{"uuid": "1b921c7d-d425-436f-8dd2-4811f823e462", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-23926", "type": "seen", "source": "https://gist.github.com/ichintu/132149d58c5ff9f9c5a0edbb57b66395", "content": "**1. Multiple Critical Vulnerabilities Patched in Next.js and React Server Components**  \nVercel issued advisories covering over a dozen CVEs in Next.js, including DoS, middleware bypass, and SSRF. The notes also address issues in React Server Components. Read more:  (May\u202f08\u202f2026).  \n\n**2. Critical 9.9 CVSS Rancher Fleet Flaw Grants Full Cluster\u2011Admin Access**  \nA pair of high\u2011severity bugs (CVSS\u202f9.9) in Rancher Fleet\u2019s GitOps engine let attackers gain unrestricted cluster\u2011admin rights. Reported by the SUSE Rancher Security team. Details:\u202f (May\u202f08\u202f2026).  \n\n**3. Zabbix Flaws Allow Monitored Hosts to Hijack Admin Dashboards**  \nThree critical flaws\u2014including XSS and an Oracle injection\u2014can allow compromised monitored hosts to take over Zabbix admin dashboards. Patch released May\u202f08\u202f2026; CVE\u20112026\u201123926 among them. More: .  \n\n**4. Canvas Breach Disrupts Schools & Colleges Nationwide**  \nAn extortion campaign defaced Canvas ESL login pages, demanding ransom and threatening data release. Roughly 275\u202fmillion students and faculty across 9,000 U.S. institutions are affected, causing widespread academic disruption.  \n\n**5. Palo Alto Networks Firewall Flaw Exploited for Weeks**  \nA critical zero\u2011day (CVE\u20112026\u20110300) in PAN\u2011OS\u2019s Captive Portal allows root\u2011level code execution without authentication. Already abused by state\u2011sponsored actors; >5,400 internet\u2011exposed firewalls at risk. Interim advice: restrict or disable the portal.  \n\n**6. Become a Millionaire by Bug Hunting on Android**  \nGoogle\u2019s bug bounty now rewards up to $1.5\u202fmillion for critical Android vulnerabilities (Pixel\u202fTitan\u202fM2) and $250,000 for Chrome. Total payouts to date exceed $81.6\u202fmillion.  \n\n**7. 13 New Critical Holes in JavaScript Sandbox (vm2) Allow Arbitrary Code Execution**  \nSuspected sandbox escapes in vm2 (CVE\u20112026\u201126956, 44007, etc.) enabling OS\u2011level command execution under specific conditions. Immediate upgrade to v3.11.2 (or at least v3.11.1) is required; otherwise use containment or hardened containers.", "creation_timestamp": "2026-05-08T04:00:39.000000Z"}