The CVE Watchtower: Weekly Threat Intelligence Briefing (May 4 – May 10, 2026)

Welcome to your weekly vulnerability digest. If you thought the threat landscape was plateauing as we entered May, think again. This past week saw a massive spike in vulnerability disclosures, coupled with highly targeted zero-day exploitations against enterprise firewalls, AI proxy gateways, and endpoint management software.

Between May 4 and May 10, 2026, the global cybersecurity community logged an overwhelming 1,928 new vulnerabilities. Threat actors are actively exploiting edge devices and AI infrastructure, meaning the perimeter you secured last week is already under fire today.

Here is the unfiltered intelligence you need to prioritize your week.

By the Numbers: The Week at a Glance

When triaging almost two thousand vulnerabilities, context is your only defense against alert fatigue. Here is the severity breakdown of this week’s new disclosures:

• Critical (CVSS 9.0–10.0): 173
• High (CVSS 7.0–8.9): 565
• Medium (CVSS 4.0–6.9): 587
• Low (CVSS 0.1–3.9): 91
• Unknown/Pending Analysis: 512

With 173 Critical flaws, the sheer volume is alarming. However, our immediate focus must shift to the vulnerabilities that threat actors are actively weaponizing right now.

The CISA KEV Hotlist: Edge Devices and AI Gateways Breached

The Cybersecurity and Infrastructure Security Agency (CISA) added three highly critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog this week. If these technologies reside in your infrastructure, drop what you are doing—these are active fire drills:

1. Palo Alto Networks PAN-OS (CVE-2026-0300): A catastrophic buffer overflow vulnerability exists in the User-ID™ Authentication Portal (Captive Portal) of PAN-OS. This actively exploited flaw allows an unauthenticated, remote attacker to execute arbitrary code with root privileges on affected PA-Series and VM-Series firewalls. If your Captive Portal is exposed to the internet, assume you are breached.

2. LiteLLM AI Gateway (CVE-2026-42208): The assault on AI infrastructure continues. LiteLLM, a popular proxy server used to route and manage LLM API calls, suffers from a severe database query vulnerability. Attackers are currently exploiting this flaw to compromise the AI gateway, potentially gaining access to API keys, training data, and prompt routing logs.

3. Ivanti EPMM (CVE-2026-6973): Ivanti Endpoint Manager Mobile (EPMM) is back in the crosshairs. An improper input validation flaw allows a remotely authenticated user with administrative privileges to bypass deeper security controls. Threat actors are leveraging this to solidify footholds within enterprise networks.

In the Wild: Active Exploitation Radar

Beyond the CISA KEV list, our internal Watchtower telemetry flagged additional severe threats currently marked as ACTIVE in the wild:

• Linux Kernel “Dirty Frag” & IPSec Exploits (CVE-2026-43500 & CVE-2026-43284): Two complex Linux kernel vulnerabilities are seeing active use. One involves page-cache manipulation via nonlinear skb splices (“Dirty Frag”), and the other allows out-of-bounds access via in-place decryption on shared skb frags in the IPSec (ESP) stack. These are highly sophisticated local privilege escalation vectors.
• MetInfo CMS (CVE-2026-29014): Rated Critical (CVSS 9.8), this unauthenticated PHP code injection flaw in MetInfo CMS versions 7.9 through 8.1 is currently being exploited to execute arbitrary commands and establish web shells on compromised servers.

The Maximum Severity Flaws

A CVSS score of 10.0 means a vulnerability is trivial to exploit remotely, requires no authentication, and results in total system compromise. This week, we saw a cluster of maximum-severity flaws utterly dismantle the vm2 Node.js sandbox environment.

• The vm2 Sandbox Escapes (CVE-2026-44005, CVE-2026-43997, CVE-2026-44006): Security researchers uncovered multiple ways to break out of the vm2 sandbox. By exploiting mutable proxies, intrinsic prototypes, and BaseHandler.getPrototypeOf, attackers can bypass the sandbox entirely and achieve remote code execution on the underlying host operating system. Note: If your application relies on vm2 to execute untrusted code, you have zero isolation.
• Gotenberg API (CVE-2026-40281 – CVSS 10.0): Gotenberg, a popular Docker-powered stateless API for PDF generation, suffers from a severe input validation failure in its metadata write endpoint, allowing attackers to compromise the container.
• GV-VMS V20 (CVE-2026-42369 – CVSS 10.0): A massive flaw in this native Windows Video Monitoring Software allows attackers to entirely compromise the surveillance management servers.

The Bottom Line

For the System Administrators and Engineers: Your immediate priority is the network edge. Restrict access to the Palo Alto User-ID Authentication Portal immediately, ensuring it is only accessible from trusted internal IP segments. Next, apply emergency patches to Ivanti EPMM and audit your environment for the MetInfo CMS vulnerability.

For the CISOs and Security Directors: Two alarming trends solidified this week. First, the active exploitation of the LiteLLM proxy proves that attackers are no longer just looking at web apps—they are hunting the connective tissue of your AI deployments. Second, the cluster of CVSS 10.0 sandbox escapes in vm2 serves as a stark reminder: software-based sandboxes are fragile. Do not rely on JavaScript virtualization to contain hostile code; transition to hardware-backed or containerized isolation immediately.