Super Magic

A critical vulnerability (CVSS 9.8) has been discovered in Super Magic's product that can be exploited remotely without authentication or user interaction, allowing attackers to compromise confidentiality, integrity, and availability of affected systems. The attack requires only network access and low complexity, making it highly dangerous and likely to be weaponized quickly once disclosed. Security teams should immediately identify and patch all Super Magic installations, monitor for exploitation attempts, and isolate affected systems until patches are available by the January 9, 2026 deadline.