VYPR
AI Brief2026-05-20· generated May 20, 2026

ChromaDB Critical Flaw Under Active Exploit

A critical unpatched ChromaDB vulnerability enables full server takeover, while a Linux kernel crypto flaw hits KEV and WordPress plugins fuel active credit-card skimming.

CVE-2026-45829, a critical pre-authentication code-injection vulnerability in ChromaDB (versions 1.0.0 and later), allows an unauthenticated attacker to execute arbitrary code on the server by sending a malicious model repository with trust_remote_code enabled. As BleepingComputer reported, the flaw carries a CVSS 10.0 and was demonstrated at Pwn2Own Berlin 2026, where researchers earned $1.3 million across multiple exploits. SecurityWeek noted that no patch is yet available, and public exploit code is already circulating, putting AI/ML pipelines that rely on ChromaDB for vector storage at immediate risk of full compromise.

CVE-2026-31431, a Linux kernel crypto subsystem flaw in algif_aead, was added to CISA's Known Exploited Vulnerabilities catalog today. The vulnerability, which The Hacker News reports has a public PoC dubbed "DirtyDecrypt," stems from a reverted out-of-place operation change that enables privilege escalation. Help Net Security notes this is the latest in a cascade of Linux kernel bugs following the "Dirty Frag" patch cycle, with Infosecurity Magazine reporting that rushed patches and broken embargoes have left the kernel community scrambling. Federal agencies face a binding operational directive (BOD 22-01) deadline for remediation.

CVE-2026-42822 is a critical (CVSS 10.0) improper-authentication vulnerability in Microsoft Azure Local Disconnected Operations that allows an unauthenticated attacker to elevate privileges over the network. This flaw affects Azure Stack HCI and Azure Local deployments operating in disconnected or partially connected modes, where authentication checks can be bypassed entirely. Microsoft has not yet released a patch, and organizations running Azure Local in air-gapped or intermittently connected scenarios should treat this as an emergency-priority issue given the pre-auth, network-based attack vector.

Two critical WordPress plugin families demand immediate attention. CVE-2026-4883 (Piotnet Forms, CVSS 9.8) and CVE-2026-4885 (Piotnet Addons for Elementor Pro, CVSS 9.8) both allow unauthenticated arbitrary file uploads via incomplete extension validation in their AJAX form builder functions, affecting up to 200,000 sites combined. Separately, CVE-2018-25335 in the Peugeot Music WordPress plugin (version 1.0) is being actively exploited for WooCommerce checkout skimming, as BleepingComputer reported, with attackers uploading malicious files via the upload.php endpoint to inject credit-card stealers into checkout pages.

CVE-2026-8838 in the Amazon Redshift Python Driver (versions before 2.1.14) uses Python's eval() unsafely on server-received data in the vector_in() function, enabling a rogue Redshift server or man-in-the-middle attacker to execute arbitrary code on the client. This is particularly dangerous for enterprise AI/ML pipelines that use vector embeddings, as Help Net Security highlighted in coverage of the broader "VectorSmuggle" class of attacks. Separately, CVE-2026-7304 and CVE-2026-7301 in the SGLangs multimodal generation runtime expose unauthenticated RCE via unsafe deserialization (dill and pickle respectively), with the scheduler's ROUTER socket binding to 0.0.0.0 by default — a configuration that leaves any internet-exposed instance trivially exploitable.

Rounding out the critical-severity landscape: CVE-2026-42369 in GV-VMS V20 (CVSS 10.0) and CVE-2026-4606 in GV Edge Recording Manager v2.3.1 both affect GeoVision surveillance software, with the latter running a Windows service at SYSTEM level that any local user can leverage for full OS compromise. CVE-2026-8721 in Perl's Crypt::OpenSSL::PKCS12 (through v1.94) truncates passwords at embedded NULL bytes, weakening PKCS#12 keystore protection. CVE-2026-2031 in Google Cloud Application Integration exposes internal API endpoints to unauthenticated attackers, enabling information disclosure and arbitrary code execution. CVE-2026-3325 in MegaCMS v12.0.0 allows SQL injection via the id_territorio parameter, and CVE-2026-41553 in DHTMLX Gantt and Scheduler products enables RCE through unsanitized data parameters in the PDF Export Module.

Synthesized by Vypr AI