The instinctive reaction to Mythos is: we need to patch faster. That instinct is understandable. It is also exactly the wrong frame. The real question isn’t how many CVEs are in your queue. It’s how many of your exposed assets can actually be exploited right now, by anyone with an API key and an afternoon.
Read more about Mythos, MOAK, CTEM and the End of CVE ChasingCyCognito Blog
Your source for exposure management research, product news, and security insights.
Search the Blog
Two critical pre-authentication code injection flaws in Ivanti EMM, exploited as zero-days since before their disclosure.
Read more about Emerging Threat: (CVE-2026-1281 & CVE-2026-1340) Ivanti EPMM Unauthenticated RCE via Code InjectionA remote code execution vulnerability in Apache ActiveMQ Classic’s Jolokia JMX-HTTP bridge allows an authenticated attacker to load a malicious Spring XML configuration and execute arbitrary commands.
Read more about Emerging Threat: (CVE-2026-34197) Apache ActiveMQ Remote Code Execution via Jolokia APIA critical unauthenticated arbitrary file upload flaw in the Ninja Forms – File Uploads WordPress plugin allows attackers to bypass extension validation and upload PHP webshells, enabling full remote code execution on the underlying web server.
Read more about Emerging Threat: (CVE-2026-0740) Ninja Forms File Upload Unauthenticated RCEA critical improper access control flaw in Fortinet FortiClient EMS allows unauthenticated attackers to bypass API authentication and execute unauthorized code or commands on the management server, with active exploitation observed in the wild.
Read more about Emerging Threat: (CVE-2026-35616) Fortinet FortiClient EMS Improper Access ControlAn authentication bypass in the Cisco Integrated Management Controller allows an unauthenticated remote attacker to reset any user’s password via a single crafted HTTP request, granting full administrative control over the server hardware below the operating system layer.
Read more about Emerging Threat: (CVE-2026-20093) Cisco IMC Authentication BypassA critical arbitrary file write vulnerability in Grafana’s SQL expressions feature can be chained with a Grafana Enterprise plugin to achieve full remote code execution on the underlying host.
Read more about Emerging Threat: (CVE-2026-27876) Grafana Remote Code Execution via SQL ExpressionsTwo malicious axios releases published to npm delivered a RAT dropper that executes silently at install time. Source code, cloud credentials, SSH keys, and pipeline secrets on affected systems should be considered exposed.
Read more about Emerging Threat: Axios npm Supply Chain Attack Drops Remote Access Trojan (RAT)A critical unauthenticated remote code execution vulnerability in F5’s BIG-IP Access Policy Manager allows attackers to execute arbitrary code on internet-facing appliances without any credentials or user interaction. Organizations running affected BIG-IP APM versions that have not yet patched, should treat their systems as potentially compromised.
Read more about Emerging Threat: F5 BIG-IP Access Policy Manager Remote Code Execution (CVE-2025-53521)Citrix has patched two vulnerabilities in NetScaler ADC and NetScaler Gateway — a critical memory overread (CVE-2026-3055) that lets unauthenticated attackers leak session tokens from SAML IDP-configured appliances, and a high-severity race condition (CVE-2026-4368) that can expose one user’s authenticated session to another. Given the rapid exploitation history of prior NetScaler memory-read flaws, organizations running affected on-premises builds should prioritize patching immediately
Read more about Citrix NetScaler ADC and Gateway Vulnerabilities (CVE-2026-3055 & CVE-2026-4368)