BerriAI LiteLLM CVE-2026-42271 KEV Listing Leads AI Gateway Triage
Finding 1: BerriAI LiteLLM CVE-2026-42271 is now KEV-listed
Confidence: Medium
CISA KEV confirms exploitation of CVE-2026-42271 in BerriAI LiteLLM. Treat LiteLLM and AI gateway or proxy deployments as P1: identify exposed instances, prioritise internet-facing or multi-tenant deployments, and track fixed versions or compensating controls.
Sources: CISA KEV.
Finding 2: Kemp LoadMaster CVE-2026-33691 enters edge patch routing
Confidence: Low
BSI CERT-Bund published WID-SEC-2026-1812 for Kemp/Progress LoadMaster. Edge and network teams should confirm exposed ADC or load-balancer deployments and validate fixed-version guidance.
Sources: BSI CERT-Bund WID-SEC-2026-1812.
Finding 3: Netty CVE-2026-44250 opens Java dependency review
Confidence: Low
BSI published WID-SEC-2026-1814 for Netty. Java owners should query SBOMs and package manifests first, because Netty exposure usually appears through application dependencies rather than a single server product.
Sources: BSI CERT-Bund WID-SEC-2026-1814.
Finding 4: VMware Cloud Foundation Operations CVE-2026-41722 needs management-plane review
Confidence: Low
BSI published a high-severity advisory for VMware Cloud Foundation Operations. Virtualisation and operations owners should confirm whether management consoles are exposed to broad admin populations.
Sources: BSI CERT-Bund WID-SEC-2026-1813.
Finding 5: rclone CVE-2026-49980 reaches backup and sync queues
Confidence: Low
BSI added rclone CVE-2026-49980. Inventory endpoints, CI runners, backup jobs, and admin workstations where rclone may sit outside central server CMDBs.
Sources: BSI CERT-Bund WID-SEC-2026-1811.
Finding 6: Check Point Remote/Mobile Access VPN CVE-2026-50751 has fixed-build advisory coverage
Confidence: Low
NCSC-NL published NCSC-2026-0179 for fixed Check Point Remote and Mobile Access VPN vulnerabilities. VPN and edge teams should validate fixed builds and keep this ticket separate from the older Qilin-linked Check Point thread.
Sources: NCSC-NL NCSC-2026-0179.
Finding 7: Laravel CVE-2026-48041 has BSI and CERT-FR corroboration
Confidence: Medium
BSI and CERT-FR both surfaced the Laravel security-bypass advisory. Application owners using Laravel should validate dependency update guidance rather than waiting for estate-wide exploit reporting.
Sources: BSI CERT-Bund WID-SEC-2026-1815 and CERT-FR CERTFR-2026-AVI-0703.
Finding 8: Red Hat Quay CVE-2026-11569 is listed by BSI as unpatched
Confidence: Low
BSI marks the Red Hat Quay XSS item as unpatched. Quay owners should inventory instances, reduce admin and UI exposure where possible, and watch vendor channels for remediation.
Sources: BSI CERT-Bund WID-SEC-2026-1816.
Finding 9: Bitdefender Napoca CVE-2026-10046/CVE-2026-10047 lands in NVD
Confidence: Low
NVD published two bare-metal hypervisor out-of-bounds write records for Bitdefender Napoca. Route only to endpoint or security-product owners where Napoca is actually deployed.
Sources: NVD CVE-2026-10046 and CVE-2026-10047.
Finding 10: OpenShift Router/Route CVE-2026-46579/CVE-2026-1784 needs platform-owner review
Confidence: Low
OpenShift platform owners should review route termination and pod-reachability assumptions. Keep severity language restrained until Red Hat details are confirmed.
Sources: NVD and Red Hat CVE pages for CVE-2026-46579 and CVE-2026-1784.
Finding 11: X.Org/Xwayland CVE-2026-50257/CVE-2026-50258/CVE-2026-50259 affects Linux GUI baselines
Confidence: Low
Queue distro and package checks for Linux desktop, VDI, kiosk, and server GUI packages. No exploitation claim is supported by today’s intelligence.
Sources: NVD CVE-2026-50257, CVE-2026-50258, and CVE-2026-50259.
Finding 12: 7-Zip CVE-2026-48103/CVE-2026-48111 needs endpoint baseline checks
Confidence: Low
Validate managed 7-Zip versions and look for stale portable copies in golden images, admin toolkits, and bundled application directories. This is a hygiene and exposure-reduction task, not an incident claim.
Sources: NVD CVE-2026-48103 and CVE-2026-48111.
Finding 13: Microsoft Edge mobile CVE-2026-35429 needs MDM compliance validation
Confidence: Low
MSRC published a mobile Edge spoofing issue. Confirm managed mobile fleets and BYOD guidance are moving Edge to fixed builds.
Sources: Microsoft Security Response Centre CVE-2026-35429.
Finding 14: Netty GHSA cluster affects filtering and DoS surfaces
Confidence: Low
Run dependency graph queries for Netty in internet-facing Java services, especially RedisDecoder, HAProxy protocol, subnet-filtering, and default-configuration use cases. Treat this as SBOM-led triage.
Sources: GitHub Security Advisories GHSA-3qp7-7mw8-wx86, GHSA-6ghj-frrj-jjj3, GHSA-c2rx-5r8w-8xr2, and GHSA-cc37-9q2j-3hfv.
Finding 15: Authlib CVE-2026-41479 affects Python OAuth redirect handling
Confidence: Low
Identify Authlib usage in Python identity flows and schedule version validation. OAuth redirect handling bugs can be high-leverage even when initial severity appears moderate.
Sources: GitHub Security Advisory GHSA-w8p2-r796-3vmq.
Update: Shai-Hulud PyPI trojanisation widens to 19 science-focused packages
Confidence: Low
Previously covered as a supply-chain watch item; today’s delta is expanded reported reach to 19 science-focused PyPI packages. Research, science, and ML owners should compare package locks and CI installs with the published package list.
Sources: BleepingComputer.
Finding 16: FUXA CVE-2026-47719/CVE-2026-47720/CVE-2026-47721 affects web-managed OT dashboards
Confidence: Medium
FUXA has a GHSA burst covering unauthenticated SSRF, SQL injection, and privilege escalation paths. Identify web-managed OT or industrial dashboard deployments and route upgrade or compensating-control review.
Sources: GitHub Security Advisories GHSA-w86f-rf9w-h3x6, GHSA-h9fj-c2qr-76g2, and GHSA-8ghr-w65f-j3qr.
Finding 17: Later Netty GHSA batch expands Java dependency patch routing
Confidence: Medium
A distinct Netty batch includes CVE-2026-44894, CVE-2026-45416, CVE-2026-45673, CVE-2026-45674, CVE-2026-47244, and CVE-2026-47691. Prioritise internet-facing HTTP/2, DNS, and QUIC use cases.
Sources: GitHub Security Advisories GHSA-cmm3-54f8-px4j, GHSA-xmv7-r254-6q78, GHSA-676x-f7gg-47vc, and GHSA-5x3r-wrvg-rp6q.
Finding 18: Puma CVE-2026-47736/CVE-2026-47737 adds Ruby web-tier DoS checks
Confidence: Low
Ruby web-tier owners should check Puma deployments behind load balancers or proxies that pass PROXY Protocol v1 traffic. Prioritise internet-facing services and shared hosting patterns.
Sources: GitHub Security Advisories GHSA-qpgp-93vx-g8v8 and GHSA-2vqw-3mp8-cgmx.
Finding 19: PHPSpreadsheet CVE-2026-45034 reopens spreadsheet parsing review
Confidence: Low
Applications ingesting untrusted spreadsheets should identify PHPSpreadsheet versions and confirm the bypass fix is pulled once package metadata is available. Treat file-ingestion paths as the first priority.
Sources: GitHub Security Advisory GHSA-87m4-826x-3crx.
Update: Proofpoint UNK_DeadDrop targets developers for cryptocurrency theft
Confidence: Low
Today’s delta is developer-focused phishing detail from Proofpoint, including repository-lure and wallet-theft relevance. Extract Proofpoint IOCs and check developer email, repository, and wallet-theft telemetry.
Sources: Proofpoint.
Update: TeamPCP supply-chain campaign remains active through 07 June 2026
Confidence: Low
Today’s delta is continued campaign activity through 07 June 2026. Keep this as developer and supply-chain watch, with package and repository telemetry reviewed where TeamPCP indicators are relevant.
Sources: SANS ISC.
Update: Everest Forms Pro CVE-2026-3300 exploitation raises WordPress takeover risk
Confidence: Medium
Today’s delta is active exploitation reporting for Everest Forms Pro CVE-2026-3300. Confirm whether the plugin is installed, apply fixed versions, and prioritise sites with public forms or elevated WordPress roles.
Sources: SecurityWeek and BleepingComputer.
Update: SolarWinds Serv-U CVE-2026-28318 exploitation remains managed-file-transfer P1
Confidence: Medium
Serv-U remains a P1 managed-file-transfer exposure because exploitation is linked through CISA and SolarWinds reporting in the current corpus. Verify fixed versions, restrict internet exposure, and review crash, restart, and authentication events.
Sources: SecurityWeek, CISA, and SolarWinds.
Update: Gogs patches critical zero-day enabling remote code execution
Confidence: Low
Today’s delta is patch-availability reporting for a Gogs remote-code-execution issue without a CVE in this corpus. Inventory self-hosted Gogs, validate fixed builds, and restrict internet-exposed admin paths.
Sources: BleepingComputer.
Update: Check Point VPN zero-day/Qilin thread needs ransomware-linked edge validation
Confidence: Low
Today’s delta is patch-released status and ransomware-linked reporting. Validate Check Point VPN exposure, patch state, and telemetry, and keep this separate from CVE-2026-50751.
Sources: BleepingComputer.
Update: Linux one-character local-root flaw has public exploit and patch routing
Confidence: Low
Today’s delta is public exploit and patch-routing pressure for the Linux local-root flaw. Watch distro advisories and prioritise multi-user hosts, CI runners, developer workstations, and shared bastion systems.
Sources: The Hacker News.
Update: VS Code extension auto-update delay changes extension-governance posture
Confidence: Low
Today’s delta is supply-chain governance impact from the two-hour auto-update delay. Review developer endpoint policy for approved extensions, rapid malicious-extension revocation, and visibility into delayed updates.
Sources: The Hacker News.
Update: Miasma/IronWorm npm and GitHub cluster continues to widen
Confidence: Medium
Today’s delta is expanded npm and GitHub reach. Keep duplicate rows consolidated, then scan lockfiles, npm caches, developer endpoints, and CI logs. Rotate GitHub or npm tokens where malicious package installation is confirmed.
Sources: The Hacker News and Microsoft Security Blog.
Why This Matters
The day is not defined by one patch queue. It is a routing problem across AI gateways, edge and VPN infrastructure, Java and Python dependencies, endpoint packages, WordPress, developer supply chain, and managed file transfer. The LiteLLM KEV entry deserves the fastest response because it is the newly promoted KEV item in today’s intelligence.
- Recommended Actions
- Treat LiteLLM and exposed AI gateway or proxy deployments as P1 until inventory and compensating controls are confirmed.
- Split the remaining work into named owner queues: edge/VPN, Java and application dependencies, endpoint packages, CMS, developer supply chain, and managed file transfer.
- Keep LOW / UNVERIFIED items in owner-assignment language. Do not turn feed-derived advisories into exploitation claims.
- For updated active-exploitation items, confirm fixed versions and review exposure before broadening incident scope.
All findings grounded in a13e intelligence sweeps through 04:55 UTC 09 June 2026.