Microsoft Exchange Zero-Day Under Active Exploitation

Microsoft Exchange Server is currently under active exploitation due to a high-severity cross-site scripting vulnerability, CVE-2026-42897. As BleepingComputer reported, this flaw allows unauthorized attackers to perform spoofing over a network by leveraging crafted emails. Given its inclusion in the CISA Known Exploited Vulnerabilities (KEV) catalog, as noted by CISA Alerts, organizations running on-premises Exchange instances must prioritize mitigation. The vulnerability highlights the persistent risk posed to enterprise mail infrastructure, with SecurityWeek emphasizing the urgency of addressing this zero-day to prevent further network compromise.

A critical hard-coded cryptographic key vulnerability, CVE-2026-22586, affects multiple modules within Salesforce Marketing Cloud Engagement, including CloudPages and the Profile Center. This flaw permits unauthorized Web Services Protocol Manipulation, potentially exposing sensitive data or allowing attackers to interfere with marketing workflows. As highlighted by The Hacker News, this is a significant security oversight for organizations relying on Salesforce for customer engagement. Security teams should review their Salesforce configurations and monitor for any anomalous activity originating from these modules.

A wave of critical remote code execution (RCE) vulnerabilities is impacting various development and automation tools, necessitating immediate patching. This includes CVE-2026-31231 in Cognee, CVE-2026-31220 in PySyft, and CVE-2026-44717 in the MCP Calculate Server, all of which stem from the unsafe execution of user-supplied code via functions like exec() or eval(). Additionally, CVE-2026-45035 in the Tabby terminal emulator allows command execution via the tabby:// URL scheme. These flaws demonstrate a dangerous trend of insufficient sandboxing in modern application frameworks, providing attackers with straightforward paths to system-level access if left unpatched.

Web application security remains under pressure from several critical vulnerabilities in content management and server administration tools. phpMyFAQ is affected by both an unauthenticated SQL injection, CVE-2026-46364, and an authentication bypass flaw, CVE-2026-45010, which together could allow full database compromise. Similarly, the mdserver-web Linux panel is vulnerable to unauthenticated remote command execution, CVE-2026-41315, due to missing access controls on administrative interfaces. Furthermore, the WP Super Edit plugin for WordPress, CVE-2021-47965, remains a risk due to unrestricted file uploads, while Gotenberg, CVE-2026-42596, suffers from bypassable filter mechanisms that could lead to unauthorized file operations.

Memory safety and low-level system vulnerabilities continue to pose severe risks to infrastructure components. The Linux kernel is impacted by CVE-2026-43341, a flaw in the ioam6 trace data handling that could lead to memory corruption. Meanwhile, libbabl, CVE-2020-37239, contains a broken double-free detection mechanism that can be exploited to bypass memory safety checks. Finally, a sandbox escape in the Firefox Profile Backup component, CVE-2026-8401, underscores the importance of maintaining browser and component security, as these types of vulnerabilities are frequently leveraged to break out of restricted execution environments.