What you need to know today.
Linux kernel, Cisco ISE, and NGINX vulnerabilities disclosed; critical 7-Zip RCE risk highlighted.

The Linux kernel has resolved two vulnerabilities related to sysfs store operations. CVE-2025-21817 addresses marking GFP_NOIO around sysfs ->store() callbacks when the queue is frozen, preventing potential deadlocks. CVE-2025-21807 fixes an issue with the queue freeze and limits lock order in sysfs store methods, ensuring proper handling during attribute operations. Both vulnerabilities were resolved in the Linux kernel and do not appear to have been actively exploited.
Cisco Identity Services Engine (ISE) guest portals are affected by multiple cross-site scripting (XSS) vulnerabilities. CVE-2025-20205 and CVE-2025-20204 allow authenticated, remote attackers to inject malicious scripts into the web-based management interface, potentially leading to session hijacking or other malicious actions against users interacting with the portal.
Several vulnerabilities have been disclosed in NGINX products. CVE-2026-60005 in NGINX Plus and Open Source, specifically within the ngx_http_slice_module, could allow unauthenticated attackers to send requests that trigger issues when the slice directive is configured with unnamed regex captures or during background cache updates. Additionally, CVE-2026-56434 in the ngx_http_ssi_module may be exploitable when Server-Side Includes (SSI), proxy_pass, and proxy_buffering off directives are configured, potentially leading to security bypasses. As Cyber Security News reported, F5 has released patches for these NGINX vulnerabilities.
A vulnerability in GD::SecurityImage for Perl, CVE-2026-13082, allows for predictable CAPTCHA challenges due to the use of Perl's built-in rand function for generating secrets. This could enable attackers to bypass CAPTCHA protections.
RabbitMQ, a messaging broker, has two vulnerabilities disclosed. CVE-2026-57211 affects the management plugin's static file handler, which may pass URL-encoded backslashes to erl_prim_loader:read_file_info before path validation, potentially leading to path traversal. CVE-2026-57218 allows existing consumers to continue receiving messages even after an OAuth token expiry or connection secret refresh with reduced scopes, due to a flaw in the AMQP 0-9-1 protocol handling. Patches are available for versions 4.1.11 and 4.2.6 on Windows for the first vulnerability, and prior to 4.2.6 for the second.
A critical vulnerability in 7-Zip, CVE-2026-14266, could expose millions of users to remote code execution risks. While details are scarce, Cyber Security News has highlighted the potential severity of this flaw.
Other vulnerabilities include an HTTP/2 state amplification issue in h2o (CVE-2026-54340), a header stripping flaw in Excon's RedirectFollower middleware (CVE-2026-54171), a non-constant-time string comparison in Mojo::JWT (CVE-2026-9537), and several other low-risk vulnerabilities across various software.