What you need to know today.

HuggingFace transformers library ships with a critical RCE vulnerability (CVE-2026-4372) affecting all versions prior to 5.3.0. An attacker can craft a malicious config.json file containing a _attn_implementation field that, when loaded by a model, triggers arbitrary code execution. The flaw resides in how the library processes attention implementation configurations during model initialization — no authentication or special privileges are required beyond getting a victim to load a model with the poisoned config. Given HuggingFace's position as the de facto distribution hub for open-source ML models, this represents a supply-chain vector of enormous scale: any model repository, fine-tuned checkpoint, or pipeline that includes a crafted config.json can weaponize the loading process. Users should upgrade to transformers 5.3.0 immediately and treat any model from untrusted sources with extreme suspicion until patched.

A cluster of seven command-injection and buffer-overflow flaws hit Edimax and Totolink SOHO routers, all remotely exploitable with no authentication. On the Edimax BR-6675nD (firmware 1.12), five distinct vulnerabilities were disclosed: a command injection in the WPS setup handler via the pinCode argument (CVE-2026-9379), a buffer overflow in the L2TP setup function via L2TPUserName (CVE-2026-9380), a buffer overflow in the PPTP setup via pptpUserName (CVE-2026-9382), a buffer overflow in the PPPoE setup via pppUserName (CVE-2026-9381), and a stack buffer overflow in the hardware configuration form via multiple arguments including regDomain and nic0Addr (CVE-2026-9378). On the Totolink A8000RU (firmware 7.1cu.643_b20200521), two additional flaws were found: an OS command injection in the traceroute configuration function via the command argument (CVE-2026-9385) and an OS command injection in the language configuration function via the lang argument (CVE-2026-9386). All seven CVEs are remotely exploitable over the web management interface with no authentication required. Neither vendor has released patches as of this writing; users should disable remote management and restrict LAN-side access to administrative interfaces as a compensating control.

Three additional Totolink A8000RU vulnerabilities expand the attack surface further, covering firmware-upgrade and diagnostic functions. CVE-2026-9387 affects the setUpgradeFW function in the web management interface, CVE-2026-9388 targets the setScheduleCfg function, and CVE-2026-9384 involves the setDiagnosisCfg function where the ip argument can be manipulated. Combined with the command-injection flaws above, the Totolink A8000RU now has five unpatched, remotely exploitable CVEs disclosed in this window alone. The Tenda F456 router also picked up a buffer overflow (CVE-2026-9389) in the frmL7ImForm function via the page argument in /goform/L7Im. These devices are widely deployed in small-office and home networks where firmware updates are rarely applied, making them attractive targets for botnet recruitment and VPN pivot attacks.

Several open-source web applications disclosed SQL injection, XSS, and authentication bypass flaws. SourceCodester SUP Online Shopping 1.0 contains a stored XSS vulnerability (CVE-2026-9377) in the /admin/productedit.php endpoint via the productName argument. The itsourcecode Electronic Judging System 1.0 has a SQL injection flaw (CVE-2026-9383) in the login page at /intrams/admin/login.php via the Username parameter, allowing unauthenticated remote attackers to extract database contents. JPress up to version 1.0.3 is vulnerable to a path traversal or injection issue (CVE-2026-9376) in the UCenter article submission endpoint at /ucenter/article/doWriteSave. JeecgBoot 3.9.1 has an improper authentication vulnerability (CVE-2026-9373) in its OpenAPI endpoint at /openapi/call/. The RuoYi-Vue framework up to 3.9.2 contains an unrestricted file upload flaw (CVE-2026-9374) in the common upload endpoint at /common/upload, which could allow an attacker to upload a webshell. While none of these carry EPSS scores yet, the SQL injection and unauthenticated file upload in particular warrant attention for organizations running these frameworks in production.

The ItzCrazyKns Vane AI model proxy up to 1.12.1 ships with two security defects: a missing-authentication flaw (CVE-2026-9371) and a server-side request forgery vulnerability (CVE-2026-9372). The authentication bypass affects the API route in route.ts, while the SSRF is triggered via the baseURL argument in the model provider API at src/app/api/providers/route.ts. Vane is used as a lightweight proxy for routing requests to various LLM providers; an unauthenticated SSRF in such a component could allow an attacker to pivot to internal infrastructure or exfiltrate model API keys. Separately, the jasypt-spring-boot library (up to 3.0.5 and 4.0.4) has a weakness (CVE-2026-9370) in the getSecretKeySaltGenerator function that could affect encrypted property handling in Spring Boot applications using Jasypt for configuration encryption.