Reading view
Microsoft confirms patching issues in restricted Windows networks
Multiple vulnerabilities in ELECOM wireless LAN routers and access points (May 2026)
INTERPOL βOperation Ramzβ seizes 53 malware, phishing servers
SHub macOS infostealer variant spoofs Apple security updates
Multiple Vulnerabilities in NGINX Could Allow for Remote Code Execution
Multiple vulnerabilities have been discovered in NGINX, the most severe of which could allow for remote code execution. NGINX is a software used for web serving, reverse proxying, caching, and load balancing. Successful exploitation of the most severe of these vulnerabilities may allow an unauthenticated threat actor to crash vulnerable NGINX worker processes by sending crafted HTTP requests. Additionally, for systems with Address Space Layout Randomization (ASLR) disabled, exploitation may result in remote code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have less rights on the system could be less impacted than those who operate with administrative user rights.
5 Steps to Managing Shadow AI Tools Without Slowing Down Employees
Leaked Shai-Hulud malware fuels new npm infostealer campaign
Grafana says stolen GitHub token let hackers steal codebase
Microsoft testing adjustable taskbar, Start menu in Windows 11
VU#777338: SGLang contains two remote code execution and one path traversal vulnerability
Overview
Three vulnerabilities have been discovered in the SGLang project, two enabling remote code execution (RCE), and one regarding a path traversal vulnerability. In order for an attacker to exploit these vulnerabilities, the multimodal generation mode must be enabled, and an attacker must have network access to the SGLang service. No patch is available at this time, and no response was obtained from the project maintainers during coordination.
Description
SGLang is an open-source framework for serving large language models (LLMs) and multimodal AI models, supporting models such as Qwen, DeepSeek, Mistral, and Skywork, and is compatible with OpenAI APIs. Three vulnerabilities have been discovered within the tool and are tracked as follows:
CVE-2026-7301
The multimodal generation runtime scheduler's ROUTER socket contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the internet.
This vulnerability is distinct from CVE-2026-3060 and CVE-2026-3059, which would be open to the Internet via the ZMQ broker, which automatically binded to all network interfaces without user awareness. CVE-2026-7301 is exposed to the internet by default through the scheduler host, which binds to 0.0.0.0 by default.
CVE-2026-7302
The multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints.
CVE-2026-7304
The multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads() will be deserialized without validation.
Impact
If exploited, these vulnerabilities could allow an unauthenticated attacker to achieve remote code execution or arbitrary file writes on the host running SGLang. Deployments that expose the affected interface to untrusted networks are at the highest risk of exploitation.
Solution
Until a patch is available, affected users should consider the following mitigations:
Mitigation
- Restrict access to the service interfaces and ensure they are not exposed to untrusted networks.
- Implement network segmentation and access controls to prevent unauthorized interaction with the vulnerable endpoints.
Acknowledgements
Thanks to the reporter, Alon Shakevsky. This document was written by Christopher Cullen.
Vendor Information
Other Information
| CVE IDs: | CVE-2026-7302 CVE-2026-7304 CVE-2026-7301 |
| Date Public: | 2026-05-18 |
| Date First Published: | 2026-05-18 |
| Date Last Updated: | 2026-05-18 10:40 UTC |
| Document Revision: | 1 |
Microsoft confirms Windows 11 security update install issues
Exploit available for new DirtyDecrypt Linux root escalation flaw
Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 2026
New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released
APPLE-SA-05-13-2026-1 Safari 26.5
Posted by Apple Product Security via Fulldisclosure on May 17
APPLE-SA-05-13-2026-1 Safari 26.5Safari 26.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127121.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
WebKit
Available for: macOS Sonoma and macOS Sequoia
Impact: Processing maliciously crafted web content may prevent Content...
APPLE-SA-05-11-2026-11 visionOS 26.5
Posted by Apple Product Security via Fulldisclosure on May 17
APPLE-SA-05-11-2026-11 visionOS 26.5visionOS 26.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127120.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
Accelerate
Available for: Apple Vision Pro (all models)
Impact: An app may be able to cause a denial-of-service
Description:...
APPLE-SA-05-11-2026-10 watchOS 26.5
Posted by Apple Product Security via Fulldisclosure on May 17
APPLE-SA-05-11-2026-10 watchOS 26.5watchOS 26.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127119.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
Accelerate
Available for: Apple Watch Series 6 and later
Impact: An app may be able to cause a denial-of-service
Description:...
APPLE-SA-05-11-2026-9 tvOS 26.5
Posted by Apple Product Security via Fulldisclosure on May 17
APPLE-SA-05-11-2026-9 tvOS 26.5tvOS 26.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127118.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
Accelerate
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to cause a denial-of-service...
APPLE-SA-05-11-2026-8 macOS Sonoma 14.8.7
Posted by Apple Product Security via Fulldisclosure on May 17
APPLE-SA-05-11-2026-8 macOS Sonoma 14.8.7macOS Sonoma 14.8.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127117.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
APFS
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination
Description: A...