CVE-2026-42558

📝 A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

📅 Published: 03/12/2025

📈 CVSS: 10

🛡️ CISA KEV: True

🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

📣 Mentions: 908

⚠️ Priority: 1+

📝 Analysis: A critical pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0, specifically in packages react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerability stems from unsafely deserializing HTTP request payloads. This is a confirmed exploited issue, designated as priority 1+.

📝 Windows Event Tracing Elevation of Privilege Vulnerability

📅 Published: 08/07/2025

📈 CVSS: 7.8

🧭 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

📣 Mentions: 1

⚠️ Priority: 2

📝 Analysis: A Windows Event Tracing privilege escalation vulnerability has been identified (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C). No known in-the-wild activity reported, but the high CVSS score indicates its potential severity. Given the low Exploitability Score, this is a priority 2 vulnerability, requiring attention due to the high impact on confidentiality, integrity, and availability.

📝 Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0 before 11.2.12, from 11.3.0 before 11.3.10.

📅 Published: 20/05/2026

📈 CVSS: 6.5

🛡️ CISA KEV: True

🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

📣 Mentions: 7

⚠️ Priority: 1+

📝 Analysis: SQL Injection vulnerability in Drupal core (8.9.0 - 11.3.10) allows SQL injection. No exploits detected, but given a CVSS score of 6.5 and the potential impact on confidentiality and integrity, this is a priority 2 issue. Verify affected versions before updating.

📝 Microsoft Defender Elevation of Privilege Vulnerability

📅 Published: 20/05/2026

📈 CVSS: 7.8

🛡️ CISA KEV: True

🧭 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

📣 Mentions: 9

⚠️ Priority: 1+

📝 Analysis: A Microsoft Defender Elevation of Privilege vulnerability has been identified (CVSS 7.8). Attackers can leverage this remotely for high impact on confidentiality, integrity, and availability. CISA KEV is yet to be assigned, but the prioritization score is 1+ due to confirmed exploitation in the wild.

📝 LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE cpanel jsonapi func=redisAble /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null in Bash. If you get no output, you have not been hit with exploitation of the vulnerability. If there is output, we recommend you examine the IP addresses in the list, determine if they are valid IP addresses, and if not, block them. To determine damage done, examine the system logs for use by the detected IP addresses. The issue is related to mishandling of Redis enable/disable features. The recommended minimum version is 2.4.7.

📅 Published: 21/05/2026

📈 CVSS: 10

🛡️ CISA KEV: True

🧭 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

📣 Mentions: 14

⚠️ Priority: 1+

📝 Analysis: A privilege escalation vulnerability in LiteSpeed User-End cPanel Plugin (affecting versions before 2.4.5) has been exploited in the wild since May 2026. The issue involves mishandling of Redis enable/disable features and can potentially lead to root access. Exploitation detection is possible via command line: grep -rE "cpanel jsonapi func=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null in Bash. If output is found, IP addresses should be examined and potentially blocked, while system logs should be checked for any damage. The recommended minimum version is 2.4.7. This is a priority 2 vulnerability due to high CVSS score but low EPSS.

📝 n/a

📈 CVSS: 0

🧭 Vector: n/a

⚠️ Priority: n/a

📝 Analysis: A buffer overflow vulnerability in a critical library can lead to arbitrary code execution on affected systems, with no known exploits in the wild yet. This is currently a priority 2 issue due to high CVSS score and potential for severe impact if exploited.

📝 Microsoft Office Security Feature Bypass Vulnerability

📅 Published: 26/01/2026

📈 CVSS: 7.8

🛡️ CISA KEV: True

🧭 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

📣 Mentions: 249

⚠️ Priority: 1+

📝 Analysis: A Microsoft Office Security Feature Bypass vulnerability has been identified, enabling remote attackers to execute arbitrary code (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C). Confirmed exploited in the wild, this requires immediate attention and a priority 1+ response.

📝 In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl server userdb checkpass.

📅 Published: 20/05/2026

📈 CVSS: 8.1

🧭 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

📣 Mentions: 3

⚠️ Priority: 2

📝 Analysis: Timing side channel in memcached before 1.6.42 exposes password data due to improper use of memcmp during SASL authentication. No known exploits, but high CVSS score indicates a priority 2 vulnerability due to low Exploitability Score.

📝 In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl server userdb checkpass.

📅 Published: 20/05/2026

📈 CVSS: 8.1

🧭 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

📣 Mentions: 2

⚠️ Priority: 2

📝 Analysis: Timing side channel vulnerability in memcached before version 1.6.42 allows attackers to extract username data for SASL password database authentication. No known exploits detected, but given high CVSS score and potential impact, this is a priority 2 issue with low EPSS.

📝 Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.

📅 Published: 20/02/2026

📈 CVSS: 9.4

🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

📣 Mentions: 66

⚠️ Priority: 2

📝 Analysis: Unauthenticated attackers can perform arbitrary reads from a Ghost CMS database (Versions 3.24.0 through 6.19.0). No exploits detected in the wild yet, but given high CVSS score, this is a priority 2 vulnerability as it has low Exploit Prediction Scoring System (EPSS) value. Fix available in version 6.19.1.