--- title: "Rapid responses" --- runZero's Rapid Response program provides immediate detection and notification of emerging threats. Older entries are migrated to standalone [queries](/docs/em-queries/) or [templates](/docs/em-templates/). **9** rapid responses. | Name | Type | Date | Query | |------|------|------|-------| | Citrix Hypervisor Multiple Vulnerabilities (2026-04) | assets | Apr 27, 2026 | `os:="Citrix XenServer"` | | LiteLLM Proxy Multiple Vulnerabilities (2026-04) | services | Apr 23, 2026 | `_asset.protocol:http AND protocol:http AND (html.title:="LiteLLM%" OR last.html.title:="LiteLLM%")` | | CrowdStrike Falcon LogScale Unauthenticated Path Traversal (CVE-2026-40050) | services | Apr 22, 2026 | `_asset.protocol:http AND protocol:http AND (http.head.server:="Humio-%" OR last.http.head.server:="Humio-%")` | | Fortinet FortiSandbox Multiple Vulnerabilities (2026-04) | assets | Apr 15, 2026 | `os:="Fortinet FortiSandbox%"` | | Fortinet FortiClient Endpoint Management Server API Auth Bypass (CVE-2026-35616) | services | Apr 4, 2026 | `_asset.protocol:http AND protocol:http AND favicon.ico.image.mmh3:=-800551065` | | Cisco Smart Software Manager On-Prem Multiple Vulnerabilities (2026-04) | services | Apr 3, 2026 | `_asset.protocol:http AND protocol:http AND html.title:="On-Prem License Workspace"` | | Cisco Integrated Management Controller Multiple Vulnerabilities (2026-04) | software | Apr 2, 2026 | `vendor:=Cisco AND product:="Integrated Management Controller"` | | Progress ShareFile Storage Zones Controller Multiple Vulnerabilities (2026-04) | software | Apr 2, 2026 | `(vendor:="Progress Software" OR vendor:=Citrix OR vendor:=ShareFile) AND (product:="ShareFile Storage Zones Controller" OR product:="ShareFile StorageZones Controller")` | | Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2026-20963) | software | Mar 26, 2026 | `vendor:=Microsoft AND ( (product:="SharePoint Server 2016" AND (version:>=16.0.4107.1002 AND version:<16.0.5535.1001)) OR (product:="SharePoint Server 2019" AND (version:>=16.0.10711.37301 AND version:<16.0.10417.20083)) OR (product:="SharePoint Server Subscription Edition" AND (version:>=16.0.0.1 AND version:<16.0.19127.20442)) )` | Each Rapid Response includes a query to find matching assets, a trigger to analyze all inventories for exposure, and a corresponding blog post with the details of the issue. This program focuses on helping customers mitigate exposures before compromise.

Vulnerabilities covered by the Rapid Response program are replaced by more specific coverage as mitigations become available.