What you need to know today.

pgAdmin 4 ships two critical RCE flaws — one from missing auth, another from AI prompt injection — with no patch yet available. CVE-2026-12046 scores 9.0 and lets an unauthenticated attacker execute arbitrary code because critical API endpoints lack authentication. CVE-2026-12045, also 9.0, exploits a prompt-injection vector in the new AI Assistant feature to achieve remote code execution. Both carry a high risk score of 0.59. A third SQL-injection bug (CVE-2026-12050, CVSS 4.3) in the restore-point endpoint and an HTML-injection issue (CVE-2026-12047, CVSS 4.6) in cloud-deployment exception messages round out the batch, along with an open redirect (CVE-2026-12049, CVSS 3.5) in the MFA flow that could aid phishing. With pgAdmin widely deployed for PostgreSQL management, these unpatched vulnerabilities should be treated as emergency-band until a fix ships.

Tilt HUD exposes four unauthenticated attack surfaces when bound to a non-loopback address, including a critical no-auth state-changing endpoint. CVE-2026-55884 (critical, risk 0.52) allows any network attacker to trigger pre-defined Tiltfile resources because the HUD HTTP server exposes state-changing and sensitive-read endpoints with zero authentication. CVE-2026-55883 (high, risk 0.38) bypasses the WebSocket CSRF protection — the token is served by an unauthenticated endpoint and the upgrader accepts clients that omit the Origin header. CVE-2026-55882 (high, risk 0.38) exposes Go's net/http/pprof handlers under /debug with no access control, letting an attacker read process memory including session and apiserver tokens. Tilt is a popular Kubernetes development tool; teams running it on network-accessible hosts should immediately bind to loopback only.

Three libaom heap-buffer-overflow bugs in the AV1 encoder can lead to RCE via attacker-controlled SVC layer frames. CVE-2026-56208 (CVSS 7.6) triggers a heap buffer overflow in the first-pass stats buffer when LAP mode is enabled. CVE-2026-56209 (CVSS 7.1) enables an arbitrary-address write through an out-of-bounds SVC layer context and cyclic refresh map pointer hijack. CVE-2026-56210 (CVSS 7.1) is a heap-buffer-overflow read via a missing bounds check in ctrl_set_layer_id. CVE-2026-56211 (CVSS 7.1) achieves remote code execution through SVC layer context handling with attacker-controlled frames. All four affect libaom, the reference implementation of the AV1 codec used by major browsers, video platforms, and encoding pipelines. Attackers who can feed crafted media to an encoder — for example through a transcoding service — can exploit these without authentication.

CedarJava, the Java implementation of Cedar policy language, has two high-severity flaws enabling type confusion and policy injection. CVE-2026-55772 (high, risk 0.45) allows type confusion across the Java-Rust FFI boundary under improper input handling, potentially bypassing authorization decisions. CVE-2026-55773 (high, risk 0.38) permits policy injection, letting an attacker inject arbitrary Cedar policies. Cedar is used by AWS Verified Permissions and other fine-grained authorization systems; applications embedding CedarJava for access control decisions should treat these as critical to patch.

AWX automation controller has a second-order SSRF via GitHub webhooks that can exfiltrate a Personal Access Token. CVE-2026-12726 (CVSS 6.3, risk 0.41) exploits an unvalidated statuses_url field in GitHub webhook payloads. An attacker who controls a GitHub repository (or tricks a user into configuring a malicious webhook) can cause the AWX server to make SSRF requests that leak the configured PAT credential. AWX is the open-source upstream of Red Hat Ansible Automation Platform; organizations using GitHub webhook integrations in AWX should audit their webhook sources and apply the patch when available.

Guzzle PHP HTTP client ships two low-severity but architecturally interesting flaws: dot-only cookie domains and TLS-proxy confusion. CVE-2026-55767 lets CookieJar accept cookies with dot-only Domain attributes (e.g., Domain=.), causing SetCookie::matchesDomain() to match every domain — effectively a universal cookie injection. CVE-2026-55568 makes the default cURL handlers accept an https:// proxy URL, meaning a proxy reached over a TLS-encrypted connection, which could bypass expectations in proxy-aware deployments. Guzzle is the most widely used PHP HTTP client, powering Drupal, Laravel, and countless Composer packages; these issues are low risk in typical configurations but worth noting for security-conscious PHP shops.