Rapid responses

Ollama is an open-source framework designed for the local deployment, management, and execution of large language models (LLMs) on personal computing hardware.

Certain versions of Ollama are susceptible to a heap out-of-bounds read vulnerability within the GGUF model loader. A remote, unauthenticated attacker could exploit this by sending a specially crafted GGUF file to the /api/create endpoint. When the server processes a GGUF file where the declared tensor offset and size exceed the file’s actual length, the functions in fs/ggml/gguf.go and server/quantization.go (WriteTo()) read past the allocated heap buffer during the quantization process.

The resulting memory leak may expose sensitive information, including environment variables, API keys, system prompts, and concurrent user conversation data. This data can then be exfiltrated by uploading the resulting model artifact to an attacker-controlled registry via the /api/push endpoint. In the upstream distribution, the /api/create and /api/push endpoints lack authentication. While default deployments bind to 127.0.0.1, the documented OLLAMA_HOST=0.0.0.0 configuration is common in practice, leading to significant public Internet exposure.

The following versions are affected:

• Ollama: Versions prior to 0.17.1

PAN-OS is the proprietary operating system that powers all Palo Alto Networks Next-Generation Firewalls (NGFW) across physical, virtual, and cloud environments. It uses a Single-Pass Parallel Processing (SP3) architecture to provide deep visibility and control over network traffic by identifying applications, users, and content simultaneously.

Certain versions of PAN-OS across PA-Series and VM-series firewalls are susceptible to the following vulnerability:

• CVE-2026-0300: A critical buffer overflow vulnerability in the User-ID Authentication Portal (Captive Portal) of Palo Alto Networks PAN-OS that allows an unauthenticated remote attacker to execute arbitrary code with root privileges.

This vulnerability is known to be exploited in the wild, as determined by its presence on the CISA.gov Known Exploited Vulnerabilities (KEV) list.

The following versions are affected:

• PAN-OS versions 12.1 through 12.1.4-h5, and 12.1.7.
• PAN-OS 11.2 versions through 11.2.4-h17, 11.2.7-h13, 11.2.10-hh6, and 11.2.12.
• PAN-OS 11.1 versions through 11.1.4-h33, 11.1.6-h32, 11.1.7-h6, 11.1.10-h25, 11.1.13-h5, and 11.1.15.
• PAN-OS 10.2 versions through 10.2.7-h34, 10.2.10-h36, 10.2.16-h21, 10.2.16-h7, and 10.2.18-h6.

Progress MOVEit Automation is a managed file transfer (MFT) orchestration tool used to automate the scheduled or event-driven movement and processing of data between disparate servers, cloud storage environments, and applications via a centralized management interface.

Certain versions of MOVEit Automation are susceptible to vulnerabilities within the service backend command port interfaces. Successful exploitation could allow an attacker to gain unauthorized access, obtain administrative control, or expose sensitive data.

• CVE-2026-4670: An authentication bypass vulnerability that allows a remote, unauthenticated attacker to gain unauthorized access to the system.

• CVE-2026-5174: An improper input validation vulnerability that allows a remote, low-privileged attacker to elevate their privileges.

The following versions are affected:

• MOVEit Automation: Version 2024.1.7 (16.1.7) and prior
• MOVEit Automation: Version 2025.0.8 (17.0.8) and prior
• MOVEit Automation: Version 2025.1.4 (17.1.4) and prior (Affected by CVE-2026-5174 only)

Apache HTTP Server is an open-source, cross-platform application that serves web content by processing requests via the Hypertext Transfer Protocol (HTTP).

Certain versions of Apache HTTP Server are affected by a double free vulnerability that may lead to remote code execution (RCE). This flaw occurs within the HTTP/2 protocol implementation when a stream undergoes an “early reset.” While further technical details are not publicly available at this time, the vulnerability involves a memory management error triggered during specific HTTP/2 communication sequences.

The following versions are affected:

• Apache HTTP Server: Version 2.4.66

Severity & Risk Assessment

• Severity: High – Successful exploitation could allow an attacker to potentially execute arbitrary code on the vulnerable system.
• Risk: High – This vulnerability can be exploited by a low-privileged remote attacker, meaning the barrier to entry for an attacker is low. This significantly increases the likelihood of widespread exploitation.

SonicWall SonicOS is the proprietary operating system that manages the networking, routing, and deep packet inspection security functions for SonicWall physical and virtual firewall appliances.

Certain versions of SonicOS across Gen 6, Gen 7, and Gen 8 firewall platforms are susceptible to the following vulnerabilities:

• CVE-2026-0204: A flaw in the access control mechanism may expose management interface functions under specific conditions. An unauthenticated attacker with adjacent network access could gain unauthorized access to management functionality, potentially leading to security control bypasses or administrative misuse.

• CVE-2026-0205: A post-authentication path traversal vulnerability allows an authenticated attacker with adjacent network access to interact with restricted services.

• CVE-2026-0206: A post-authentication stack-based buffer overflow allows a remote, high-privileged attacker to cause a denial-of-service (DoS) by crashing the firewall.

While unconfirmed, the initial authentication bypass (CVE-2026-0204) may provide an unauthenticated attacker with the privileges necessary to chain and exploit the subsequent path traversal and buffer overflow vulnerabilities.

The following versions are affected:

• Gen 6 Series (TZ 300/400/500/600, NSA 2650–6650, SOHO 250, SM 9200–9650): SonicOS version 6.5.5.1-6n and prior.
• Gen 7 Series (TZ 270–670, NSa 2700–6700, NSsp 10700–15700, NSv 270-870): SonicOS 7.0.1-5169 and prior, and 7.3.1-7013 and prior.
• Gen 8 Series (TZ 80–680, NSa 2800–5800): SonicOS version 8.1.0-8017 and prior.

XCP-ng (Xen Cloud Platform - next generation) is a bare-metal hypervisor based on the open-source Xen project that enables multiple virtual machines to run concurrently on a single physical server.

On April 24, 2026, researchers publicly disclosed an audit identifying 89 exploitable vulnerabilities. These issues primarily involve missing input validation across all writable Map(String,String) fields within eight XAPI object types. Consequently, an attacker with the vm-admin management role could theoretically “achieve full host filesystem read/write [access]” and execute “cross-VM data exfiltration” or “pool-wide compromise.” The report claims these actions are possible through “single API calls with no exploit code,” requiring neither a root shell nor triggering security alerts. These vulnerabilities reportedly persisted since the inception of the XAPI codebase (circa 2006). The researchers assigned a CVSS distribution of 5 critical, 28 high, 46 medium, and 10 low, stating that all versions of Citrix XenServer / Hypervisor, XCP-ng, and XAPI-based distributions were affected.

On April 28, 2026, the Xen Project (upstream) and XCP-ng (downstream) released advisories addressing these claims. The Xen Project issued technical advisories XSA-483 through XSA-489 to address the core source code. Notably, XSA-489 serves as a direct rebuttal to the April 24 audit, concluding that only five of the 89 claims were actionable. The remainder were identified as intended Role-Based Access Control (RBAC) functionality or, in several instances, appeared to be “AI hallucinations” within the researcher’s report. Simultaneously, XCP-ng published a blog providing specific security and maintenance updates focused on the practical impact on XCP-ng environments.

Vulnerability Details:

• CVE-2026-23556 (VSA-2026-007, XSA-483): A flaw where oxenstored keeps quota-related use counts across domain destruction. XCP-ng notes this could allow a privileged user in a guest domain to trigger a denial-of-service (DoS) condition by preventing other domains from starting; the XCP-ng advisory classifies this impact as critical.

• CVE-2026-23557 (XSA-484): A denial-of-service (DoS) vulnerability via the XS_RESET_WATCHES command in xenstored.

• CVE-2026-31786 (XSA-485): A Linux kernel out-of-bounds read via a Xen-related sysfs file, potentially leaking sensitive information.

• CVE-2026-23558 (VSA-2026-008, XSA-486): A race condition in grant table v2 status page mapping. XCP-ng notes this use-after-free (UAF) flaw could allow a privileged user in a HVM or PVH guest domain to escalate their privileges to the hypervisor level; the XCP-ng advisory classifies this impact as critical.

• CVE-2026-31787 (XSA-487): A Linux kernel double-free in the Xen privcmd driver; as it requires root privileges, the Xen Project considers the crash potential not security-relevant.

• CVE-2025-54505 (VSA-2026-010, XSA-488): Addresses “Floating Point Divider State Sampling” on certain AMD CPUs. While not a XCP-ng software vulnerability, this update mitigates a hardware issue to prevent a guest VM from inferring data from another VM; the XCP-ng advisory classifies this impact as moderate.

• XAPI RBAC Escalation (VSA-2026-011, XSA-489): This advisory confirms five actionable vulnerabilities: CVE-2026-23559, CVE-2026-23560, CVE-2026-23561, CVE-2026-23562, and CVE-2026-42486. While the first three may allow vm-admin role users to escalate to root privileges in the control domain, the flaw relies on advanced RBAC features not typically exposed in standard management tools or documentation; the XCP-ng advisory classifies this impact as low. This would only impact users with a specific configuration involving an XCP-ng pool using Active Directory for user management where the managed user has the XAPI role vm-admin.

Note: Current advisories suggest that Xen Project vulnerabilities CVE-2026-23557, CVE-2026-31786, CVE-2026-31787, CVE-2026-23562, and CVE-2026-42486 have not yet been addressed specifically by XCP-ng updates.

The following versions are affected:

• XCP-ng: Version 8.3

Note: XCP-ng 8.3 LTS is currently the only release not marked end-of-life (EOL). Therefore, older versions are likely susceptible to these vulnerabilities but fall outside the scope of current security patching and support.

cPanel & WHM comprises two primary components: WebHost Manager (WHM), the administrative interface for server-level infrastructure, and cPanel, the user-facing control panel for managing individual hosting accounts.

Certain versions of cPanel & WHM are affected by a critical login authentication vulnerability. While public details are currently limited, the changelogs for the affected versions cite a fix for an issue regarding session loading and saving (CPANEL-52908), released on April 28, 2026. This vulnerability does not currently have a CVE ID assigned.

Update (April 29, 2026): New details identify this flaw as an authentication bypass vulnerability, now tracked as CVE-2026-41940. The weakness resides in the login flow, enabling remote, unauthenticated attackers to gain full unauthorized access to the control panel.

There is evidence that this vulnerability is being actively exploited in the wild.

The following versions are affected:

• cPanel & WHM 110.0.x: Versions prior to 110.0.97 (11.110.0.97)
• cPanel & WHM 118.0.x: Versions prior to 118.0.63 (11.118.0.63)
• cPanel & WHM 126.0.x: Versions prior to 126.0.54 (11.126.0.54)
• cPanel & WHM 132.0.x: Versions prior to 132.0.29 (11.132.0.29)
• cPanel & WHM 134.0.x: Versions prior to 134.0.20 (11.134.0.20)
• cPanel & WHM 136.0.x: Versions prior to 136.0.5 (11.136.0.5)

Note: Servers running end-of-life or unsupported versions are also likely affected. It is strongly recommended that you upgrade your server to a supported, patched version immediately.

GitHub Enterprise Server (GHES) is a self-hosted version of GitHub that allows organizations to run an isolated instance of the platform on their own physical or virtual infrastructure, independent of external cloud services.

Certain versions of GHES are affected by a remote code execution (RCE) vulnerability due to improper neutralization of special elements. Successful exploitation could allow an authenticated, low-privileged user with push access to any repository, including one they created themselves, to achieve arbitrary command execution on the GitHub server via a single git push using crafted push option values containing an unsanitized delimiter character.

The following versions are affected:

• GHES 3.14.x: Versions prior to 3.14.25
• GHES 3.15.x: Versions prior to 3.15.20
• GHES 3.16.x: Versions prior to 3.16.16
• GHES 3.17.x: Versions prior to 3.17.13
• GHES 3.18.x: Versions prior to 3.18.7
• GHES 3.19.x: Versions prior to 3.19.4

Citrix XenServer, formerly known as Citrix Hypervisor, is a bare-metal hypervisor based on the open-source Xen project that enables multiple virtual machines to run concurrently on a single physical server.

On April 24, 2026, researchers publicly disclosed an audit identifying 89 exploitable vulnerabilities. These issues primarily involve missing input validation across all writable Map(String,String) fields within eight XAPI object types. Consequently, an attacker with the vm-admin management role “can achieve full host filesystem read/write [access], cross-VM data exfiltration, storage protocol injection, cross-hypervisor lateral movement, and pool-wide compromise through single API calls with no exploit code, no root shell, and no security alerts.” These vulnerabilities have persisted since the inception of the XAPI codebase (circa 2006). The researchers assigned the following CVSS severity distribution: 5 critical, 28 high, 46 medium, and 10 low.

These vulnerabilities do not currently have CVE IDs assigned.

The following products and versions are affected:

• Citrix Hypervisor or XenServer: All versions
• XCP-ng: All versions
• Any XAPI-based hypervisor distribution

Update (April 29, 2026): The Xen Project (upstream) and Citrix (downstream) released separate but related advisories to address these claims. The Xen Project issued technical advisories XSA-483 through XSA-489 to address the core source code. Notably, XSA-489 serves as a direct rebuttal to the April 24 audit, concluding that only five of the 89 claims were actionable. The remainder were identified as intended RBAC functionality or, in several instances, appeared to be “AI hallucinations” within the researcher’s report.

Simultaneously, Citrix released Security Bulletin CTX696527 to provide specific updates and hotfixes for commercial users, focusing on the practical impact to the XenServer environments.

Vulnerability Details:

• CVE-2026-23556 (XSA-483): A flaw where oxenstored keeps quota-related use counts across domain destruction. Citrix notes this could allow a privileged user in a guest VM to cause the host to crash or become unresponsive.

• CVE-2026-23557 (XSA-484): A Denial of Service (DoS) vulnerability via the XS_RESET_WATCHES command in xenstored.

• CVE-2026-31786 (XSA-485): A Linux kernel out-of-bounds read via a Xen-related sysfs file, potentially leaking sensitive information.

• CVE-2026-23558 (XSA-486): A race condition in grant table v2 status page mapping. Citrix notes this could allow a privileged user in a guest VM to compromise the host under specific circumstances.

• CVE-2026-31787 (XSA-487): A Linux kernel double-free in the Xen privcmd driver; as it requires root privileges, the Xen Project considers the crash potential not security-relevant.

• CVE-2025-54505 (XSA-488): Addresses “Floating Point Divider State Sampling” on certain AMD CPUs. While not a XenServer software vulnerability, this update mitigates a hardware issue to prevent a guest VM from inferring data from a different VM.

• XAPI RBAC Escalation (XSA-489): This advisory confirms five actionable vulnerabilities: CVE-2026-23559, CVE-2026-23560, CVE-2026-23561, CVE-2026-23562, and CVE-2026-42486. Citrix warns that the first three in particular may allow host administrators to gain access beyond the limits of their assigned RBAC role.

Note: Current advisories suggest that Xen Project vulnerabilities CVE-2026-23557, CVE-2026-31786, CVE-2026-31787, CVE-2026-23562, and CVE-2026-42486 have not yet been addressed specifically by Citrix updates.

The following versions are affected:

• Citrix XenServer: Version 8.4

Note: Citrix XenServer 9.x is currently in Public Preview and not covered by standard security bulletins; as such, it may be affected by these issues.

LiteLLM Proxy is an open-source gateway that enables applications to interact with multiple large language model (LLM) providers through a single, standardized API by translating requests into the specific formats required by each service.

Certain versions of LiteLLM Proxy are susceptible to multiple vulnerabilities that can be chained together to achieve remote code execution (RCE). In the official LiteLLM container images, the process runs as root. For deployments outside of these official containers, the code executes with the privileges of the user account running the proxy process. Research regarding the exploit chain involving GHSA-r75f-5x8p-qvmc and GHSA-xqmj-j6mv-4862 indicates that the vulnerable code path only triggers after the server has processed “a minimum amount of legitimate interaction.”

These vulnerabilities do not currently have CVE IDs assigned. Update (April 27, 2026): The advisories now reflect assigned CVE IDs; however, these remain in a “reserved” state, and further details have not yet been provided by the CNA.

Update (May 8, 2026): There is evidence that CVE-2026-42208 is being actively exploited in the wild.

• CVE-2026-42208: A SQL injection vulnerability exists in the API key verification process due to improper error handling. A remote, unauthenticated attacker can exploit this by sending a specially crafted Authorization header to any LLM API endpoint (e.g., /chat/completions). Successful exploitation allows an attacker to read or potentially modify database data, leading to unauthorized access to the proxy and the credentials it manages.

• CVE-2026-42203: A server-side template injection (SSTI) vulnerability in the /prompts/test API endpoint arises from the improper neutralization of user-supplied prompt templates, which are rendered without sandboxing. A crafted template can execute arbitrary code within the LiteLLM Proxy process. Successful exploitation allows a remote, authenticated user to access secrets in the process environment (e.g., provider API keys or database credentials) or execute arbitrary code on the host.

• CVE-2026-42271: An authenticated command execution vulnerability exists in the MCP stdio test endpoints (/mcp-rest/test/connection and /mcp-rest/test/tools/list), which are used to preview an MCP server before saving. A remote, low-privileged attacker can exploit this by providing a crafted server configuration in the request body. The command is spawned as a subprocess on the proxy host with the privileges of the proxy process.

The following versions are affected:

• LiteLLM: Versions 1.81.16 through 1.83.6

CrowdStrike Falcon LogScale (formerly Humio) is a log management and observability platform that ingests, stores, and enables real-time search of large-volume streaming data using an index-free architecture.

Certain versions of self-hosted LogScale are susceptible to an unauthenticated path traversal vulnerability. A remote, unauthenticated attacker could exploit a specific, exposed cluster API endpoint to read arbitrary files from the server filesystem. This vulnerability does not affect Next-Gen SIEM customers.

The following versions are affected:

• LogScale Self-Hosted (GA): Versions 1.224.0 through 1.234.0 (inclusive)
• LogScale Self-Hosted (LTS): Version 1.228.0 and 1.228.1

Microsoft SharePoint is a web-based collaboration and document management platform within the Microsoft 365 suite. It acts as a secure, centralized hub for storing, organizing, sharing, and accessing information from any device.

On January 13, 2026, Microsoft disclosed a remote code execution vulnerability, designated CVE-2026-20963, in Microsoft SharePoint. The vulnerability is due to deserialization of untrusted data in Microsoft SharePoint which allows a remote, unauthenticated attacker to execute code over a network.

While initially released with a CVSS score of 8.8, the score was updated to 9.8 on March 17, 2026.

This vulnerability is known to be exploited in the wild and was added to the CISA.gov Known Exploited Vulnerabilities (KEV) list on March 18, 2026.

The following versions are affected:

• SharePoint Enterprise Server 2016 before version 16.0.5535.1001
• SharePoint Server 2019 before version 16.0.10417.20083
• SharePoint Server Subscription Edition before version 16.0.19127.20442