authentication bypass

A CVSS 9.8 CRLF-injection bug in cPanel and WHM let unauthenticated attackers gain root, exploited since February 23 against roughly 1.5 million exposed servers and now weaponized against governments in Southeast Asia.

A missing authentication check on a Model Context Protocol endpoint in nginx-ui exposes roughly 2,600 servers to full takeover, and unauthenticated exploitation is practical when paired with a second flaw that leaks a required node secret.

A maximum-severity authentication bypass in Cisco Catalyst SD-WAN has been actively exploited since 2023 by a sophisticated threat actor, prompting a CISA emergency directive requiring federal agencies to patch or disconnect affected systems.