The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. I don’t vouch for any links in this list: follow them with caution.

CVE-2026-45498 NEW

• Severity: 6.1 MEDIUM
• Impacted Products: Microsoft Defender
• Description: Microsoft Defender is affected by a security bypass vulnerability, known as UnDefend, that allows a local standard user to prevent the software from receiving definition updates. This flaw can be leveraged to cause a denial-of-service condition against the security component.
• Remediation:
  • CVE-2026-45498 - Security Update Guide - Microsoft - Microsoft Defender Denial of Service Vulnerability
• More Info: NVD - CVE-2026-45498
• PoC:
  • https://github.com/Nightmare-Eclipse/UnDefend (No longer online - check webarchive for a partial backup)

CVE-2026-41091 NEW

• Severity: 7.8 HIGH
• Impacted Products: Microsoft Defender
• Description: Microsoft Defender is affected by a local privilege escalation vulnerability that allows an attacker to gain SYSTEM privileges by abusing file restoration behaviors. This flaw occurs when the antivirus processes malicious files associated with cloud tags.
• Remediation:
  • CVE-2026-41091 - Security Update Guide - Microsoft - Microsoft Defender Elevation of Privilege Vulnerability
• More Info: NVD - CVE-2026-41091
• PoC:
  • https://github.com/Nightmare-Eclipse/RedSun
  • https://github.com/Nightmare-Eclipse/RedSun/blob/main/RedSun.cpp
  • https://github.com/0xBlackash/CVE-2026-41091

CVE-2026-9082 NEW

• Severity: 6.5 MEDIUM
• Impacted Products: Drupal Core
• Description: Drupal Core is affected by an SQL injection vulnerability when configured with a PostgreSQL database backend. This flaw allows unauthenticated remote attackers to execute arbitrary SQL commands by submitting specially crafted requests to vulnerable components such as JSON:API, Views, or Entity autocomplete.
• Remediation:
  • Drupal core - Highly critical - SQL injection - SA-CORE-2026-004 | Drupal.org
• More Info: NVD - CVE-2026-9082
• PoC:
  • https://github.com/HORKimhab/CVE-2026-9082
  • https://github.com/lysophavin18/cve-2026-9082
  • https://github.com/ywh-jfellus/CVE-2026-9082

CVE-2026-48172 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: LiteSpeed User-End cPanel Plugin before version 2.4.5
• Description: LiteSpeed User-End cPanel Plugin before version 2.4.5 is affected by an incorrect privilege assignment vulnerability that allows authenticated users to escalate their privileges to root. This flaw exists due to the mishandling of Redis management features within the plugin.
• Remediation:
  • Security Update for LiteSpeed cPanel Plugin ⋆ LiteSpeed Blog
• More Info: NVD - CVE-2026-48172
• PoC:
  • https://github.com/fevar54/CVE-2026-48172---LiteSpeed-cPanel-Plugin-Version-Auditor
  • https://github.com/retmakarunia/CVE-2026-48172
  • https://github.com/HORKimhab/CVE-2026-48172

CVE-2026-46333 NEW

• Severity: 7.1 HIGH
• Impacted Products: Linux kernel
• Description: The Linux kernel is affected by an improper privilege management vulnerability in the ptrace subsystem that allows a local, unprivileged user to read sensitive files. This issue occurs due to a logic flaw in how the kernel handles process dumpability during termination.
• Remediation:
  • Important: kernel security update
  • Important: kernel security update
  • Important: kernel security update
• More Info: NVD - CVE-2026-46333
• PoC:
  • https://github.com/0xBlackash/CVE-2026-46333
  • https://github.com/studiogangster/CVE-2026-46333

CVE-2026-34926 NEW

• Severity: 6.7 MEDIUM
• Impacted Products: Trend Micro Apex One (on-premise)
• Description: Trend Micro Apex One (on-premise) contains a relative path traversal vulnerability that allows a local attacker with administrative access to the server to inject malicious code into agent deployments. This flaw requires the attacker to have already obtained administrative credentials to the server’s operating system through separate means.
• Remediation:
  • Apex One and Vision One – Standard Endpoint Protection (SEP) May 2026 Security Bulletin
  • [サポートニュース]アラート/アドバイザリ：TrendAI™ Apex Oneなどで確認された複数の脆弱性について(2026年5月)：TrendAI™ Apex One、Trend Micro Apex One as a Service、TrendAI Vision One™ Endpoint Security - Standard Endpoint Protection
• More Info: NVD - CVE-2026-34926
• PoC:
  • https://github.com/HORKimhab/CVE-2026-34926

CVE-2026-2587 NEW

• Severity: 9.6 CRITICAL
• Impacted Products: Glassfish
• Description: A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and evaluates user-supplied values within a context where Expression Language (EL) “expressions” are processed without proper sanitization or escaping.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2026-2587
• PoC:
  • https://github.com/Bhanunamikaze/CVE-2026-2587-Exploit-POC

CVE-2026-20223 NEW

• Severity: 10.0 CRITICAL
• Impacted Products: Cisco Secure Workload
• Description: Cisco Secure Workload is affected by a vulnerability in its internal REST APIs that allows an unauthenticated, remote attacker to gain Site Admin privileges. This flaw stems from insufficient validation and authentication when accessing specific API endpoints.
• Remediation:
  • Cisco Secure Workload Unauthorized API Access Vulnerability
• More Info: NVD - CVE-2026-20223
• PoC:
  • https://github.com/HORKimhab/CVE-2026-20223

References

This list was scraped from the quite amazing and highly recommended newsletters below:

• ~this week in security~
• Unsupervised Learning
• @RISK
• Hive Five
• Vulnerable U
• tl;dr sec

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.