Cybersecurity
Critical CVEs of 2026
Notifire's running roll-up of the year's highest-impact vulnerabilities — what they were, who was affected, what defenders did.
Each year a small handful of CVEs reshape security practice. Heartbleed (2014), Shellshock (2014), Spectre/Meltdown (2018), Log4Shell (2021), XZ (2024). This page is Notifire's running index of the 2026 entrants: which were exploited in the wild, which forced industry-wide patching, and which changed default trust assumptions for years to come.
Notifire's editorial team curates this list against three criteria: severity (CVSS ≥ 9.0 or active exploitation), reach (millions of affected systems or supply-chain blast radius), and persistence (the disclosure changed defensive practice). News briefings on the individual CVEs are linked below as they appear.
Latest briefings on Critical CVEs of 2026
Infra
Vercel Adds a Stop Button for In-Flight Workflows
Vercel's Workflow SDK now lets developers cancel long-running tasks while they're still in progress. This gives them more control over complex application processes and helps prevent wasted resources on jobs that are no longer needed.
Ashish Kale ·
Security
A Perl Library Flaw Makes Passwords Easier to Crack
The Crypt-SaltedHash library for Perl used a weak method to generate random "salts," a key part of password security. This makes the salts predictable, allowing attackers to more easily crack hashed passwords on systems using this library.
Neeraj Dhiman ·
Security
Texmaker Vulnerability Allows Code Execution
A security flaw has been discovered in the Texmaker LaTeX editor. The vulnerability stems from how the application handles TIFF image files, allowing a malicious image to cause a denial of service, leak sensitive information, or permit remote code execution on a user's system.
Neeraj Dhiman ·
Security
Ubuntu Patches Local Eavesdropping Vulnerability
Ubuntu has released a security update for its 20.04 LTS version, addressing a vulnerability in the xdg-dbus-proxy component. The flaw could allow a local attacker to intercept certain D-Bus messages by exploiting incorrect handling of policy rules. Users are advised to apply the patch promptly.
Neeraj Dhiman ·
Security
Ubuntu SSSD Flaw Creates Service Disruption
A vulnerability was discovered in Ubuntu's System Security Services Daemon (SSSD). A local attacker can exploit this by sending malformed data to the PAM passkey responder, causing it to crash. This results in a denial of service, preventing users from authenticating on affected systems.
Neeraj Dhiman ·
Security
Media File Flaw Puts Legacy Ubuntu Servers at Risk
A security patch has been released for a critical GStreamer vulnerability affecting Ubuntu 16.04 LTS. Malicious AVI files could allow attackers to crash systems or run arbitrary code, making this update crucial for teams managing legacy infrastructure.
Neeraj Dhiman ·
Security
Testing Driver Flaws Without Hardware
Security researchers have detailed a method for interacting with and testing Windows kernel-mode drivers without the physical hardware they control. This approach simplifies vulnerability analysis, allowing security teams to evaluate driver exploits that are normally gated by the presence of specific hardware components.
Neeraj Dhiman ·
Security
Vulnerability Found in Highlight.js Library
A prototype pollution vulnerability has been discovered in Highlight.js, a widely-used syntax highlighting library. The flaw could allow an attacker to cause a denial of service or trigger unexpected application behavior. It affects web applications that use the library for displaying code snippets.
Neeraj Dhiman ·
Security
Multiple Security Flaws Found In MediaWiki
Multiple vulnerabilities have been discovered in MediaWiki, the popular open-source wiki software. The flaws could allow attackers to determine if users have two-factor authentication enabled and to view the titles of intentionally hidden log entries, posing a risk to user privacy and site security.
Neeraj Dhiman ·
Security
Critical GDAL Library Vulnerability Discovered
A high-severity vulnerability has been discovered in the Geospatial Data Abstraction Library (GDAL). The flaw, located in its bundled LibTIFF component, could allow an attacker to execute arbitrary code, cause a denial of service, or access sensitive information by using a specially crafted TIFF image file.
Neeraj Dhiman ·
Security
Ubuntu Patches Flaw That Lets JPEGs Crash Apps
Ubuntu has patched a critical vulnerability in its GDK-PixBuf image library. A specially crafted JPEG file could crash an application, cause a denial of service, or even allow an attacker to execute arbitrary code on affected systems.
Neeraj Dhiman ·
Security
Open-source private security camera updated
Secluso, an open-source home security camera system, has been updated. Formerly Privastead, it offers end-to-end encryption using OpenMLS and focuses on user privacy. The system is designed for easy deployment on hardware like the Raspberry Pi, providing a private alternative to commercial IoT solutions.
Neeraj Dhiman ·
Security
Chrome and Defender Under Active Attack
Google issued an urgent update for a critical Chrome vulnerability that could allow code execution. Meanwhile, attackers are actively exploiting flaws in Microsoft Defender. Other security news includes scrutiny of child safety on major platforms and new spyware detection tools.
Neeraj Dhiman ·
Security
Security Flaw in Ubuntu Papers App
A remote code execution vulnerability was found in the Papers reference management app on Ubuntu. Attackers can exploit it by tricking users into opening a malicious PDF file, potentially allowing them to run arbitrary code. The flaw stems from how the application handles specific PDF actions.
Neeraj Dhiman ·
Data
Elastic Releases Important Security Update
Elastic has released version 8.19.16 of the Elastic Stack, a security patch that addresses potential vulnerabilities. The company recommends all users upgrade to this latest version to ensure their deployments are protected. This update supersedes previous versions and is crucial for maintaining system security.
Taranpreet Singh ·
Security
Ubuntu 20.04 Flaw Lets Attackers Crash Systems
A security flaw has been found in a core audio library on Ubuntu 20.04 LTS. Attackers could exploit it with a special file to crash applications or potentially run malicious code, requiring an immediate system update.
Neeraj Dhiman ·
Security
NNCP Flaw Allows Remote File Access
A security vulnerability has been found in the NNCP file transfer utility. The flaw allows a remote attacker to bypass directory restrictions and read or write files anywhere on the system. This is a high-severity path traversal issue affecting users of this specific tool.
Neeraj Dhiman ·
Security
GStreamer Vulnerability Causes App Crashes
A security vulnerability has been discovered in GStreamer Good Plugins. Specially crafted MP4 audio files can cause applications using the framework to crash, leading to a denial-of-service condition. This affects systems relying on GStreamer for multimedia processing. Users should apply available security updates.
Neeraj Dhiman ·
Tech
Open source experiments shaped JPEG XL
Google details the development of JPEG XL, highlighting how open-source experiments and collaboration were crucial. The new image format aims to offer better compression and features than existing formats like JPEG, PNG, and GIF, building on lessons from past projects like WebP and Guetzli.
Navdeep Kaur Mahal ·
Security
Ubuntu Patches OpenCC Library Vulnerability
Ubuntu has released a security update for its 18.04 LTS and 20.04 LTS versions. The patch addresses a denial-of-service vulnerability in the OpenCC library, which could be triggered by an attacker using specially crafted, truncated UTF-8 input to crash applications using the library.
Neeraj Dhiman ·
Security
AI Agents Lead New Security Threats
A recent security bulletin highlights a range of emerging threats facing organizations. These include the misuse of AI agents for malicious purposes, the availability of new command-and-control tools for attackers, deceptive social engineering tactics, and the continued use of JavaScript backdoors to compromise systems.
Neeraj Dhiman ·
Security
Ubuntu Patches Critical Linux Kernel Flaws
Ubuntu has released security updates for the Linux kernel. The patches address several vulnerabilities, including a critical flaw known as 'Copy Fail' that could allow a local attacker to gain higher privileges or escape from a container environment. All users should update their systems promptly.
Neeraj Dhiman ·
Security
Libcaca flaw allows remote code execution
A security vulnerability has been discovered in the libcaca library. The flaw stems from incorrect handling of malformed files, which could allow an attacker to crash an application, causing a denial of service. In a worst-case scenario, this could lead to remote code execution.
Neeraj Dhiman ·
Security
Palo Alto VPN Flaw Actively Exploited
A vulnerability in Palo Alto Networks' GlobalProtect VPN is being actively exploited, allowing attackers to gain unauthorized access to corporate networks. Security firm Rapid7 reports that exploitation began just days after Palo Alto disclosed the issue, which was initially rated as medium-severity.
Neeraj Dhiman ·
Security
Security flaw found in libeconf library
A security vulnerability has been discovered in libeconf, a configuration file parsing library used in Linux environments. The flaw could allow an attacker to cause a crash by sending improperly sized input, resulting in a denial of service. Ubuntu has issued a patch to address the issue.
Neeraj Dhiman ·
Security
Microsoft Defender Flaws Actively Exploited
Microsoft has revealed that two vulnerabilities in its Defender security software are being actively exploited. One is a privilege escalation flaw (CVE-2026-41091) that could allow an attacker to gain SYSTEM-level access, while the other is a denial-of-service flaw. Both are being used in real-world attacks.
Neeraj Dhiman ·
Security
Security Flaw Found in Postorius
A cross-site scripting (XSS) vulnerability was discovered in Postorius, the web interface for Mailman 3. The flaw allows attackers to inject malicious HTML into message subjects on the 'Held messages' pop-up, which could lead to the exposure of sensitive administrator information.
Neeraj Dhiman ·
Tech
Euro-Office Offers Open Source Google Docs Rival
A new open-source web office suite, Euro-Office, has launched its first version. It allows companies to self-host their own office tools, providing a direct alternative to services like Google Workspace for greater data sovereignty and control.
Navdeep Kaur Mahal ·
Security
Exploit for Arch Linux Flaw Released
A public exploit is now available for a recently patched Arch Linux vulnerability called PinTheft. The flaw allows a local attacker to gain full root privileges on a system. The vulnerability has already been fixed, so users who have updated their systems are protected from this exploit.
Neeraj Dhiman ·
Security
Ubuntu Patches Multiple Linux Kernel Flaws
Ubuntu has released a security update for its low-latency Linux kernel, addressing several vulnerabilities. These flaws, found in the SMB, Netfilter, and io_uring subsystems, could potentially allow an attacker to compromise a system. The update is part of Ubuntu's regular maintenance and security program.
Neeraj Dhiman ·
Frequently asked questions
What makes a CVE “critical”?
A CVSS base score ≥ 9.0, plus at least one of: active in-the-wild exploitation, very large affected population, or remote unauthenticated RCE. Notifire applies the same bar to its critical list.
Where can I subscribe to CVE alerts?
The NVD RSS feed, CISA's Known Exploited Vulnerabilities (KEV) catalog, and vendor PSIRT mailing lists. Notifire's /security RSS feed (notifire.in/rss.xml filtered to security) covers the highest-impact disclosures.
How fast should we patch a critical CVE?
Active in-the-wild exploitation: same day. Critical remote unauthenticated RCE without active exploitation: 72 hours. Critical authenticated or local: 14 days, prioritised against business risk. CISA mandates 14 days for KEV-listed CVEs on US federal systems.
What is SBOM-driven CVE response?
Maintain a signed Software Bill of Materials for every artifact in production; when a CVE drops, query the SBOM database to find every running workload that contains the vulnerable component. Reduces MTTD on a new CVE from days to minutes.