What you need to know today.

BerriAI litellm ships with five critical authorization and authentication flaws that collectively expose enterprise AI proxy deployments to privilege escalation, API key theft, and MCP server takeover. CVE-2026-12774 through CVE-2026-12770 span versions up to 1.82.2 and affect the MCP server REST endpoints, the MCP proxy authentication layer, the PROXY_ADMIN database API key generator, the M2M JWT handler, and the admin key management endpoints. An attacker who reaches the litellm proxy can bypass user authentication (CVE-2026-12772), forge M2M JWT tokens (CVE-2026-12771), escalate privileges via the admin key handler (CVE-2026-12770), and exploit the MCP client execution path (CVE-2026-12774) or the MCP proxy auth (CVE-2026-12773) to achieve unauthorized code execution. Organizations running litellm as an AI gateway should treat these as emergency-patch items given the proxy's role as a central credential and model-access hub.

AVideo platform hit by four vulnerabilities spanning authentication bypass, SSRF, and stored XSS across versions up to 29.0. CVE-2026-56346 allows unauthenticated attackers to decrypt arbitrary PGP messages via the decryptMessage.json.php endpoint by submitting private keys and ciphertext directly. CVE-2026-56345 lets an attacker with knowledge of a target user's ID upload recorded video content under that user's identity through the Meet plugin's uploadRecordedVideo.json.php endpoint, which derives the users_id from the uploaded filename without server-side verification. CVE-2026-56342 gives authenticated administrators a server-side request forgery vector through the Live plugin's test.php endpoint, where the statsURL parameter lacks isSSRFSafeURL() validation, enabling internal network reconnaissance. CVE-2026-56347 is a stored cross-site scripting issue in the TopMenu plugin where icon classes, URLs, and text labels are rendered without output encoding. AVideo instances exposed to the internet should apply the latest patches immediately, particularly for the unauthenticated PGP decryption and SSRF flaws.

A cluster of Windows kernel driver vulnerabilities in partition managers and backup tools puts millions of desktop and server systems at risk of privilege escalation. CVE-2026-12784 affects IM-Magic Partition Resizer up to 7.9.0 via the MDA_NTDRV.sys driver. CVE-2026-12782 and CVE-2026-12781 target EaseUS Partition Master up to 14.5 through the EUEDKEPM.sys and epmntdrv.sys drivers respectively. CVE-2026-12780, CVE-2026-12779, and CVE-2026-12778 cover AOMEI Backupper up to 8.3.0, AOMEI Dynamic Disk Manager up to 10.10.1, and AOMEI Partition Assistant up to 10.10.1 via the amwrtdrv.sys, ddmdrv.sys, and ampa10.sys drivers. All seven CVEs share the same root cause: improper access controls in kernel drivers that allow low-privileged users to manipulate system memory or hardware resources. Given that these tools often run with SYSTEM-level privileges and are installed on workstations and servers alike, attackers who chain one of these driver flaws with an initial access vector could achieve full kernel compromise.

The Linux kernel KSMBD server gets a critical fix for a session-binding race condition that could allow unauthenticated SMB clients to hijack authenticated sessions. CVE-2026-52911 addresses a flaw where the conn->binding flag remains set after a SESSION_SETUP call completes, meaning subsequent requests from unbound sessions could be processed with the privileges of a previously bound session. The ksmbd kernel module, which implements the SMB3 protocol natively in the Linux kernel, is enabled by default in many enterprise distributions and is exposed on port 445. An attacker on the same network who can initiate SMB connections to a vulnerable server could potentially access files and shares without proper authentication. Administrators should prioritize this patch for any Linux file server or NAS appliance running a kernel with ksmbd enabled.

Montodel House-Rental-Management web application discloses two pre-authentication vulnerabilities that could lead to database compromise and account takeover. CVE-2026-12776 is a SQL injection in the /index.php?page=houses endpoint via the ID parameter, allowing unauthenticated attackers to extract the entire database contents including user credentials and rental records. CVE-2026-12775 is a blind SQL injection in the /login.php Username parameter that enables attackers to enumerate valid usernames and bypass authentication. Both flaws affect versions up to commit 90010017b81265eb1ef3810268909f7719a33863. While this is a niche PHP application, its use in property management means exposed instances likely contain personally identifiable information and financial records.

GNU Savannah's Savane tracker and additional minor disclosures round out the bulletin. CVE-2026-56355 in Savane through 3.17 uses untrusted data as part of authorization decisions, potentially allowing project members to escalate privileges or access restricted functionality. This affects the infrastructure behind the GNU Savannah collaboration platform. Separately, CVE-2026-54604 and CVE-2026-12784 were disclosed without sufficient detail for risk assessment at this time.