ChromaDB Critical Flaw Under Active Exploit

CVE-2026-45829, a critical pre-authentication code-injection vulnerability in ChromaDB (versions 1.0.0 and later), carries a CVSS 10.0 rating and allows unauthenticated attackers to execute arbitrary code on AI application servers by sending a malicious model repository with trust_remote_code enabled. As BleepingComputer reported, the flaw was demonstrated at Pwn2Own Berlin 2026, where researchers earned $1.3 million across all targets, and SecurityWeek noted that no patch is currently available — leaving organizations running ChromaDB in exposed configurations at extreme risk of full server takeover. The vulnerability also underscores a broader security gap in vector-embedding infrastructure, as Help Net Security highlighted, where enterprise AI pipelines increasingly rely on components that lack basic authentication and input validation.

CVE-2026-31431, a Linux kernel privilege-escalation vulnerability in the algif_aead crypto subsystem, has been added to CISA's Known Exploited Vulnerabilities catalog following the public release of a proof-of-concept exploit dubbed "DirtyDecrypt." As The Hacker News reported, this flaw is part of the broader Fragnesia saga (CVE-2026-46300) — a Linux kernel XFRM ESP-in-TCP privilege-escalation bug that was itself spawned by an incomplete fix for the earlier Dirty Frag vulnerability. The Tenable Blog notes that the Fragnesia family of bugs allows local attackers to gain root access, and Help Net Security reports that Linux developers have been weighing emergency "killswitch" measures for vulnerable kernel functions as rushed patches follow a broken embargo. With a CVSS of 7.8 and an EPSS of 0.03, the risk score of 0.66 (high) reflects the KEV listing and active exploitation potential.

CVE-2026-4883 and CVE-2026-4885 are critical arbitrary file upload vulnerabilities in two popular WordPress plugins — Piotnet Forms (up to 2.1.40) and Piotnet Addons for Elementor Pro (up to 7.1.70) — both carrying CVSS 9.8 ratings. Both plugins use incomplete file-type validation in their AJAX form builder functions (piotnetforms_ajax_form_builder and pafe_ajax_form_builder respectively), allowing unauthenticated attackers to upload malicious files including web shells. Given the combined install base of these plugins and the ease of exploitation (no authentication required), these represent a significant threat to WordPress site security, enabling complete site takeover, data exfiltration, and use of compromised hosts for further attacks.

CVE-2026-42822 is a critical improper-authentication vulnerability in Microsoft Azure Local Disconnected Operations, carrying a CVSS 10.0 rating. The flaw allows an unauthenticated attacker to elevate privileges over a network, potentially compromising Azure Local deployments that operate in disconnected or partially connected modes. While Microsoft has not yet confirmed active exploitation, the maximum CVSS score and the network-based attack vector without authentication requirements make this an urgent priority for organizations using Azure Stack HCI or Azure Local scenarios. Administrators should immediately review Microsoft's guidance and apply any available mitigations or updates.

CVE-2026-42369 and CVE-2026-4606 target surveillance and video management infrastructure from GeoVision. CVE-2026-42369 is a critical (CVSS 10.0) vulnerability in GV-VMS V20 video monitoring software that can be exploited via the WebCam server remote-access feature, while CVE-2026-4606 is a privilege-escalation flaw in GV Edge Recording Manager (ERM) v2.3.1 that runs components with SYSTEM-level privileges, allowing any local user to gain full OS control. These flaws are particularly concerning given the sensitive nature of surveillance systems and their typical placement on internal networks with access to cameras and recording infrastructure. Organizations using GeoVision products should prioritize patching and restrict remote access to these systems.

CVE-2026-8838 is a critical (CVSS 9.8) vulnerability in the Amazon Redshift Python Driver (versions before 2.1.14) that uses Python's eval() unsafely on server-received data in the vector_in() function. This allows a rogue Redshift server or a man-in-the-middle attacker to execute arbitrary code on the client. The attack vector is particularly insidious because it targets the client side of the connection — any analyst or application querying a compromised or malicious Redshift endpoint could have their machine compromised. Separately, CVE-2026-7301 and CVE-2026-7304 in SGLangs multimodal generation runtime expose unauthenticated RCE via unsafe pickle/dill deserialization, with the scheduler's ROUTER socket binding to 0.0.0.0 by default — a configuration that makes internet-exposed instances trivially exploitable.