Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Continuous AI Pentesting: What We're Building, and What It's Already Finding

Over the past months, I’ve noticed a shift in customer conversations. Coverage, prioritization, emerging threats — those questions have given way to exposed MCP servers, unmanaged AI chatbots, and risks that don’t show up as CVEs. Mythos comes up in every other call. The calculus changed. AI now writes a quarter of production code, with twice as many vulnerabilities. The exploitation window collapsed from days to hours.

Emerging Threat: (CVE-2026-27577) n8n Remote Code Execution via Workflow Expressions

CVE-2026-27577 is a code injection flaw in n8n, an open-source workflow automation platform, that lets an authenticated user with permission to create or modify workflows run system commands on the host through crafted workflow expressions. The vulnerability carries a CVSS base score of 9.4 (Critical). Exploitation requires authentication, but only the level of access needed to build or edit a workflow, which is a routine privilege for many users of the platform.

Emerging Threat: (CVE-2026-53721) Nuxt Route-Rule Middleware Bypass via Case-Sensitivity Mismatch

CVE-2026-53721 is a route-rule middleware bypass in Nuxt, the open-source web development framework for Vue.js. It stems from a case-sensitivity mismatch between vue-router and the framework’s routeRules matcher, which lets an attacker reach a protected route by varying the casing of the request path. The vulnerability carries a CVSS v4.0 base score of 8.8 (High). Exploitation is pre-authentication and requires no user interaction.

Emerging Threat: (CVE-2026-49975) Apache HTTP Server Denial of Service via HTTP/2 Memory Exhaustion

CVE-2026-49975 is a memory exhaustion vulnerability in the mod_http2 module of Apache HTTP Server that allows a remote attacker to cause a denial of service through maliciously crafted HTTP/2 requests. It is classified as CWE-789, Memory Allocation with Excessive Size Value, and was publicly disclosed as part of an attack technique nicknamed the “HTTP/2 Bomb.” The vulnerability carries a CVSS v3.1 base score of 7.5 (High).

Emerging Threat: (CVE-2026-0257) PAN-OS GlobalProtect Authentication Bypass via Forged Override Cookies

CVE-2026-0257 is an authentication bypass vulnerability in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS software that lets a remote attacker forge an authentication override cookie and establish an unauthorized VPN connection. The vulnerability carries a CVSS base score of 7.8 (High). It is tracked under CWE-565, reliance on cookies without validation and integrity checking. Exploitation is unauthenticated and requires no user interaction.