4088
Noticias y alertas de seguridad informática. Chat y contacto: t.me/sysadmin24x7chat
Validación de entrada incorrecta en el servidor de UniFI OS
Fecha 22/05/2026
Importancia 5 - Crítica
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/validacion-de-entrada-incorrecta-en-el-servidor-de-unifi-os
GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension
https://thehackernews.com/2026/05/github-internal-repositories-breached.html
K000161027: NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability CVE-2026-42946
Not vulnerable: 1.31.0+, 1.30.1+
Vulnerable: 0.8.42-1.30.0
Security Advisory Description
A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excessive memory allocation or an over-read of data. When scgi_pass or uwsgi_pass is configured, an unauthenticated attacker with man-in-the-middle (MITM) ability to control responses from an upstream server may be able to read the memory of the NGINX worker process or restart it. (CVE-2026-42946)
Impact
This vulnerability may allow remote attackers to restart or disclose the memory of the NGINX worker process. There is no control plane exposure; this is a data plane issue only.
https://my.f5.com/manage/s/article/K000161027
K000161019: NGINX ngx_http_rewrite_module vulnerability CVE-2026-42945
Date: May 13, 2026
Not vulnerable: 1.31.0+, 1.30.1+
Vulnerable: 0.6.27-1.30.0
Security Advisory Description
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible. (CVE-2026-42945)
https://my.f5.com/manage/s/article/K000161019
Microsoft Exchange Server Spoofing Vulnerability
CVE-2026-42897
Released: May 14, 2026
Impact Spoofing
Max Severity Critical
Weakness CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS: 7.5
Executive Summary
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
Exploitability
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
Publicly disclosed No
Exploited Yes
Exploitability assessment Exploitation Detected
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42897
Linux Kernel Vulnerability copy.fail - CVE-2026-31431
IR Number FG-IR-26-139
Published Date May 13, 2026
Component CLI
Severity High
Discovered Third-Party Library
Attack Type Authenticated
Known Exploited No
CVSSv3 Score 7.8
Impact Escalation of privilege
CVE ID CVE-2026-31431
https://fortiguard.fortinet.com/psirt/FG-IR-26-139
Microsoft - May 2026 Security Updates
https://msrc.microsoft.com/update-guide/releaseNote/2026-May
CVE-2026-0300 PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal
CVSS-BT: 9.3
Description
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.
The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines by restricting access to only trusted internal IP addresses.
Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.
https://security.paloaltonetworks.com/CVE-2026-0300
Pi-hole
Local privilege escalation via config-controlled path in root-executed service hooks
Package Pi-hole Core and FTL
Affected versions
>= v6.0
Patched versions
Core >=v6.4.2 FTL >=v6.6.1
https://github.com/pi-hole/pi-hole/security/advisories/GHSA-6w8x-p785-6pm4
High Vulnerability in the Linux Kernel ("Copy Fail")
Temporary Mitigation
Disable the algif_aead kernel module persistently on all affected systems until a patched kernel is available:
echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf
rmmod algif_aead 2>/dev/null || true
This workaround does not affect dm-crypt/LUKS, kTLS, IPsec/XFRM, OpenSSL, GnuTLS, NSS, or SSH. It may affect applications explicitly configured to use the afalg engine or that bind aead/skcipher/hash sockets directly. Exposure can be assessed with lsof | grep AF_ALG.
https://github.com/advisories/GHSA-64fw-jx9p-5j24
Читать полностью…
Contaminación de prototipos en n8n
Fecha 30/04/2026
Importancia 5 - Crítica
Recursos Afectados
Las siguientes versiones de n8n:
2.18.0;
Desde la 2.17.0 hasta la 2.17.3;
Menores a la 1.123.32.
Descripción
a-tallat y simonkoeck han descubierto 2 vulnerabilidades de severidad crítica que, en caso de ser explotadas, podrían permitir la ejecución de código en remoto.
Solución
Actualizar el producto a las siguientes versiones respectivamente:
2.18.1;
2.17.4;
1.123.32.
En caso de que no se sea posible instalar la actualización inmediatamente, se pueden aplicar, de forma temporal, las siguientes contramedidas:
Limitar los permisos de creación y edición de flujos de trabajo ( workflows) a solo usuarios en los que se confíe plenamente.
Deshabilitar el nodo XML añadiendo "n8n-nodes-base.xml" a la variable de entorno "NODES_EXCLUDE".
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/contaminacion-de-prototipos-en-n8n
VMware Tanzu Greenplum Platform Extension Framework 8.0.0
Advisory ID: TNZ-2026-0259
Severity: Critical
Issue Date: 2026-04-24
CVSS Base Score 9.8
Synopsis
Fixed 105 CVEs related to Spring Framework/Boot dependencies, Tomcat dependencies, Hadoop and Hive dependencies, Parquet and ORC dependencies, Golang dependencies, PostgreSQL JDBC Driver dependencies, AWS SDK for Java dependencies and some other dependencies.
VMware Tanzu Data Intelligence
VMware Tanzu Data Suite
VMware Tanzu Greenplum
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37405
UNC6692 Impersonates IT Help Desk via Microsoft Teams to Deploy SNOW Malware
A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts.
https://thehackernews.com/2026/04/unc6692-impersonates-it-helpdesk-via.html
About the security content of iOS 26.4.2 and iPadOS 26.4.2
This document describes the security content of iOS 26.4.2 and iPadOS 26.4.2.
Released April 22, 2026
https://support.apple.com/en-us/127002
Cisco Secure Workload Unauthorized API Access Vulnerability
Advisory ID: cisco-sa-csw-pnbsa-g8WEnuy
First Published: 2026 May 20 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCwt99942
CVSS Score: Base 10.0
Summary
A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role.
This vulnerability is due to insufficient validation and authentication when accessing REST API endpoints. An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint. A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-pnbsa-g8WEnuy
Upcoming highly critical release on May 20, 2026 - PSA-2026-05-18
Date: 2026-May-18
Security risk: Highly critical
Description:
There will be a Drupal core security release for all supported branches on May 20, 2026, between 17:00 and 21:00 UTC. (To see this in your local timezone, refer to the Drupal Core Calendar.) The Drupal Security Team urges you to reserve time for core updates at that time because exploits might be developed within hours or days.
Supported core versions
Security releases will be provided for all the currently supported branches of Drupal core, which are:
11.3.x
11.2.x
10.6.x
10.5.x
Sites on one of these supported versions should update to the latest patch release for the given branch now in preparation for the security window.
https://www.drupal.org/psa-2026-05-18
K000161131: NGINX ngx_http_proxy_v2_module vulnerability CVE-2026-42926
Security Advisory Description
When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxy_http_version to 2, and also uses proxy_set_body, an attacker may be able to inject frame headers and payload bytes to the upstream peer. (CVE-2026-42926)
Not vulnerable: 1.31.0+, 1.30.1+
Vulnerable: 1.29.4-1.30.0
https://my.f5.com/manage/s/article/K000161131
New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption
Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation (LPE) vulnerability that allows local attackers to gain root access, making it the third such bug to be identified in the kernel within a span of two weeks.
Codenamed Fragnesia, the security vulnerability is tracked as CVE-2026-46300 (CVSS score: 7.8) and is rooted in the Linux kernel's XFRM ESP-in-TCP subsystem. It was discovered by researcher William Bowling of Zellic and the V12 security team.
"The vulnerability allows unprivileged local attackers to modify read-only file contents in the kernel page cache and achieve root privileges through a deterministic page-cache corruption primitive," Google-owned Wiz said.
https://thehackernews.com/2026/05/new-fragnesia-linux-kernel-lpe-grants.html
VMSA-2026-0003: VMware Fusion updates address privilege escalation vulnerability (CVE-2026-41702)
Advisory ID: VMSA-2026-0003
Advisory Severity: Important
CVSSv3 Range: 7.8
Synopsis: VMware Fusion updates address privilege escalation vulnerability (CVE-2026-41702)
Issue date: 2025-05-14
CVE(s) CVE-2026-41702
Impacted Products
VMware Fusion
Introduction
A local privilege escalation vulnerability in VMware Fusion was privately reported to Broadcom. Updates are available to remediate this vulnerability in affected Broadcom products.
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37454
SAP Security Patch Day - May 2026
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/may-2026.html
Product Release Advisory - VMware Tanzu GemFire Management Console 1.4.4
Advisory ID: TNZ-2026-0260
Severity: Critical
Issue Date: 2026-05-05
Synopsis
Updated Spring, Tomcat and other libraries along with latest Prometheus version in OCI image with latest Photon image
VMware Tanzu Data Intelligence
VMware Tanzu Data Services Pack
VMware Tanzu Data Suite
VMware Tanzu Gemfire
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37439
CNA: Apache Software Foundation
CVSS 9.8
Published: 2026-05-01
Updated: 2026-05-01
Title: Apache MINA: AbstractIoBuffer.resolveClass() null-clazz Branch Skips acceptMatchers Filter — Full Object Deserialization RCE (take 2)
Description
The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them (for static classes or primitive types) does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed. The fix checks if the class is present in the accepted class filter before calling Class.forName(). Affected versions are Apache MINA 2.1.0 <= 2.1.11, and 2.2.0 <= 2.2.6. The problem is resolved in Apache MINA 2.1.12, and 2.2.7 by applying the classname allowlist earlier. Affected are applications using Apache MINA that call IoBuffer.getObject(). Applications using Apache MINA are advised to upgrade.
https://www.cve.org/CVERecord?id=CVE-2026-42779
https://lists.apache.org/thread/fhlx5k91hrkgyzh7yk1nghrn3k27gxy0
Security Advisory: Firmware Update Required — Gen 6, Gen 7, and Gen 8 Firewalls
SonicWall has identified three vulnerabilities (CVEs) affecting Gen 6, Gen 7, and Gen 8 firewall platforms. These vulnerabilities require immediate firmware updates to maintain security posture. One CVE is rated High severity and two are rated medium severity.
Applies To
Gen 8 firewalls — patch available in firmware 8.2.0-8009
Gen 7 firewalls — patch available in firmware 7.3.2-7010
Gen 6 firewalls — patched firmware posted to MySonicWall on April 29, 2026
https://www.sonicwall.com/support/notices/security-advisory-firmware-update-required-gen-6-gen-7-and-gen-8-firewalls/kA1VN000001F03x0AC
Advisory ID SNWLID-2026-0004
First Published 2026-04-29
Workaround true
CVE CVE-2026-0204, CVE-2026-0205, CVE-2026-0206
CWE CWE-1390, CWE-35, CWE-121
CVSS v3 8.0
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0004
CVE-2026-31431
Base Score: 7.8
Description
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
https://nvd.nist.gov/vuln/detail/CVE-2026-31431
Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push
Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single "git push" command.
The flaw, tracked as CVE-2026-3854 (CVSS score: 8.7), is a case of command injection that could allow an attacker with push access to a repository to achieve remote code execution on the instance.
https://thehackernews.com/2026/04/researchers-discover-critical-github.html
Omisión de autenticación en cPanel
Fecha 30/04/2026
Importancia 5 - Crítica
Recursos Afectados
La vulnerabilidad afecta a todas las versiones posteriores a a la 11.40.
Descripción
cPanel ha publicado una vulnerabilidad de severidad crítica que en caso de ser explotada podría permitir a un atacante omitir la autenticación en el software.
Solución
cPanel ha publicado un parche para las siguientes versiones de cPanel y WHM:
11.86.0.41;
11.110.0.97;
11.118.0.63;
11.126.0.54;
11.130.0.19;
11.132.0.29;
11.136.0.5;
11.134.0.20.
Para WP Squared se ha publicado la versión 136.1.7.
Se recomienda seguir las pautas del aviso oficial en lazado en referencias para actualizar a la versión correspondiente.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/omision-de-autenticacion-en-cpanel
VMware Tanzu Data Lake 4.0.0
Advisory ID: TNZ-2026-0258
Severity: Critical
Issue Date: 2026-04-24
CVSS Base Score 10.0
Synopsys
Resolution of multiple vulnerabilities across critical, high, medium, and low severity levels in the controller and runtime bundles.
VMware Tanzu Data Intelligence
VMware Tanzu Data Services
VMware Tanzu Data Services Solutions
VMware Tanzu Data Suite
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37404
CVE-2026-40970: Elasticsearch auto-configuration with an SSL bundle disables TLS hostname verification
MEDIUM | APRIL 23, 2026 | CVE-2026-40970
Description
When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearch server.
Affected Spring Products and Versions
Spring Boot:
4.0.0 - 4.0.5
Mitigation
Users of affected versions should upgrade to the corresponding fixed version.
https://spring.io/security/cve-2026-40970
Oracle Critical Patch Update Advisory - April 2026
https://www.oracle.com/security-alerts/cpuapr2026.html