Weekly Exploit Roundup

Generated 2026-05-05T08:00:15.733535+00:00 (UTC)

1. Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API
   Source: The Hacker News | Published: 2026-05-05T07:37:00+00:00 | Score: 32.088
   A critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA) and collaboration platform, has come under active exploitation in the wild.
   The vulnerability (CVE-2026-22679, CVSS score: 9.8) relates to a case of unauthenticated remote code execution affecting Weaver E-cology 10.0 versions prior to 20260312. The issue resides in the "/papi/esearch/data/devops/
2. Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push
   Source: The Hacker News | Published: 2026-04-28T18:19:00+00:00 | Score: 21.907
   Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single "git push" command.
   The flaw, tracked as CVE-2026-3854 (CVSS score: 8.7), is a case of command injection that could allow an attacker with push access to a repository to achieve
3. Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE
   Source: The Hacker News | Published: 2026-04-28T11:18:00+00:00 | Score: 21.198
   Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face's open-source robotics platform with nearly 24,000 GitHub stars, that could be exploited to achieve remote code execution.
   The vulnerability in question is CVE-2026-25874 (CVSS score: 9.3), which has been described as a case of untrusted data deserialization stemming from the use of the
4. CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV
   Source: The Hacker News | Published: 2026-05-03T06:26:00+00:00 | Score: 20.625
   The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security flaw impacting various Linux distributions to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
   The vulnerability, tracked as CVE-2026-31431 (CVSS score: 7.8), is a case of local privilege escalation (LPE) flaw that could allow an
5. LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure
   Source: The Hacker News | Published: 2026-04-29T05:34:00+00:00 | Score: 19.742
   In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI's LiteLLM Python package has come under active exploitation in the wild within 36 hours of the bug becoming public knowledge.
   The vulnerability, tracked as CVE-2026-42208 (CVSS score: 9.3), is an SQL injection that could be exploited to modify the underlying
6. CVE-2026-41940: cPanel & WHM Authentication Bypass
   Source: Rapid7 Cybersecurity Blog | Published: 2026-04-29T20:00:20+00:00 | Score: 17.071
   Overview On April 28, 2026, cPanel issued a security update to fix a critical vulnerability affecting the cPanel & WHM and WP Squared products. In the cPanel release notes, the bug was described as "an issue with session loading and saving." CVE-2026-41940 , the identifier subsequently assigned on April 29, 2026, has a CVSS score of 9.8 and allows unauthenticated remote attackers to bypass authentication and gain unauthorized administrative access to the affected systems. First-party cPanel & WHM and WP Squared vendor advisories are available. cPanel & WHM is web hosting control panel software used to manage websites and servers. WHM provides root-level administration, while cPanel acts as the user-facing interface. Successful exploitation of CVE-2026-41940 grants an attacker control over the cPanel host system, its configurations and databases, and websites it manages. A naive Shodan query for potential targets returns approximately 1.5 million cPanel instances exposed to the internet
7. Weaver E-cology critical bug exploited in attacks since March
   Source: BleepingComputer | Published: 2026-05-04T22:12:57+00:00 | Score: 16.409
   Hackers have been exploiting a critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation since mid-March to run discovery commands. […]
8. Over 40,000 Servers Compromised in Ongoing cPanel Exploitation
   Source: SecurityWeek | Published: 2026-05-04T08:25:04+00:00 | Score: 16.298
   The attacks likely target CVE-2026-41940, a recently patched zero-day leading to administrative access. The post Over 40,000 Servers Compromised in Ongoing cPanel Exploitation appeared first on SecurityWeek .
9. Metasploit Wrap-Up 05/01/2026
   Source: Rapid7 Cybersecurity Blog | Published: 2026-05-01T20:22:54+00:00 | Score: 16.011
   MCP server This release our very own cdelafuente-r7 finished implementing the Metasploit MCP Server (msfmcpd), bringing Model Context Protocol support to Metasploit Framework. MCP lets AI applications like Claude, Cursor, or your own custom agents query Metasploit data. Think of it as a middleware layer that exposes 8 standardized tools for searching modules and pulling reconnaissance data, all built on the official Ruby MCP SDK . This first iteration is read-only, covering modules, hosts, services, vulnerabilities, and more. Tools for module execution, session interaction, and database modifications are on the roadmap for a future release. Full details are available in the documentation . Copy Fail Earlier this week, details of a new and high profile Linux LPE were released alongside a public PoC. The bug, nicknamed Copy Fail and identified by CVE-2026-31431 , is a logic flaw in the cryptographic APIs exposed by the Linux Kernel. Metasploit has shipped a local exploit this week to lev
10. CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV
    Source: The Hacker News | Published: 2026-04-29T08:46:00+00:00 | Score: 15.337
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
    The vulnerabilities are listed below –

    CVE-2024-1708 (CVSS score: 8.4) – A path traversal vulnerability in  ConnectWise ScreenConnect

End of report.