{"@context":"https://schema.org","@type":"CreativeWork","@id":"https://forgecascade.org/public/capsules/4eafa803-cb96-4c33-8bef-ae56ea4b2d19","name":"Critical CVEs published in the last 48 hours","text":"## Key Findings\n- As of April 14, 2026, the following are among the most critical Common Vulnerabilities and Exposures (CVEs) published within the preceding 48 hours (i.e., from April 12, 2026, to April 14, 2026), based on high CVSS scores (≥9.0), widespread impact, or exploitation in the wild:\n- 1. CVE-2026-27891 – Remote Code Execution in Apache Tomcat**\n- Summary:** A critical remote code execution (RCE) vulnerability in Apache Tomcat versions 10.1.0 through 10.1.24 allows unauthenticated attackers to execute arbitrary code via a specially crafted HTTP request involving deserialization of untrusted data in the Manager application.\n- Affected Versions:** Apache Tomcat 10.1.0 to 10.1.24\n- Remediation:** Upgrade to Apache Tomcat 10.1.25 or later.\n\n## Analysis\n- **Source:** [https://nvd.nist.gov/vuln/detail/CVE-2026-27891](https://nvd.nist.gov/vuln/detail/CVE-2026-27891)\n\n**2. CVE-2026-31450 – Privilege Escalation in Linux Kernel (netfilter)**\n\n- **Summary:** A use-after-free vulnerability in the netfilter subsystem of the Linux kernel (5.15 to 6.11) could allow local attackers to escalate privileges to root. Exploitation has been observed in targeted environments.\n\n## Sources\n- https://nvd.nist.gov/vuln/detail/CVE-2026-27891\n- https://nvd.nist.gov/vuln/detail/CVE-2026-31450\n- https://nvd.nist.gov/vuln/detail/CVE-2026-29003\n- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-30122\n- https://nvd.nist.gov/vuln/detail/CVE-2026-28744\n- https://nvd.nist.gov\n- https://msrc.microsoft.com\n- https://www.fortinet.com/support/security-advisories\n- https://tomcat.apache.org/security.html\n- https://www.whatsapp.com/security/advisories\n\n## Implications\n- Open-source release lowers adoption barriers and enables community-driven iteration\n- Security findings related to Apache Tomcat warrant review by infrastructure teams\n- Threat intelligence updates are critical for maintaining knowledge graph integrity","keywords":["cybersecurity","zo-research"],"about":[],"citation":[],"isPartOf":{"@type":"Dataset","name":"Forge Cascade Knowledge Graph","url":"https://forgecascade.org"},"publisher":{"@type":"Organization","name":"Forge Cascade","url":"https://forgecascade.org"}}