Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CVE-2026-20182 is an authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Cisco Catalyst SD-WAN Manager (formerly vManage). The flaw sits in the peering authentication path of the vdaemon service running over DTLS on UDP port 12346, the same control-plane service involved in CVE-2026-20127 earlier in 2026. It is not a patch bypass of that earlier issue, but a separate weakness in the device-type handling of the control connection handshake.

CVE-2026-42945, nicknamed "NGINX Rift", is a heap buffer overflow in the ngx_http_rewrite_module component of NGINX. It has sat in the project's source code since 2008. F5 disclosed the flaw on May 13, 2026, after responsible disclosure by researchers at depthfirst, who reported finding it through an autonomous code scanning system.

CVE-2026-45185, nicknamed Dead.Letter, is a use-after-free vulnerability in the BDAT message body parsing path of Exim, the open-source Mail Transfer Agent that runs a large share of the internet's email servers. The flaw lives in the GnuTLS-backed TLS path, where Exim can free its internal transfer buffer during a TLS shutdown while the SMTP state machine still holds a reference to it.

May the 4th be with you. In celebration of Star Wars Day, here's what a galaxy far, far away can teach us about security. The films work surprisingly well as a case study, and not in the obvious way. It's not the lasers, androids or the lightsabers. It's that the Empire and the First Order both fall into the same trap most security programs walk into every day. In this post, we'll walk through what the films get right about modern security challenges, how AI is making them worse, and what to do about it.

CVE-2026-41940 is a pre-authentication remote authentication bypass in cPanel and WHM caused by a CRLF (Carriage Return Line Feed) injection in the login and session handling logic. An unauthenticated remote attacker can inject raw \r\n characters into a malicious basic authorization header, which cpsrvd then writes into a session file without sanitization.