A code injection flaw in n8n’s expression evaluation lets any authenticated user with workflow edit rights run arbitrary system commands on the host, enabling full server compromise.
Read more about Emerging Threat: (CVE-2026-27577) n8n Remote Code Execution via Workflow Expressions
CyCognito Blog
Emerging Threats
Search the Blog
A memory-exhaustion flaw in Apache HTTP Server’s mod_http2 lets an unauthenticated attacker crash HTTP/2 web servers within seconds using a single crafted connection.
Read more about Emerging Threat: (CVE-2026-49975) Apache HTTP Server Denial of Service via HTTP/2 Memory ExhaustionA route-rule middleware bypass in Nuxt lets an unauthenticated attacker vary request path casing to slip past path-level controls, reaching routes that routeRules was assumed to protect.
Read more about Emerging Threat: (CVE-2026-53721) Nuxt Route-Rule Middleware Bypass via Case-Sensitivity MismatchA path traversal flaw in Ubiquiti’s UniFi OS lets an unauthenticated attacker on the network read arbitrary files from affected gateways and controllers, exposing configuration files and sensitive data.
Read more about Emerging Threat: (CVE-2026-47368) UniFi OS Information Disclosure via Path TraversalA hardcoded credentials flaw in Apache Solr’s Basic Authentication setup tool silently installs undocumented admin accounts with default passwords, giving remote attackers full control of affected SolrCloud clusters.
Read more about Emerging Threat: (CVE-2026-44825) Apache Solr Administrative Takeover via Hardcoded CredentialsIBM has disclosed three critical flaws in WebSphere Application Server 8.5 and 9.0, including identity spoofing and two remote code execution paths that let unauthenticated attackers impersonate users or run code.
Read more about Emerging Threats: (CVE-2026-8644, CVE-2026-9311, CVE-2026-9319) IBM WebSphere Application Server Identity Spoofing and RCEAn authentication bypass flaw in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS lets a remote attacker forge override cookies and establish an unauthorized VPN connection.
Read more about Emerging Threat: (CVE-2026-0257) PAN-OS GlobalProtect Authentication Bypass via Forged Override CookiesSample of assets impacted by NGINX nginx-poolslip vulnerability, identified by the CyCognito Platform What is CVE-2026-9256? CVE-2026-9256, publicly nicknamed “nginx-poolslip,” is a heap buffer overflow in the ngx_http_rewrite_module component of NGINX Plus and NGINX Open Source. The flaw is triggered when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression captures (for example, ^/((.*))$) and a replacement string that references multiple such captures (for example, $1$2) in a redirect or arguments context. Under these conditions, NGINX underestimates the length of the output after URI escaping, producing an out-of-bounds write inside the worker process memory pool. The…
Read more about Emerging Threat: (CVE-2026-9256) NGINX Heap Buffer Overflow via Rewrite ModuleA critical arbitrary file write vulnerability in Grafana’s SQL expressions feature can be chained with a Grafana Enterprise plugin to achieve full remote code execution on the underlying host.
Read more about Emerging Threat: (CVE-2026-48172) LiteSpeed cPanel Plugin Privilege Escalation to RootAn unauthenticated SQL injection in Drupal core’s database abstraction API lets a remote attacker execute arbitrary SQL against PostgreSQL-backed sites, with a path to full database compromise and, in elevated configurations, remote code execution on the underlying host.
Read more about Emerging Threat: (CVE-2026-9082) Drupal Core SQL Injection on PostgreSQL