24h | 7d | 30d

CVE-2026-22769

Overview

  • Dell
  • RecoverPoint for Virtual Machines
17 Feb 2026
Published
18 Feb 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.07%
KEV

Description

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.

Statistics

  • 20 Posts
  • 4 Interactions
Last activity: Last hour

Fediverse

Profile picture fallback
The Financial Standard @thefinancialstandard

Critical Dell RecoverPoint Exploit Exposed Since 2024

A zero-day Dell RecoverPoint exploit, CVE-2026-22769, has been actively exploited since mid-2024. Patch immediately to avoid data breaches.

Read more: thefinancialstandard.com/dell-

#finance #cybersecurity #fintech #news

  • 1
  • 0
  • 0
  • 1h ago
Profile picture fallback
Offensive Sequence @offseq

CRITICAL: CVE-2026-22769 in Dell RecoverPoint for VMs (≤5.3 SP4 P1) lets unauthenticated attackers gain root via hardcoded creds. Patch or mitigate ASAP! 🛡️ radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 14h ago
Profile picture fallback
Jeff Hall - PCIGuru :verified: @jbhall56

The activity involves the exploitation of CVE-2026-22769 (CVSS score: 10.0), a case of hard-coded credentials affecting versions prior to 6.0.3.1 HF1. Other products, including RecoverPoint Classic, are not vulnerable to the flaw. thehackernews.com/2026/02/dell

  • 0
  • 0
  • 1
  • 7h ago
Profile picture fallback
Rishi @rxerium

🚨 Mandiant have identified zero-day exploitation of a high-risk vulnerability in Dell RecoverPoint for Virtual Machines, tracked as CVE-2026-22769.

RecoverPoint can be detected using this Nuclei template:
github.com/projectdiscovery/nu

Very limited exposure to the internet.

Dell recommends upgrading to version 6.0.3.1 HF1 or later. Mitigations are also available.

Mandiant report:
cloud.google.com/blog/topics/t

  • 0
  • 0
  • 0
  • 7h ago
Profile picture fallback
ekiledjian @edwardk

A suspected China-linked cyberespionage group, UNC6201, has been exploiting a Dell zero-day vulnerability (CVE-2026-22769) in RecoverPoint for Virtual Machines since mid-2024, deploying backdoors like BRICKSTORM and GRIMBOLT and a webshell called SLAYSTYLE. The attackers leveraged default credentials to gain access and deployed stealthy tactics, including novel methods to pivot into VMware virtual infrastructure.
helpnetsecurity.com/2026/02/18

  • 0
  • 0
  • 0
  • 3h ago

Bluesky

Profile picture fallback
BaseFortify.eu @basefortify.bsky.social
🛡️ Are you affected? BaseFortify maps your installed components to CPEs and links them to CVEs like CVE-2026-22769 — instantly showing severity, exposure, and mitigation steps. See your real risk in minutes: basefortify.eu #VulnerabilityManagement #CyberResilience #BaseFortify #SMBsecurity
  • 1
  • 0
  • 0
  • 9h ago
Profile picture fallback
BaseFortify.eu @basefortify.bsky.social
🔎 Technical details: CVE-2026-22769 A hardcoded admin credential in the Tomcat Manager lets attackers deploy a malicious WAR file, execute commands as root, and maintain persistence. Threat actors reportedly used web shells + custom backdoors. #ZeroDay #ThreatIntel #BlueTeam #SecurityResearch
  • 1
  • 0
  • 0
  • 9h ago
Profile picture fallback
BaseFortify.eu @basefortify.bsky.social
🚨 CVSS 10.0 in Dell RecoverPoint for VMs. CVE-2026-22769 exposes a hardcoded credential that allows unauthenticated remote root access. The flaw has reportedly been exploited since mid-2024. Full breakdown 👇 basefortify.eu/posts/2026/0... #CVE2026 #CyberSecurity #VMware #Dell #Infosec
  • 1
  • 0
  • 0
  • 9h ago
Profile picture fallback
Information Security Briefly @infosecbriefly.bsky.social
A China-linked group exploited CVE-2026-22769 in Dell RecoverPoint for Virtual Machines to deploy persistent backdoors including Brickstorm and Grimbolt.
  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback
piggo @pigondrugs.bsky.social
~Mandiant~ UNC6201 exploits a critical Dell RecoverPoint zero-day (CVSS 10.0) to deploy the new GRIMBOLT backdoor. - IOCs: 149. 248. 11. 71 - #CVE202622769 #GRIMBOLT #ThreatIntel #UNC6201
  • 0
  • 0
  • 0
  • 16h ago
Profile picture fallback
tamosan @tamosan.bsky.social
『CVE-2026-22769』CVSSv3.1で10.0『リモートより同製品のOSに対して、永続的にroot権限によるアクセスが可能になる』:【セキュリティ ニュース】DellのVM環境向け復旧製品にゼロデイ脆弱性 - 悪用報告も(1ページ目 / 全1ページ):Security NEXT https://www.security-next.com/181174
  • 0
  • 0
  • 0
  • 16h ago
Profile picture fallback
CyberVeille @cyberveille-ch.bsky.social
📢 Zero‑day critique sur Dell RecoverPoint for VMs (CVE-2026-22769) exploitée par UNC6201 avec le backdoor GRIMBOLT 📝 S… https://cyberveille.ch/posts/2026-02-18-zero-day-critique-sur-dell-recoverpoint-for-vms-cve-2026-22769-exploitee-par-unc6201-avec-le-backdoor-grimbolt/ #CVE_2026_22769 #Cyberveille
  • 0
  • 0
  • 0
  • 13h ago
Profile picture fallback
Information Security Briefly @infosecbriefly.bsky.social
A China-linked threat actor UNC6201 exploited a hardcoded-credential zero-day (CVE-2026-22769) in Dell RecoverPoint for Virtual Machines for lateral movement and persistence.
  • 0
  • 0
  • 1
  • 13h ago
Profile picture fallback
ohhara @shiojiri.com
中国関連ハッカー、Dell製品のゼロデイを2024年半ばから悪用:CVE-2026-22769 | Codebook|Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/43921/
  • 0
  • 0
  • 0
  • 13h ago
Profile picture fallback
Ninja Owl @ninjaowl.ai
Dell RecoverPoint for VMs Zero-Day CVE-2026-22769 Exploited Since Mid-2024 #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
  • 0
  • 0
  • 0
  • 6h ago
Profile picture fallback
Help Net Security @helpnetsecurity.com
China-linked hackers exploited Dell zero-day since 2024 (CVE-2026-22769) 📖 Read more: www.helpnetsecurity.com/2026/02/18/e... #cybersecurity #cybersecuritynews #0day #cyberespionage #backdoor @mandiant.com
  • 0
  • 0
  • 0
  • 5h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
Dell Zero-Day Under Active Attack: CVE-2026-22769 Puts VM Environments at Risk + Video Introduction: A critical zero-day vulnerability, identified as CVE-2026-22769, is currently being actively exploited in Dell RecoverPoint for Virtual Machines, with reports indicating malicious activity dating…
  • 0
  • 0
  • 0
  • Last hour
Profile picture fallback
piggo @pigondrugs.bsky.social
~Cisa~ CISA adds actively exploited GitLab (CVE-2021-22175) and Dell (CVE-2026-22769) vulnerabilities to its KEV catalog. - IOCs: CVE-2021-22175, CVE-2026-22769 - #CISA #KEV #ThreatIntel
  • 0
  • 0
  • 0
  • Last hour

CVE-2026-2441

Overview

  • Google
  • Chrome
13 Feb 2026
Published
18 Feb 2026
Updated
CVSS
Pending
EPSS
0.63%
KEV

Description

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 13 Posts
  • 4 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Christoph Schmees @PC_Fluesterer

Notfall-Update Google Chrome

Wir haben schon Mitte Februar, da wird es höchste Zeit, dass die erste Zero-Day Hintertür in Chrome entdeckt wird. Im vorigen Jahr hat Google es auf deren acht* (!) gebracht. Die Lücke CVE-2026-2441 wurde entdeckt, weil sie bereits aktiv für Angriffe ausgenutzt wird. Google hat Notfall-Updates für Chrome veröffentlicht. Meldungen gibt es beispielsweise hier oder hier. Ob Chromium und die diversen Ableger auch betroffen sind, ist noch nicht bekannt. Bei Chromium ist es ziemlich wahrscheinlich. Dabei ist mein Chromium unter Linux bereits auf Version 145.0.7632.45, also schon höher als die von Google angegebene

pc-fluesterer.info/wordpress/2

#Empfehlung #Hintergrund #Warnung #Website #0day #chrome #cybercrime #exploits #google #UnplugGoogle #UnplugTrump #hintertür

  • 1
  • 0
  • 0
  • 12h ago
Profile picture fallback
AkhIL @akhil

Яндекс браузер, похоже, уязвим.
Вот PoC: github.com/huseyinstif/CVE-202

  • 0
  • 1
  • 0
  • 3h ago
Profile picture fallback
Claudio C @cktodon

#Google corrige un zero-day de #Chrome (CVE-2026-2441) ya explotado en #ataques

unaaldia.hispasec.com/2026/02/

  • 0
  • 0
  • 0
  • 6h ago
Profile picture fallback
Deskmodder @Deskmodder

Microsoft Edge 145.0.3800.58 korrigiert CVE-2026-2441 und CVE-2026-0102 und weitere Änderungen

deskmodder.de/blog/2026/02/18/

  • 1
  • 0
  • 1
  • 12h ago

Bluesky

Profile picture fallback
Hacker News Top Stories @hackernewsbot.bsky.social
Zero-day CSS: CVE-2026-2441 exists in the wild | Discussion
  • 0
  • 1
  • 1
  • 2h ago
Profile picture fallback
🇺🇦 Новини @uazmi.news
Google терміново оновлює Chrome для 3 млрд користувачів — знайдено нову вразливість. #новини #uazmi #технології #сша Google випустила термінове оновлення для Chrome через вразливість нульового дня CVE-2026-2441, яку вже використовують хакери. Про це пише американський Forbe...
  • 0
  • 0
  • 0
  • 21h ago
Profile picture fallback
HackerNewsTop5 @hackernewstop5.bsky.social
Zero-day CSS: CVE-2026-2441 exists in the wild #HackerNews https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html
  • 0
  • 0
  • 2
  • 4h ago
Profile picture fallback
HN Link Bot @hnews.southla.social
📰 Zero-day CSS: CVE-2026-2441 exists in the wild 💬 Exec: Chromium CSS use-after-free—yikes. Sentiment: negative/concerned; vibe: alarmed, curious about bounty/LLM. 😬 https://news.ycombinator.com/item?id=47062748
  • 0
  • 0
  • 0
  • 3h ago
Profile picture fallback
piggo @pigondrugs.bsky.social
~Cisa~ CISA added four actively exploited vulnerabilities affecting Microsoft, Zimbra, TeamT5, and Chromium to its KEV catalog, requiring urgent remediation. - IOCs: CVE-2026-2441, CVE-2024-7694, CVE-2020-7796 - #CISA #KEV #PatchNow #ThreatIntel
  • 0
  • 0
  • 0
  • 16h ago

CVE-2026-2329

Overview

  • Grandstream
  • GXP1610
18 Feb 2026
Published
18 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
Pending
KEV

Description

An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630.

Statistics

  • 6 Posts
  • 8 Interactions
Last activity: Last hour

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚨 CVE-2026-2329: CRITICAL stack buffer overflow in Grandstream GXP1610 series (all models) via /cgi-bin/api.values.get. Unauth RCE possible — restrict HTTP API access, segment devices, and monitor traffic. Patch ASAP when available. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 5h ago
Profile picture fallback
ekiledjian @edwardk

A critical security flaw (CVE-2026-2329) has been discovered in Grandstream GXP1600 series VoIP phones, enabling unauthenticated remote code execution with root privileges. This vulnerability, present in the device's web-based API, affects multiple models and has been addressed in a firmware update (version 1.0.7.81).
thehackernews.com/2026/02/gran

  • 0
  • 0
  • 0
  • 3h ago
Profile picture fallback
HackerWorkspace @hackerworkspace

CVE-2026-2329: Critical Unauthenticated Stack Buffer Overflow in Grandstream GXP1600 VoIP Phones (FIXED)

rapid7.com/blog/post/ve-cve-20

  • 0
  • 0
  • 0
  • Last hour

Bluesky

Profile picture fallback
Stephen Fewer @stephenfewer.bsky.social
We have disclosed CVE-2026-2329, a critical unauth stack-based buffer overflow vuln affecting the Grandstream GXP1600 series of VoIP phones. Read our disclosure on the @rapid7.com blog, including technical details for unauth RCE, and accompanying @metasploit-r7.bsky.social modules: r-7.co/4tIzope
  • 4
  • 2
  • 0
  • 6h ago
Profile picture fallback
Rapid7 @rapid7.com
🚨 In conducting 0 day research against #Grandstream GXP1600 VoIP phones, Rapid7 Labs discovered CVE-2026-2329. The unauthenticated stack-based buffer overflow vulnerability ultimately allows an attacker to intercept phone calls and eavesdrop on audio. Read on: r-7.co/4tIzope
  • 1
  • 1
  • 0
  • 6h ago
Profile picture fallback
Information Security Briefly @infosecbriefly.bsky.social
Unauthenticated stack-based buffer overflow (CVE-2026-2329) in Grandstream GXP1600 VoIP phones' /cgi-bin/api.values.get allows remote root code execution via malicious request parameter.
  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-1281

Overview

  • Ivanti
  • Endpoint Manager Mobile
29 Jan 2026
Published
30 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
39.20%
KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 6 Posts
  • 2 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture fallback
pentest-tools.com @pentesttools

🚨 Active exploitation confirmed for a new unauthenticated RCE in Ivanti - CVE-2026-1281

With a CVSS of 9.8 and part of CISA KEV, attackers need *zero* credentials to use this CVE and exploit legacy bash scripts and gain root access.

So we updated Pentest-Tools.com to help you confirm the risk:

📡 Network Scanner - detects exposed Ivanti EPMM instances on your perimeter.

🎯 Sniper Auto-Exploiter - safely demonstrates the RCE to prove the risk is real (and urgent).

Find more info for your rapid response flows here: pentest-tools.com/vulnerabilit

  • 0
  • 0
  • 0
  • 8h ago
Profile picture fallback
Darses @darses

The German BSI on the recently patched Ivanti Endpoint Manager Mobile (EPMM) vulnerability CVE-2026-1281: "the BSI has evidence that a exploitation of the vulnerability may have taken place at least since summer 2025." (Translated)

Kudo's to them for making this public.

#cybersecurity #vulnerability #CVE-2026-1281

  • 0
  • 0
  • 0
  • 2h ago
Profile picture fallback
minternational @minternational

Was mussten meine müden Ohren heute bei der neuen #Podcastfolge von #heise #Security #passwort da hören?

Un-f*cking-believable!

labs.watchtowr.com/someone-kno

  • 1
  • 1
  • 0
  • 13h ago

Bluesky

Profile picture fallback
Cyber Threat Feeds @montxt.bsky.social
Critical Vulnerabilities in Ivanti EPMM Exploited https://unit42.paloaltonetworks.com/ivanti-cve-2026-1281-cve-2026-1340/
  • 0
  • 0
  • 1
  • 21h ago
Profile picture fallback
OpsMatters @opsmatters.com
The latest update for #Indusface includes "CVE-2026-1357: #WordPress Plugin RCE Exposes Sites to Full Takeover" and "CVE-2026-1281 & CVE-2026-1340: Actively Exploited Pre-Authentication RCE in Ivanti EPMM". #cybersecurity #infosec https://opsmtrs.com/3ySs2VF
  • 0
  • 0
  • 0
  • 16h ago

CVE-2026-1426

Overview

  • berocket
  • Advanced AJAX Product Filters
18 Feb 2026
Published
18 Feb 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
Pending
KEV

Description

The Advanced AJAX Product Filters plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.9.6 via deserialization of untrusted input in the shortcode_check function within the Live Composer compatibility layer. This makes it possible for authenticated attackers, with Author-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. Note: This vulnerability requires the Live Composer plugin to also be installed and active.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🔒 CVE-2026-1426: HIGH severity PHP Object Injection in berocket Advanced AJAX Product Filters (WordPress, <=3.1.9.6). Requires Author access + Live Composer, and a gadget chain in another plugin/theme. Update or audit now! radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 2h ago

Bluesky

Profile picture fallback
CyberHub @cyberhub.blog
CVE Alert: CVE-2026-1426 - CVSS 8.8/10 The Advanced AJAX Product Filters plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.9.6 via deserialization of untrusted input in the shortc... https://www.cyberhub.blog/cves/CVE-2026-1426
  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-1670

Overview

  • Honeywell
  • I-HIB2PI-UL 2MP IP
17 Feb 2026
Published
17 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.04%
KEV

Description

The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.

Statistics

  • 2 Posts
Last activity: 10 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

⚠️ CRITICAL: Honeywell I-HIB2PI-UL 2MP IP (6.1.22.1216) has CVE-2026-1670 (CWE-306) — missing auth on API enables remote attackers to change recovery emails and take over accounts. Patch or segment now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 20h ago

Bluesky

Profile picture fallback
Red Hot Cyber @redhotcyber.bsky.social
Bug critico nelle telecamere Honeywell: rischio compromissione totale. Il CISA Avverte 📌 Link all'articolo : www.redhotcyber.com/post/bug... #redhotcyber #news #cybersecurity #hacking #vulnerabilita #cve20261670 #sicurezzainformatica #telecamere #cctv #honeywell
  • 0
  • 0
  • 0
  • 10h ago

CVE-2026-25903

Overview

  • Apache Software Foundation
  • Apache NiFi
  • org.apache.nifi:nifi-web-api
17 Feb 2026
Published
17 Feb 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.01%
KEV

Description

Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required to add the annotated component to the flow configuration, but framework authorization did not check restricted status when updating a component previously added. The missing authorization requires a more privileged user to add a restricted component to the flow configuration, but permits a less privileged user to make property configuration changes. Apache NiFi installations that do not implement different levels of authorization for Restricted components are not subject to this vulnerability because the framework enforces write permissions as the security boundary. Upgrading to Apache NiFi 2.8.0 is the recommended mitigation.

Statistics

  • 2 Posts
Last activity: 19 hours ago

Fediverse

Profile picture fallback
eSecurity Planet @esecurityplanet

CVE-2026-25903 Impacts Apache NiFi Users esecurityplanet.com/threats/cv

  • 0
  • 0
  • 0
  • 23h ago

Bluesky

Profile picture fallback
キタきつね @kitafox.bsky.social
Apache NiFiの脆弱性(CVE-2026-25903)により、ユーザーは制限を回避できる Apache NiFi Flaw (CVE-2026-25903) Lets Users Bypass Restrictions #DailyCyberSecurity (Feb 17) securityonline.info/apache-nifi-...
  • 0
  • 0
  • 0
  • 19h ago

CVE-2026-26119

Overview

  • Microsoft
  • Windows Admin Center
17 Feb 2026
Published
18 Feb 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.08%
KEV

Description

Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

Statistics

  • 2 Posts
Last activity: 6 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚨 CVE-2026-26119 (HIGH, CVSS 8.8): Microsoft Windows Admin Center 1809.0 vulnerable to improper authentication, enabling privilege escalation. No patch or active exploitation yet. Restrict access & monitor closely! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 16h ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
CVE-2026-26119: The Windows Admin Center Flaw That Hands Attackers the Keys to Your Domain + Video Introduction: A newly disclosed critical vulnerability in Microsoft's Windows Admin Center (WAC) poses a severe threat to enterprise networks, potentially allowing a standard, low-privileged user to…
  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-1340

Overview

  • Ivanti
  • Endpoint Manager Mobile
29 Jan 2026
Published
30 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
29.29%
KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 4 Posts
  • 2 Interactions
Last activity: 13 hours ago

Fediverse

Profile picture fallback
minternational @minternational

Was mussten meine müden Ohren heute bei der neuen #Podcastfolge von #heise #Security #passwort da hören?

Un-f*cking-believable!

labs.watchtowr.com/someone-kno

  • 1
  • 1
  • 0
  • 13h ago

Bluesky

Profile picture fallback
Cyber Threat Feeds @montxt.bsky.social
Critical Vulnerabilities in Ivanti EPMM Exploited https://unit42.paloaltonetworks.com/ivanti-cve-2026-1281-cve-2026-1340/
  • 0
  • 0
  • 1
  • 21h ago
Profile picture fallback
OpsMatters @opsmatters.com
The latest update for #Indusface includes "CVE-2026-1357: #WordPress Plugin RCE Exposes Sites to Full Takeover" and "CVE-2026-1281 & CVE-2026-1340: Actively Exploited Pre-Authentication RCE in Ivanti EPMM". #cybersecurity #infosec https://opsmtrs.com/3ySs2VF
  • 0
  • 0
  • 0
  • 16h ago

CVE-2026-1357

Overview

  • wpvividplugins
  • Migration, Backup, Staging – WPvivid Backup & Migration
11 Feb 2026
Published
11 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.60%
KEV

Description

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path sanitization when writing uploaded files. When the plugin fails to decrypt a session key using openssl_private_decrypt(), it does not terminate execution and instead passes the boolean false value to the phpseclib library's AES cipher initialization. The library treats this false value as a string of null bytes, allowing an attacker to encrypt a malicious payload using a predictable null-byte key. Additionally, the plugin accepts filenames from the decrypted payload without sanitization, enabling directory traversal to escape the protected backup directory. This makes it possible for unauthenticated attackers to upload arbitrary PHP files to publicly accessible directories and achieve Remote Code Execution via the wpvivid_action=send_to_site parameter.

Statistics

  • 2 Posts
Last activity: 16 hours ago

Bluesky

Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
WordPressの人気 バックアップ プラグインWPvivid Backup & Migrationに重大な脆弱性(CVE-2026-1357) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback
OpsMatters @opsmatters.com
The latest update for #Indusface includes "CVE-2026-1357: #WordPress Plugin RCE Exposes Sites to Full Takeover" and "CVE-2026-1281 & CVE-2026-1340: Actively Exploited Pre-Authentication RCE in Ivanti EPMM". #cybersecurity #infosec https://opsmtrs.com/3ySs2VF
  • 0
  • 0
  • 0
  • 16h ago
Showing 1 to 10 of 52 CVEs