Critical Authorization Flaws Hit LiteLLM Proxy

LiteLLM, a popular proxy server for LLM APIs, is currently under scrutiny due to CVE-2026-35029, a critical authorization bypass vulnerability. The flaw exists in the /config/update endpoint, which fails to enforce admin role requirements, allowing any authenticated user to modify sensitive configuration settings. Security researchers have highlighted the urgency of this issue, noting that similar vulnerabilities in the platform have already seen rapid exploitation in the wild. Organizations utilizing LiteLLM as an AI gateway should prioritize upgrading to version 1.83.0 or later to mitigate the risk of unauthorized configuration changes.

Multiple critical vulnerabilities have been identified in legacy and edge networking equipment, specifically affecting Tenda and D-Link devices. Tenda routers including models FH303, A300, W3002R, A302, W309R, and W308R (CVE-2018-25316, CVE-2018-25317, CVE-2018-25318) suffer from session management weaknesses that allow unauthenticated attackers to modify DNS settings via simple GET requests. Similarly, the D-Link DI-8100 (CVE-2026-7248) is vulnerable to a buffer overflow in its CGI endpoint, which could lead to remote code execution. These devices often lack modern security controls, making them prime targets for botnet recruitment and persistent network-level access.

The Apache MINA project has issued a warning regarding an incomplete fix for a deserialization vulnerability, tracked as CVE-2026-41409. The original patch for a related issue failed to properly enforce the classname allowlist before static initializers were executed, leaving a window for potential exploitation. This flaw highlights the persistent danger of insecure deserialization in Java-based frameworks. Developers relying on Apache MINA should ensure they are applying the latest security updates and, where possible, implementing strict input validation to prevent the instantiation of unauthorized classes.

Several critical vulnerabilities affecting enterprise and management software have been disclosed, including issues in Zhiyuan OA, Cockpit, and Juju. The Zhiyuan OA platform (CVE-2025-34040) is susceptible to arbitrary file uploads, while Cockpit (CVE-2026-38992) allows for arbitrary code execution through improper parameter handling in its MongoLite integration. Additionally, Canonical Juju (CVE-2026-5412) contains an authorization flaw that allows authenticated users to extract sensitive cloud credentials from the Controller facade. These vulnerabilities represent significant risks for lateral movement and full system compromise within managed environments, necessitating immediate patching or restricted access to administrative interfaces.

A series of legacy vulnerabilities in Thermofisher dataTaker devices and FasterXML jackson-databind continue to pose risks to industrial and application-level environments. The dataTaker DT80 and DT8x series (CVE-2017-11165, CVE-2017-11349) are vulnerable to credential theft and unauthorized program composition, respectively. Meanwhile, the FasterXML jackson-databind library remains a recurring source of concern due to ongoing issues with serialization gadgets and typing interactions (CVE-2020-11113, CVE-2020-35728). These vulnerabilities underscore the importance of maintaining an accurate software bill of materials (SBOM) to identify and remediate outdated components that may be embedded deep within complex software stacks.