< ciso
brief />
Security Advisory and Patch Watch Banner

All news in category “Security Advisory and Patch Watch

2056 articles · page 17 of 103

PraisonAI Authentication Bypass CVE-2026-44338 Exploited

🔒 PraisonAI contained a critical authentication bypass (CVE-2026-44338) in its legacy Flask API server that sets AUTH_ENABLED = False and AUTH_TOKEN = None by default. Exploitation allows unauthenticated callers to enumerate configured agents via /agents and to trigger workflows through /chat, potentially consuming model quotas and exposing run results. The flaw affects versions 2.5.6–4.6.33 and was fixed in v4.6.34; operators are advised to update, audit deployments, and rotate exposed credentials.
read more →

PraisonAI Authentication Bypass Scanned by Internet

🔍 Sysdig reported that a newly disclosed authentication bypass in the open-source orchestration framework PraisonAI was probed by internet scanners about 3 hours and 44 minutes after a GitHub advisory published on May 11. The flaw stems from a legacy Flask API server that ships with authentication disabled by default, affecting versions 2.5.6 through 4.6.33 and fixed in 4.6.34. Researchers urge immediate upgrades and monitoring for the “CVE-Detector/1.0” user-agent and suspicious /api/agents and related paths.
read more →

Dell confirms SupportAssist update causes Windows BSODs

⚠️ Dell confirmed that its SupportAssist Remediation update is causing blue-screen crashes on some Windows systems after user reports of random reboots began Friday. Dell says version 5.5.16.0 of the Dell SupportAssist Remediation or Alienware SupportAssist Remediation service can trigger 0xEF_DellSupportAss_BUGCHECK_CRITICAL_PROCESS errors and recommends disabling or uninstalling the service as a workaround. Uninstall via Windows Settings (Apps > Installed apps) but note this may remove repair points created by Dell OS SupportAssist Recovery; contact Dell Support if problems persist.
read more →

Windows Zero-Days Expose BitLocker and CTF Privilege Flaws

🔒 An anonymous researcher known as Chaotic Eclipse (aka Nightmare-Eclipse) disclosed two new Windows zero-days: YellowKey, a BitLocker bypass present in the Windows Recovery Environment (WinRE), and GreenPlasma, a CTFMON-related privilege escalation. YellowKey targets Windows 11 and Windows Server 2022/2025 by placing crafted FsTx files on a USB or EFI partition and replaying them to obtain a shell even when BitLocker is enabled. The GreenPlasma proof-of-concept can create arbitrary memory section objects in SYSTEM-writable directories, potentially enabling higher-privilege manipulation, though the exploit is incomplete. Microsoft says it investigates reported issues and supports coordinated disclosure.
read more →

High-Severity Fragnasia Linux Kernel Vulnerability

⚠️ A new high-severity Linux kernel privilege escalation, named Fragnasia (CVE-2026-46300), abuses a logic bug in the XFRM ESP-in-TCP subsystem to write arbitrary bytes into the kernel page cache of read-only files, enabling local attackers to gain root. A proof-of-concept exploit demonstrates corrupting /usr/bin/su to obtain a root shell. It affects kernels released before May 13, 2026, and mirrors the mitigation used for the recently disclosed Dirty Frag class.
read more →

Fragnesia: New Linux Kernel LPE CVE-2026-46300 Alert

🔒 A new local privilege escalation dubbed Fragnesia (CVE-2026-46300) was disclosed in the Linux kernel's XFRM ESP-in-TCP subsystem, allowing unprivileged local attackers to corrupt the kernel page cache and gain root. The issue, discovered by William Bowling of V12, is a separate bug from Dirty Frag but affects the same surface. A PoC exploit has been published and multiple distributions have issued advisories. Mitigations for Dirty Frag apply until patched kernels are available.
read more →

NGINX Rift: Critical 18-Year Rewrite Module Flaw Explained

⚠️ F5 and researcher depthfirst disclosed a critical heap buffer overflow in the ngx_http_rewrite_module affecting both NGINX Plus and NGINX Open Source. Tracked as CVE-2026-42945 (CVSS v4: 9.2) and dubbed NGINX Rift, the flaw can be triggered remotely via crafted URIs to cause DoS or, with ASLR disabled, lead to remote code execution. Fixes were released after responsible disclosure on April 21, 2026, across many NGINX releases and ecosystem products. Users should apply vendor updates or replace unnamed PCRE captures with named captures as a temporary mitigation.
read more →

Fortinet fixes critical RCE flaws in Authenticator, Sandbox

🔒 Fortinet released Patch Tuesday updates addressing two critical remote code execution vulnerabilities: FortiAuthenticator (CVE-2026-44277) and FortiSandbox (CVE-2026-26083), both rated 9.1. The flaws permit unauthenticated attackers to execute arbitrary commands; Fortinet advises upgrading FortiAuthenticator to 6.5.7/6.6.9/8.0.3 and FortiSandbox to 4.4.9 or 5.0.2. Both issues were found internally and have not yet been observed exploited in the wild, but Fortinet RCEs have been weaponized previously. Administrators should prioritize immediate patching and monitor credentials and logs.
read more →

Critical Exim GnuTLS Flaw Allows Remote Code Execution

⚠️ A critical user-after-free flaw in Exim (CVE-2026-45185) affects GnuTLS builds prior to 4.99.3 and can be triggered during TLS shutdown while processing BDAT chunked SMTP. The vulnerability allows an unauthenticated remote attacker to achieve arbitrary code execution and access mail data. OpenSSL-based builds are not affected. Administrators should apply Exim v4.99.3 updates immediately via their package managers.
read more →

Windows BitLocker Zero-Day: YellowKey and GreenPlasma

🔒 A researcher known as Chaotic Eclipse (Nightmare-Eclipse on GitHub) published proof-of-concept exploits named YellowKey and GreenPlasma that bypass BitLocker protections and enable local privilege escalation on affected Windows versions. YellowKey abuses the Windows Recovery Environment (WinRE) and NTFS transaction replay to spawn a shell and access encrypted volumes, while GreenPlasma allows arbitrary memory-section creation that can be escalated to SYSTEM. The author said the disclosures were driven by dissatisfaction with Microsoft's handling of reports. Microsoft says it investigates and supports coordinated disclosure.
read more →

Microsoft fixes BitLocker recovery on Windows 11 25H2

🔧 Microsoft released a cumulative update addressing a BitLocker recovery issue that caused some systems to prompt for recovery keys after installing the April 2026 security updates. The KB5089549 patch fixes the problem on Windows 11 25H2 by correcting boot-file update behavior tied to certain TPM validation and invalid PCR7 settings. Administrators are advised to remove the Configure TPM platform validation profile for native UEFI firmware configurations Group Policy before broad deployment and to confirm BitLocker bindings use the PCR7 profile.
read more →

Microsoft Fixes Windows Autopatch Bug Deploying Drivers

🔧 Microsoft has applied a service-side fix for a Windows Autopatch bug that caused driver updates restricted by administrative policies to be deployed on some EU-managed Windows devices. The issue affected a limited set of client platforms, including Windows 11 25H2, 24H2, and 23H2. Impacted systems experienced unexpected reboots and, in some cases, system failures depending on the installed drivers. Microsoft says no client-side action is required.
read more →

Avada Builder Vulnerabilities Put One Million Sites at Risk

⚠️ Two newly disclosed flaws in the Avada Builder WordPress plugin place roughly one million sites at risk of arbitrary file read (CVE-2026-4782, CVSS 6.5) and unauthenticated time-based SQL injection (CVE-2026-4798, CVSS 7.5). The issues were reported to Wordfence in March and fixed in 3.15.2 and fully resolved in 3.15.3. Site owners are urged to update immediately and audit subscriber accounts and wp-config.php for signs of compromise.
read more →

Microsoft Patches 138 Vulnerabilities Across Products

🔒 Microsoft released patches for 138 vulnerabilities across its product portfolio, including 30 Critical and 104 Important flaws, with none currently listed as publicly known or under active attack. The update spans privilege escalation, remote code execution, information disclosure, and spoofing issues, and includes a recently patched AMD CPU isolation flaw (CVE-2025-54518). Notable high-risk fixes include CVE-2026-41096 (Windows DNS heap overflow) and several Critical issues in Azure, Dynamics 365, Hyper-V, and Office. Administrators are urged to prioritize updates, rotate Secure Boot certificates before the June 26, 2026 deadline, and follow mitigation guidance such as reducing internet exposure and enforcing MFA.
read more →

Microsoft May Patch: 17 Critical Flaws Including RCE

🔒 Microsoft released its May Patch Tuesday fixing 120 CVEs, including 17 critical flaws. The update addresses 14 RCEs, two elevation of privilege bugs and one information disclosure issue, with the majority of fixes covering EoP and RCE types. Microsoft credited its WARP team and an agentic AI system, MDASH, with discovering 16 of the issues. Administrators are urged to prioritize high-risk fixes such as CVE-2026-41089.
read more →

May Patch Tuesday: Critical Windows, DNS, and Dynamics Fixes

🔒 Microsoft’s May Patch Tuesday addresses 118 vulnerabilities, including critical Windows Server flaws in Netlogon (CVE-2026-41089) and the DNS Client (CVE-2026-41096), plus a severe RCE in Microsoft Dynamics 365 On-Premises. Cloud services such as Azure and Microsoft Teams have already been updated, but on-prem and endpoint administrators must prioritize OS and application patches. Analysts recommend additional protections like network segmentation, access restrictions, and monitoring. Also note a mandatory Secure Boot certificate rotation before June 26 and multiple high‑risk SAP and Oracle updates.
read more →

May 2026 Patch Tuesday: Major Vendor Fix Waves and AI

🔒 Microsoft’s May Patch Tuesday updates address at least 118 security flaws across Windows and other products, including 16 rated critical. This release is notable as the first Patch Tuesday in nearly two years without fixes for known exploited zero-days or previously disclosed vulnerabilities. Other major vendors — Apple, Google, Mozilla and Oracle — have accelerated patch cadences after collaborative AI evaluations. Administrators are advised to apply updates promptly and back up data before upgrading.
read more →

Microsoft Patch Tuesday May 2026: 137 Vulnerabilities

🔒 Microsoft released its May 2026 Patch Tuesday update addressing 137 vulnerabilities, of which 31 are rated critical. Microsoft reports no observed active exploitation in the wild, though several critical RCE and local code-execution flaws affect Windows services, Office, Azure, SharePoint, and mobile Office. Talos has published new Snort 2 and Snort 3 rule sets to detect many exploitation attempts and recommends immediate patching and signature updates.
read more →

Microsoft Issues Windows 10 KB5087544 Security Update

🛡️Microsoft released the KB5087544 extended security update for Windows 10 to address the May 2026 Patch Tuesday fixes and correct rendering issues with the new Remote Desktop warnings. Enterprise LTSC and systems enrolled in the ESU program can obtain the update via Settings → Windows Update and checking for updates. After installation Windows 10 moves to build 19045.7291 and LTSC 2021 to 19044.7291. The update also includes 120 security fixes, Secure Boot improvements, a DST update for Egypt, and a known BitLocker prompt issue with a recommended temporary workaround.
read more →

Fortinet: RCE in FortiSandbox and FortiAuthenticator

🔒 Fortinet issued security updates to address two critical remote code execution flaws affecting FortiAuthenticator (CVE-2026-44277) and FortiSandbox (CVE-2026-26083). The FortiAuthenticator issue was fixed in versions 6.5.7, 6.6.9 and 8.0.3, while FortiSandbox and its cloud/PaaS WEB UI received patches for a missing authorization weakness. Fortinet noted the cloud IDaaS service is not impacted and there are no reports of active exploitation.
read more →