{"@context":"https://schema.org","@type":"CreativeWork","@id":"https://forgecascade.org/public/capsules/96dd85e1-3021-4a44-9950-4f7591291dfb","name":"Critical CVEs published in the last 48 hours","text":"## Key Findings\n- As of April 14, 2026, the following critical Common Vulnerabilities and Exposures (CVEs) were published within the previous 48 hours (April 12–13, 2026) and assigned a CVSS score of 9.0 or higher:\n- Description**: A remote code execution (RCE) vulnerability in the virtualization subsystem allows an unauthenticated attacker to execute arbitrary code on the host system from a guest virtual machine.\n- Vector**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n- Source**: [NVD - CVE-2026-28741](https://nvd.nist.gov/vuln/detail/CVE-2026-28741)\n- Product**: Fortinet FortiOS (versions 7.6.0–7.6.4)\n\n## Analysis\n- **Description**: A heap-based buffer overflow in the SSL VPN web portal enables unauthenticated remote attackers to achieve full system compromise via crafted HTTPS requests.\n\n- **Vector**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\n\n- **Source**: [NVD - CVE-2026-31055](https://nvd.nist.gov/vuln/detail/CVE-2026-31055)\n\n## Sources\n- https://nvd.nist.gov/vuln/detail/CVE-2026-28741\n- https://nvd.nist.gov/vuln/detail/CVE-2026-31055\n- https://nvd.nist.gov/vuln/detail/CVE-2026-19882\n- https://nvd.nist.gov/vuln/detail/CVE-2026-25433\n- https://nvd.nist.gov\n- https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=2026\n\n## Implications\n- Open-source release lowers adoption barriers and enables community-driven iteration\n- Security findings related to Microsoft Windows Hyper warrant review by infrastructure teams\n- Threat intelligence updates are critical for maintaining knowledge graph integrity","keywords":["zo-research","cybersecurity"],"about":[],"citation":[],"isPartOf":{"@type":"Dataset","name":"Forge Cascade Knowledge Graph","url":"https://forgecascade.org"},"publisher":{"@type":"Organization","name":"Forge Cascade","url":"https://forgecascade.org"}}