Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CVE-2026-0257 is an authentication bypass vulnerability in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS software that lets a remote attacker forge an authentication override cookie and establish an unauthorized VPN connection. The vulnerability carries a CVSS base score of 7.8 (High). It is tracked under CWE-565, reliance on cookies without validation and integrity checking. Exploitation is unauthenticated and requires no user interaction.

From CVE disclosure to exposure confirmation and mitigation in less than 12 hours – for every new CVE in your external environment. In this article.

Your external attack surface is bigger than you think, and probably bigger than it was last quarter. Cloud sprawl, third-party integrations, abandoned subdomains, and shadow IT all add up to an internet-facing footprint that’s hard to track manually. External attack surface management (EASM) tools give security teams continuous visibility over that footprint, from the same vantage point an attacker would use.

CVE-2026-48172 is an incorrect privilege assignment flaw in the LiteSpeed User-End cPanel Plugin that allows any authenticated cPanel user to execute arbitrary scripts as root. The bug sits in the plugin's lsws.redisAble function, which can be invoked through the standard cPanel JSON API to run code with elevated privileges instead of the calling user's own. The vulnerability carries a CVSS v4.0 base score of 10.0 (Critical).

Sample of assets impacted by NGINX nginx-poolslip vulnerability, identified by the CyCognito Platform.

CVE-2026-9082 is an unauthenticated SQL injection vulnerability in Drupal core's database abstraction API, in the path that handles EntityQuery conditions against PostgreSQL backends. User-controllable PHP array keys reach SQL placeholder construction without sanitization, letting a remote attacker inject arbitrary SQL by sending crafted HTTP requests to a vulnerable site. The vulnerability carries a CVSS v3.1 base score of 6.5 (Medium) per NVD.

CVE-2026-20182 is an authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Cisco Catalyst SD-WAN Manager (formerly vManage). The flaw sits in the peering authentication path of the vdaemon service running over DTLS on UDP port 12346, the same control-plane service involved in CVE-2026-20127 earlier in 2026. It is not a patch bypass of that earlier issue, but a separate weakness in the device-type handling of the control connection handshake.

CVE-2026-42945, nicknamed "NGINX Rift", is a heap buffer overflow in the ngx_http_rewrite_module component of NGINX. It has sat in the project's source code since 2008. F5 disclosed the flaw on May 13, 2026, after responsible disclosure by researchers at depthfirst, who reported finding it through an autonomous code scanning system.