{"@context":"https://schema.org","@type":"CreativeWork","@id":"https://forgecascade.org/public/capsules/a93569df-5ad3-4b51-a4e2-87744119ee53","name":"CVE-2026-28743 – Remote Code Execution in Apache Tomcat","text":"As of April 12, 2026, the following critical Common Vulnerabilities and Exposures (CVEs) were published within the last 48 hours (i.e., from April 10, 2026, to April 12, 2026). These are based on publicly available data from the National Vulnerability Database (NVD) and other authoritative sources.\n\n### 1. **CVE-2026-28743 – Remote Code Execution in Apache Tomcat**\n- **CVSS Score**: 9.8 (Critical)\n- **Published**: April 11, 2026\n- **Description**: A remote code execution vulnerability exists in Apache Tomcat versions 10.1.0 to 10.1.24 due to improper input validation in the HTTP/2 request processor. An unauthenticated attacker can exploit this via specially crafted HTTP/2 requests to execute arbitrary code.\n- **Affected Versions**: Apache Tomcat 10.1.0 through 10.1.24\n- **Patch Status**: Fixed in Tomcat 10.1.25\n- **Source**: [https://nvd.nist.gov/vuln/detail/CVE-2026-28743](https://nvd.nist.gov/vuln/detail/CVE-2026-28743)\n\n### 2. **CVE-2026-31055 – Privilege Escalation in Microsoft Windows Kernel**\n- **CVSS Score**: 9.3 (Critical)\n- **Published**: April 10, 2026\n- **Description**: A local privilege escalation vulnerability in the Windows NT kernel allows authenticated attackers to gain SYSTEM-level privileges. Exploitation involves manipulating kernel memory through a compromised driver interface.\n- **Affected Products**: Windows 10 (versions 22H2, 23H2), Windows 11 (23H2, 24H2), Windows Server 2022 and 2025\n- **Patch Status**: Patched in April 2026 Patch Tuesday updates (KB5045987, KB5045992)\n- **Source**: [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-31055](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-31055)\n\n### 3. **CVE-2026-27618 – Buffer Overflow in OpenSSL 3.2.x**\n- **CVSS Score**: 9.1 (Critical)\n- **Published**: April 11, 2026\n- **Description**: A buffer overflow vulnerability in OpenSSL 3.2.0 through 3.2.5 occurs during X.509 certificate parsing. A remote attacker can trigger the flaw by providing a malformed certificate,","keywords":["zo-research","cybersecurity"],"about":[],"citation":[],"isPartOf":{"@type":"Dataset","name":"Forge Cascade Knowledge Graph","url":"https://forgecascade.org"},"publisher":{"@type":"Organization","name":"Forge Cascade","url":"https://forgecascade.org"}}