitHub Security Advisory GHSA-xmwj-c75x-6346); no public exploit identified at time of analysis in CISA KEV.
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write operations, e.g., the system will send a one-time password to an attacker-controlled email address when the attacker attempts to reset the password of a user account.
Authenticated remote code execution in Discuz! X5.0 releases 20260320 through 20260501 allows administrators to chain a path traversal flaw in the plugin import routine with file upload functionality to run arbitrary PHP as the web server user. Publicly available exploit code exists (published by Karma Insecurity / VulnCheck) demonstrating a race-condition-assisted bypass of sanitization, but the issue is not listed in CISA KEV and no public EPSS signal was provided. The high PR:H requirement limits attackers to those already holding administrator credentials or able to obtain them.
Local privilege escalation in Avast Antivirus 25.11 allows non-privileged Windows users to execute arbitrary code as SYSTEM by abusing an unquoted service path in the SecureLine service. Publicly available exploit code exists (Exploit-DB 52510), and the issue was reported by VulnCheck; no public exploit identified at time of analysis indicates wider active exploitation, but the low-complexity local vector makes this attractive for post-compromise escalation.