May 26, 2026 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

LiteSpeed CPanel Plugin added to CISA KEV — confirmed in-the-wild exploitation.
Apache Http Server: public exploit or PoC linked (RCE)
WordPress plugin RCE/exploit activity: 2 CVEs flagged today.
10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2026-48172 LiteSpeed cPanel Plugin Privilege Escalation

Actively exploited (CISA KEV)
Listed on CISA KEV
Shared hosting environments affected

LiteSpeed CPanel Plugin Privilege Escalation is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Active exploit activity

CVE-2026-23918 Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol.

Public exploit or PoC available
Exploit activity linked
Remote code execution exposure

Apache Http Server RCE now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2026-44450 Lumiverse is a full-featured AI chat application.

CVSS 9.9
Remote code execution exposure

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2026-48172 KEV

LiteSpeed cPanel Plugin Privilege Escalation

View KEV additions

Exploit & PoC activity

CVE-2026-42607 Exploit

Grav is a file-based Web platform.

CVE-2026-23918 Exploit

Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol.

CVE-2026-7567 Exploit

The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.0.0.

CVE-2026-41940 Exploit

WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2026-3660 CVSS 9.8

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property fil...

CVE-2026-44444 CVSS 9.1

Lumiverse is a full-featured AI chat application.

CVE-2026-44449 CVSS 9.1

Lumiverse is a full-featured AI chat application.

CVE-2026-44450 CVSS 9.9

Lumiverse is a full-featured AI chat application.

CVE-2026-44451 CVSS 9.3

Lumiverse is a full-featured AI chat application.

CVE-2026-44895 CVSS 9.2

GitLab MCP Server lets an AI agent talk directly to GitLab.

CVE-2026-48689 CVSS 9.8

FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class (src/dy...

CVE-2026-9170 CVSS 9.8

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service and a potential remote code execution due to improper input validation.

CVE-2026-9312 CVSS 9.2

A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to...

CVE-2026-9560 CVSS 9.4

Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary command...

View critical disclosures

cvelogic Threat Intelligence