CVE-2026-31431
Base Score: 7.8
Description
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
https://nvd.nist.gov/vuln/detail/CVE-2026-31431
Base Score: 7.8
Description
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
https://nvd.nist.gov/vuln/detail/CVE-2026-31431
SysAdmin 24x7
CVE-2026-31431 Base Score: 7.8 Description In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There…
High Vulnerability in the Linux Kernel ("Copy Fail")
Temporary Mitigation
Disable the algif_aead kernel module persistently on all affected systems until a patched kernel is available:
echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf
rmmod algif_aead 2>/dev/null || true
This workaround does not affect dm-crypt/LUKS, kTLS, IPsec/XFRM, OpenSSL, GnuTLS, NSS, or SSH. It may affect applications explicitly configured to use the afalg engine or that bind aead/skcipher/hash sockets directly. Exposure can be assessed with lsof | grep AF_ALG.
Temporary Mitigation
Disable the algif_aead kernel module persistently on all affected systems until a patched kernel is available:
echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf
rmmod algif_aead 2>/dev/null || true
This workaround does not affect dm-crypt/LUKS, kTLS, IPsec/XFRM, OpenSSL, GnuTLS, NSS, or SSH. It may affect applications explicitly configured to use the afalg engine or that bind aead/skcipher/hash sockets directly. Exposure can be assessed with lsof | grep AF_ALG.
Security Advisory: Firmware Update Required — Gen 6, Gen 7, and Gen 8 Firewalls
SonicWall has identified three vulnerabilities (CVEs) affecting Gen 6, Gen 7, and Gen 8 firewall platforms. These vulnerabilities require immediate firmware updates to maintain security posture. One CVE is rated High severity and two are rated medium severity.
Applies To
Gen 8 firewalls — patch available in firmware 8.2.0-8009
Gen 7 firewalls — patch available in firmware 7.3.2-7010
Gen 6 firewalls — patched firmware posted to MySonicWall on April 29, 2026
https://www.sonicwall.com/support/notices/security-advisory-firmware-update-required-gen-6-gen-7-and-gen-8-firewalls/kA1VN000001F03x0AC
Advisory ID SNWLID-2026-0004
First Published 2026-04-29
Workaround true
CVE CVE-2026-0204, CVE-2026-0205, CVE-2026-0206
CWE CWE-1390, CWE-35, CWE-121
CVSS v3 8.0
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0004
SonicWall has identified three vulnerabilities (CVEs) affecting Gen 6, Gen 7, and Gen 8 firewall platforms. These vulnerabilities require immediate firmware updates to maintain security posture. One CVE is rated High severity and two are rated medium severity.
Applies To
Gen 8 firewalls — patch available in firmware 8.2.0-8009
Gen 7 firewalls — patch available in firmware 7.3.2-7010
Gen 6 firewalls — patched firmware posted to MySonicWall on April 29, 2026
https://www.sonicwall.com/support/notices/security-advisory-firmware-update-required-gen-6-gen-7-and-gen-8-firewalls/kA1VN000001F03x0AC
Advisory ID SNWLID-2026-0004
First Published 2026-04-29
Workaround true
CVE CVE-2026-0204, CVE-2026-0205, CVE-2026-0206
CWE CWE-1390, CWE-35, CWE-121
CVSS v3 8.0
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0004
Pi-hole
Local privilege escalation via config-controlled path in root-executed service hooks
Package Pi-hole Core and FTL
Affected versions
>= v6.0
Patched versions
Core >=v6.4.2 FTL >=v6.6.1
https://github.com/pi-hole/pi-hole/security/advisories/GHSA-6w8x-p785-6pm4
Local privilege escalation via config-controlled path in root-executed service hooks
Package Pi-hole Core and FTL
Affected versions
>= v6.0
Patched versions
Core >=v6.4.2 FTL >=v6.6.1
https://github.com/pi-hole/pi-hole/security/advisories/GHSA-6w8x-p785-6pm4
GitHub
Local privilege escalation via config-controlled path in root-executed service hooks
## Summary
The non-root pihole user has write access to `/etc/pihole/pihole.toml`. Two shell scripts executed as root by systemd (`pihole-FTL-prestart.sh` and `pihole-FTL-poststop.sh`) read the ...
The non-root pihole user has write access to `/etc/pihole/pihole.toml`. Two shell scripts executed as root by systemd (`pihole-FTL-prestart.sh` and `pihole-FTL-poststop.sh`) read the ...
CNA: Apache Software Foundation
CVSS 9.8
Published: 2026-05-01
Updated: 2026-05-01
Title: Apache MINA: AbstractIoBuffer.resolveClass() null-clazz Branch Skips acceptMatchers Filter — Full Object Deserialization RCE (take 2)
Description
The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them (for static classes or primitive types) does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed. The fix checks if the class is present in the accepted class filter before calling Class.forName(). Affected versions are Apache MINA 2.1.0 <= 2.1.11, and 2.2.0 <= 2.2.6. The problem is resolved in Apache MINA 2.1.12, and 2.2.7 by applying the classname allowlist earlier. Affected are applications using Apache MINA that call IoBuffer.getObject(). Applications using Apache MINA are advised to upgrade.
https://www.cve.org/CVERecord?id=CVE-2026-42779
https://lists.apache.org/thread/fhlx5k91hrkgyzh7yk1nghrn3k27gxy0
CVSS 9.8
Published: 2026-05-01
Updated: 2026-05-01
Title: Apache MINA: AbstractIoBuffer.resolveClass() null-clazz Branch Skips acceptMatchers Filter — Full Object Deserialization RCE (take 2)
Description
The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them (for static classes or primitive types) does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed. The fix checks if the class is present in the accepted class filter before calling Class.forName(). Affected versions are Apache MINA 2.1.0 <= 2.1.11, and 2.2.0 <= 2.2.6. The problem is resolved in Apache MINA 2.1.12, and 2.2.7 by applying the classname allowlist earlier. Affected are applications using Apache MINA that call IoBuffer.getObject(). Applications using Apache MINA are advised to upgrade.
https://www.cve.org/CVERecord?id=CVE-2026-42779
https://lists.apache.org/thread/fhlx5k91hrkgyzh7yk1nghrn3k27gxy0
CVE-2026-0300 PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal
CVSS-BT: 9.3
Description
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.
The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines by restricting access to only trusted internal IP addresses.
Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.
https://security.paloaltonetworks.com/CVE-2026-0300
CVSS-BT: 9.3
Description
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.
The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines by restricting access to only trusted internal IP addresses.
Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.
https://security.paloaltonetworks.com/CVE-2026-0300
Palo Alto Networks Product Security Assurance
CVE-2026-0300 PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code wi...
Product Release Advisory - VMware Tanzu GemFire Management Console 1.4.4
Advisory ID: TNZ-2026-0260
Severity: Critical
Issue Date: 2026-05-05
Synopsis
Updated Spring, Tomcat and other libraries along with latest Prometheus version in OCI image with latest Photon image
VMware Tanzu Data Intelligence
VMware Tanzu Data Services Pack
VMware Tanzu Data Suite
VMware Tanzu Gemfire
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37439
Advisory ID: TNZ-2026-0260
Severity: Critical
Issue Date: 2026-05-05
Synopsis
Updated Spring, Tomcat and other libraries along with latest Prometheus version in OCI image with latest Photon image
VMware Tanzu Data Intelligence
VMware Tanzu Data Services Pack
VMware Tanzu Data Suite
VMware Tanzu Gemfire
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37439
SAP Security Patch Day - May 2026
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/may-2026.html
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/may-2026.html
Linux Kernel Vulnerability copy.fail - CVE-2026-31431
IR Number FG-IR-26-139
Published Date May 13, 2026
Component CLI
Severity High
Discovered Third-Party Library
Attack Type Authenticated
Known Exploited No
CVSSv3 Score 7.8
Impact Escalation of privilege
CVE ID CVE-2026-31431
https://fortiguard.fortinet.com/psirt/FG-IR-26-139
IR Number FG-IR-26-139
Published Date May 13, 2026
Component CLI
Severity High
Discovered Third-Party Library
Attack Type Authenticated
Known Exploited No
CVSSv3 Score 7.8
Impact Escalation of privilege
CVE ID CVE-2026-31431
https://fortiguard.fortinet.com/psirt/FG-IR-26-139
FortiGuard Labs
PSIRT | FortiGuard Labs
None
VMSA-2026-0003: VMware Fusion updates address privilege escalation vulnerability (CVE-2026-41702)
Advisory ID: VMSA-2026-0003
Advisory Severity: Important
CVSSv3 Range: 7.8
Synopsis: VMware Fusion updates address privilege escalation vulnerability (CVE-2026-41702)
Issue date: 2025-05-14
CVE(s) CVE-2026-41702
Impacted Products
VMware Fusion
Introduction
A local privilege escalation vulnerability in VMware Fusion was privately reported to Broadcom. Updates are available to remediate this vulnerability in affected Broadcom products.
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37454
Advisory ID: VMSA-2026-0003
Advisory Severity: Important
CVSSv3 Range: 7.8
Synopsis: VMware Fusion updates address privilege escalation vulnerability (CVE-2026-41702)
Issue date: 2025-05-14
CVE(s) CVE-2026-41702
Impacted Products
VMware Fusion
Introduction
A local privilege escalation vulnerability in VMware Fusion was privately reported to Broadcom. Updates are available to remediate this vulnerability in affected Broadcom products.
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37454
Microsoft Exchange Server Spoofing Vulnerability
CVE-2026-42897
Released: May 14, 2026
Impact Spoofing
Max Severity Critical
Weakness CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS: 7.5
Executive Summary
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
Exploitability
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
Publicly disclosed No
Exploited Yes
Exploitability assessment Exploitation Detected
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42897
CVE-2026-42897
Released: May 14, 2026
Impact Spoofing
Max Severity Critical
Weakness CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS: 7.5
Executive Summary
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
Exploitability
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
Publicly disclosed No
Exploited Yes
Exploitability assessment Exploitation Detected
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42897