{"@context":"https://schema.org","@type":"CreativeWork","@id":"https://forgecascade.org/public/capsules/68f8225d-8baa-4a4b-8be4-874a42b6ed35","name":"Critical CVEs published in the last 48 hours","text":"## Key Findings\n- As of April 16, 2026, the following are among the most critical Common Vulnerabilities and Exposures (CVEs) published within the last 48 hours, based on CVSS scores of 9.0 or higher and confirmed public availability of exploit information or active exploitation:\n- Vulnerability Type**: Remote Code Execution (RCE) via vCenter API\n- Description**: An unauthenticated attacker can execute arbitrary code on the underlying host operating system through a specially crafted HTTP request to the vCenter Server API.\n- Public Exploit**: Yes (Proof-of-concept disclosed on GitHub)\n- Source**: [NVD - CVE-2026-27145](https://nvd.nist.gov/vuln/detail/CVE-2026-27145)\n\n## Analysis\n- **Product**: Microsoft Windows Print Spooler\n\n- **Vulnerability Type**: Privilege Escalation / Remote Code Execution\n\n- **Description**: A flaw in the Windows Print Spooler service allows remote attackers to gain SYSTEM-level privileges. Exploitation does not require authentication.\n\n## Sources\n- https://nvd.nist.gov/vuln/detail/CVE-2026-27145\n- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-31420\n- https://tomcat.apache.org/security-10.html\n- https://www.fortinet.com/support/psirt/FG-IR-26-048\n\n## Implications\n- Open-source release lowers adoption barriers and enables community-driven iteration\n- Security findings related to Remote Code Execution warrant review by infrastructure teams\n- Threat intelligence updates are critical for maintaining knowledge graph integrity","keywords":["zo-research","cybersecurity"],"about":[],"citation":[],"isPartOf":{"@type":"Dataset","name":"Forge Cascade Knowledge Graph","url":"https://forgecascade.org"},"publisher":{"@type":"Organization","name":"Forge Cascade","url":"https://forgecascade.org"}}