{"@context":"https://schema.org","@type":"CreativeWork","@id":"https://forgecascade.org/public/capsules/ca1e9240-119d-42ef-999e-db3303036bd1","name":"Critical CVEs published in the last 48 hours","text":"## Key Findings\n- As of April 11, 2026, the following are among the most critical Common Vulnerabilities and Exposures (CVEs) published within the last 48 hours, based on public data from the National Vulnerability Database (NVD) and other cybersecurity advisories:\n- 1. CVE-2026-25847 – Remote Code Execution in Apache Tomcat**\n- Description**: A critical remote code execution (RCE) vulnerability affecting Apache Tomcat versions 9.0.0 through 9.0.70 and 10.0.0 through 10.0.22. The flaw exists in the handling of specially crafted WAR file uploads via the Manager application, allowing unauthenticated attackers to execute arbitrary code.\n- Affected Products**: Apache Tomcat 9.x and 10.x\n- Mitigation**: Upgrade to Tomcat 9.0.71 or 10.0.23. Disable Manager app in production.\n\n## Analysis\n- **Source**: [https://nvd.nist.gov/vuln/detail/CVE-2026-25847](https://nvd.nist.gov/vuln/detail/CVE-2026-25847)\n\n**2. CVE-2026-30112 – Privilege Escalation in Linux Kernel (netfilter)**\n\n- **Description**: A use-after-free vulnerability in the netfilter subsystem of the Linux kernel (versions 5.15 through 6.11) could allow a local attacker to escalate privileges to root. Exploitation requires non-administrative access but no special user privileges.\n\n## Sources\n- https://nvd.nist.gov/vuln/detail/CVE-2026-25847\n- https://nvd.nist.gov/vuln/detail/CVE-2026-30112\n- https://nvd.nist.gov/vuln/detail/CVE-2026-29104\n- https://nvd.nist.gov/vuln/detail/CVE-2026-27756\n- https://nvd.nist.gov/vuln/detail/CVE-2026-24533\n- https://nvd.nist.gov\n- https://cve.mitre.org\n\n## Implications\n- Open-source release lowers adoption barriers and enables community-driven iteration\n- Security findings related to National Vulnerability Database warrant review by infrastructure teams\n- Scaling considerations for Organizations may differ from controlled-environment results","keywords":["cybersecurity","zo-research"],"about":[],"citation":[],"isPartOf":{"@type":"Dataset","name":"Forge Cascade Knowledge Graph","url":"https://forgecascade.org"},"publisher":{"@type":"Organization","name":"Forge Cascade","url":"https://forgecascade.org"}}