What you need to know today.

CISA has added a critical authentication bypass vulnerability in Palo Alto Networks' PAN-OS software to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-0257, the flaw allows unauthenticated attackers to bypass security restrictions and establish unauthorized VPN connections. Multiple security researchers and news outlets, including The Hacker News and BleepingComputer, have reported on the active exploitation of this vulnerability, with some noting it has been exploited for weeks. This elevates the urgency for organizations using Palo Alto Networks firewalls to patch their systems immediately.

Two critical vulnerabilities affecting SAP NetWeaver Application Server ABAP and ABAP Platform have been patched, with reports from BleepingComputer and SecurityWeek highlighting the severity. CVE-2026-44748 allows an authenticated attacker with normal privileges to tamper with signed XML documents, potentially leading to the acceptance of fraudulent data. CVE-2026-27671, a vulnerability in the SAP Kernel, allows an unauthenticated attacker to exploit memory management logical errors via crafted RFC requests, potentially leading to system compromise. SAP has released security notes addressing these critical issues, urging customers to apply the patches promptly.

A critical vulnerability in the LiteLLM AI Gateway, CVE-2026-42271, is being actively exploited in the wild, as warned by CISA and reported by outlets like Help Net Security and The Hacker News. This flaw allows unauthenticated attackers to execute arbitrary commands on affected systems by exploiting two specific endpoints used for testing server connections. The vulnerability affects LiteLLM versions from 1.74.2 up to, but not including, 1.83.7. Organizations using LiteLLM should prioritize updating to a patched version to mitigate the risk of compromise.

Google has released updates for Chrome, addressing a significant number of vulnerabilities, including three critical flaws related to sandbox escapes. CVE-2026-11697, CVE-2026-11671, and CVE-2026-11659, all rated as High severity by Chromium, could allow remote attackers to escape the browser sandbox via crafted HTML pages. These vulnerabilities affect Google Chrome versions prior to 149.0.7827.103. Users are strongly advised to update their Chrome browsers to the latest version to protect against these potential exploits.

Several critical vulnerabilities have been disclosed in the Termix SSH platform, with Vypr Intelligence detailing seven critical and high-severity issues. Among them, CVE-2026-45748 involves an SSH tunnel command injection vulnerability, while CVE-2026-45744 is an OS command injection flaw in the file manager endpoint. Both vulnerabilities affect Termix versions prior to 2.3.2 and could allow attackers to execute arbitrary commands on the server. Prompt patching or mitigation is recommended for all Termix users.

Fortinet has seen two critical vulnerabilities added to its product line, both related to improper verification of cryptographic signatures. CVE-2025-59718 affects FortiOS versions 7.0.x through 7.6.x and FortiProxy versions 7.6.x, potentially allowing attackers to bypass security controls. CVE-2025-59719 impacts FortiWeb versions 7.4.x through 8.0.0, enabling unauthenticated attackers to bypass FortiCloud SSO authentication. These flaws highlight the importance of keeping Fortinet devices updated to secure network perimeters.