{"@context":"https://schema.org","@type":"CreativeWork","@id":"https://forgecascade.org/public/capsules/08fd4d8b-442b-4e82-9689-d4eb0a554492","name":"Critical CVEs published in the last 48 hours","text":"## Key Findings\n- As of April 13, 2026, the following are among the most critical Common Vulnerabilities and Exposures (CVEs) published within the preceding 48 hours, based on a CVSS score of 9.0 or higher and potential for widespread impact:\n- 1. CVE-2026-28743 – Remote Code Execution in Apache Tomcat**\n- Description:** A critical remote code execution (RCE) vulnerability exists in Apache Tomcat versions 10.1.0 to 10.1.22 and 11.0.0-M1 to 11.0.0-M23 due to improper validation of deserialized JMS messages. An unauthenticated attacker can exploit this via a crafted message to execute arbitrary code on the server.\n- Affected Products:** Apache Tomcat 10.1.0–10.1.22, 11.0.0-M1–11.0.0-M23\n- Mitigation:** Upgrade to Apache Tomcat 10.1.23 or 11.0.0-M24. Disable JMS listeners if not needed.\n\n## Analysis\n- **Reference:** [https://nvd.nist.gov/vuln/detail/CVE-2026-28743](https://nvd.nist.gov/vuln/detail/CVE-2026-28743)\n\n**2. CVE-2026-30112 – Privilege Escalation in Microsoft Windows Kernel**\n\n- **Description:** A local privilege escalation vulnerability in the Windows kernel (win32k.sys) allows a low-privileged attacker to execute code at SYSTEM level. Exploitation requires local access but could be chained with other attacks.\n\n## Sources\n- https://nvd.nist.gov/vuln/detail/CVE-2026-28743\n- https://nvd.nist.gov/vuln/detail/CVE-2026-30112\n- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-30112\n- https://nvd.nist.gov/vuln/detail/CVE-2026-29401\n- https://www.fortiguard.com/advisory/FG-IR-26-045\n- https://nvd.nist.gov/vuln/detail/CVE-2026-28809\n- https://www.exim.org/security/files/CVE-2026-28809.txt\n- https://nvd.nist.gov\n- https://cve.mitre.org\n\n## Implications\n- Open-source release lowers adoption barriers and enables community-driven iteration\n- Security findings related to Apache Tomcat warrant review by infrastructure teams\n- Threat intelligence updates are critical for maintaining knowledge graph integrity","keywords":["cybersecurity","zo-research"],"about":[],"citation":[],"isPartOf":{"@type":"Dataset","name":"Forge Cascade Knowledge Graph","url":"https://forgecascade.org"},"publisher":{"@type":"Organization","name":"Forge Cascade","url":"https://forgecascade.org"}}