NVD disclosure day

Published threat advisories for June 22, 2026

CVE advisoryCRITICAL

CVE-2026-48746

vLLM Authentication Bypass via ASGI Server Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in vLLM, an engine for large language models, allows an authentication bypass of its OpenAI API. This means the API could be accessed without the required API key, potentially enabling unauthorized use. It is important to determine if vLLM is in use to assess exposure to this issue.

CVE advisoryCRITICAL

CVE-2026-56266

Crawl4AI Server-Side Request Forgery Exposes Internal Services

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A server-side request forgery vulnerability in Crawl4AI's direct crawl endpoints allows unauthenticated attackers to access internal services and cloud metadata by bypassing blocklists. This could lead to the exposure of sensitive information or unauthorized actions. Confirming the use and exposure of this technology i

CVE advisoryCRITICAL

CVE-2026-49468

LiteLLM Proxy Unauthenticated Information Exposure Vulnerability

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A critical vulnerability exists in LiteLLM, an AI gateway proxy server, that could allow unauthenticated attackers to compromise the system. This issue affects the server's request handling, potentially leading to significant system control if exploited. Organizations using LiteLLM for AI API interactions should be awa

CVE advisoryCRITICAL

CVE-2026-45034

PhpSpreadsheet Phar Wrapper Deserialization Remote Code Execution

Halo Surface Signal: 3 out of 5 — possibly public-facing.

A vulnerability in the PhpSpreadsheet library allows for arbitrary code execution when processing specially crafted files. The flaw involves bypassing security checks related to Phar stream wrappers, potentially leading to server compromise, especially on PHP 7.x. This is a concern for applications that handle spreadsh

CVE advisoryCRITICAL

CVE-2026-44727

Jupyter Server Stored XSS with Kernel RCE Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in Jupyter Server allows for stored XSS and kernel RCE when a user opens a crafted notebook. This can lead to unauthorized access to sensitive data and server control. It is uncertain if this technology is in use or exposed within the environment.

CVE advisoryCRITICAL

CVE-2026-12249

ADSys CA Certificate Auto-Enrollment Trust Store Poisoning

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

An issue in Canonical ADSys allows unauthenticated network attackers to poison the system's trust store by intercepting unencrypted certificate requests, enabling the interception of TLS connections. The vulnerability exists in how ADSys requests CA certificates, using HTTP instead of HTTPS, which an attacker can explo

CVE advisoryCRITICAL

CVE-2026-10789

Autodesk Fusion MCP Extension Arbitrary Code Execution Vulnerability

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability in Autodesk Fusion Desktop's MCP extension can allow arbitrary code execution if a user visits a malicious webpage. This could result in code running with the current user's privileges. You should care if your organization uses Autodesk Fusion Desktop with the MCP extension, as user interaction with a c

CVE advisoryCRITICAL

CVE-2026-9072

IBM i WebSphere Intelligent Management Remote Code Execution and Denial of Service

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical vulnerability exists in IBM i and WebSphere Application Server when using Intelligent Management with the WebSphere WebServer Plug-in. Attackers can exploit this by impersonating backend servers, potentially leading to remote code execution or denial of service. This affects commonly internet-facing componen

CVE advisoryCRITICAL

CVE-2026-8646

IBM WebSphere HTTP Request Smuggling Vulnerability Allows Security Bypass

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

IBM WebSphere Application Server is vulnerable to HTTP request smuggling, allowing remote attackers to bypass security controls, impersonate users, escalate privileges, and expose sensitive information. This vulnerability affects critical web application hosting environments and requires confirmation of external exposu

CVE advisoryCRITICAL

CVE-2026-7664

IBM Langflow OSS Improper Authorization Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

IBM Langflow OSS contains an authorization vulnerability that could allow unauthenticated attackers to access protected project resources and execute operations. This issue is relevant if IBM Langflow OSS is used to build and deploy AI workflows, and requires confirmation of its use and assessment of potential exposure

CVE advisoryHIGH

CVE-2026-56104

Chainlit Session Hijacking Vulnerability During WebSocket Restoration

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A Chainlit session restoration vulnerability allows unauthenticated attackers to hijack active user sessions by presenting a valid session ID, potentially granting unauthorized access to user permissions, roles, and data. This could enable attackers to perform actions as the victim user.

CVE advisoryCRITICAL

CVE-2026-12628

IBM Storage Protect Authentication Bypass via Hardcoded Credentials.

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

IBM Storage Protect Client and Snapshot components have a critical authentication bypass vulnerability due to hardcoded credentials, allowing unauthenticated remote attackers to gain unauthorized access to protected services and impersonate legitimate clients. The core issue is an embedded static credential that bypass

CVE advisoryCRITICAL

CVE-2026-7166

Sensitive Data Exposure Vulnerability in API and Local Database

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability allows unauthenticated remote attackers to access sensitive user data, including email addresses, phone numbers, and information on minors and municipal users, through an unprotected API and a local database. This exposure could lead to unauthorized access to confidential information.

CVE advisoryCRITICAL

CVE-2026-7165

Assassin Game Gaudire Endpoint Vulnerabilities Allow Privilege Escalation and Data Exposure.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A web application vulnerability in the `/addJugador` endpoint allows authenticated attackers to modify user data, falsify game scores for prizes, escalate privileges to administrator, cause denial-of-service, and access sensitive internal information. The potential for these actions poses a risk to data integrity and s

CVE advisoryCRITICAL

CVE-2026-56425

Azure AD Authentication Weaknesses Allow Session Hijacking and Token Leakage

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

Weaknesses in the Azure Active Directory authentication plugin's OAuth 2.0 implementation could permit attackers to bypass security guarantees, potentially leading to session hijacking and credential leakage. The vulnerability arises from improper handling of session identifiers and redirect URIs within the authenticat

CVE advisoryCRITICAL

CVE-2026-56423

MISP Broken Access Control Allows Unauthorized Deletion of Event Reports and Sharing Groups.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

MISP Core contains broken access control in its bulk deletion features, allowing authenticated users with broad permissions to delete event reports and sharing groups outside their authorized scope. This could result in the loss of threat intelligence data or sharing configurations across the entire instance.

CVE advisoryCRITICAL

CVE-2026-56422

MISP Object Overwrite and Unauthorized Sharing Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in MISP core controllers allows authenticated users to manipulate data ownership and sharing permissions by submitting crafted requests, potentially leading to unauthorized modification or access of sensitive information. This issue arises from insufficient validation of client-controlled request fields