May 6, 2026 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Palo Alto Networks PAN-OS added to CISA KEV — confirmed in-the-wild exploitation.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2026-0300 Palo Alto Networks PAN-OS Out-of-bounds Write

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Palo Alto Networks PAN-OS Buffer Overflow is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2026-40281 Gotenberg is a Docker-powered stateless API for PDF files.

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2026-7908 Google Chrome

  • CVSS 9.6

New critical disclosure (CVSS 9.6) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2026-0300 KEV

Palo Alto Networks PAN-OS Out-of-bounds Write

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2026-40076 CVSS 9.4

OpenMRS Core is an open source electronic medical record system platform.

CVE-2026-40281 CVSS 10

Gotenberg is a Docker-powered stateless API for PDF files.

CVE-2026-41930 CVSS 9.2

Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows...

CVE-2026-43575 CVSS 9.2

OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the sandbox noVNC helper route that expose...

CVE-2026-43578 CVSS 9.1

OpenClaw versions 2026.3.31 before 2026.4.10 contain a privilege escalation vulnerability where heartbeat owner downgrade detection misse...

CVE-2026-43581 CVSS 9

OpenClaw before 2026.4.10 contains an improper network binding vulnerability in the sandbox browser CDP relay that exposes Chrome DevTool...

CVE-2026-43585 CVSS 9.2

OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef...

CVE-2026-44109 CVSS 9.2

OpenClaw before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validation that allows unauth...

CVE-2026-7908 CVSS 9.6

Use after free in Fullscreen in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape vi...

CVE-2026-7910 CVSS 9.6

Use after free in Views in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to byp...

View critical disclosures

cvelogic Threat Intelligence