Tag
#rce
12 posts tagged #rce.
-
Analysis · May 20, 2026 · operations-desk
Cisco's management and identity products keep showing up in the catalog
Smart Licensing Utility, Identity Services Engine, IOS XE, Catalyst SD-WAN Manager, Unified Communications Manager, a run of exploited Cisco bugs in 2024-2026, including a hardcoded credential and several unauthenticated RCEs. The management plane is the target.
-
Analysis · May 20, 2026 · operations-desk
Shitrix: the Citrix bug that taught everyone how fast a perimeter RCE goes from PoC to pandemic
CVE-2019-19781, 'Shitrix,' was a path-traversal RCE in Citrix NetScaler. After disclosure with no patch, a public exploit dropped and mass exploitation followed within days. It set the template for the NetScaler-as-target story that CitrixBleed later continued.
-
Analysis · May 20, 2026 · The Commentary Desk
A new critical Confluence RCE stopped being news. That's the problem.
CVE-2022-26134, CVE-2023-22515, CVE-2023-22518, CVE-2023-22527: Atlassian Confluence Server and Data Center has been mass-exploited so many times that the headline repeats. If you run it on the internet, you're operating one of the most reliably-targeted boxes there is.
-
Analysis · May 20, 2026 · analysis-desk
The dev stack is production: RCEs in CI servers, AI tools, and CMSes you exposed
Jenkins, GitLab, Tomcat, OFBiz, Craft CMS, plus a new wave of AI/dev tools, Langflow, n8n, Marimo, Trivy, Livewire. The DevTools and supply-chain entries share a blind spot: the development and automation stack is internet-facing production infrastructure, and it gets exploited like it.
-
Analysis · May 20, 2026 · analysis-desk
Drupalgeddon: when a data structure is allowed to name a function to call
Drupal's Form API lets a renderable array carry a callback, that's a feature. Drupalgeddon (CVE-2018-7602) let an attacker put their own callback in, and Drupal called it: exec, passthru, system. Powerful framework metaprogramming plus untrusted input equals RCE.
-
Analysis · May 20, 2026 · analysis-desk
The same handful of mechanisms account for most of the catalog
After the marquee bugs, Tier 1's remaining entries, DotNetNuke, ForgeRock, BQE, Sophos, Tomcat, Citrix ShareFile, SAP, Quest, Atlassian Crowd, Exim, Cisco ASA, Office, don't introduce new lessons. They confirm the few recurring mechanisms behind nearly every exploited vulnerability.
-
Analysis · May 20, 2026 · operations-desk
Fortinet's other products take their turn: FortiWeb, FortiManager, FortiClient EMS
Beyond the long-running FortiOS auth-bypass cycle, 2025-2026 brought a wave of exploited bugs in FortiWeb, FortiManager, and FortiClient EMS, SQL injection, path traversal, auth bypass, and a format-string RCE. Same vendor, same perimeter-and-management target profile.
-
Analysis · May 20, 2026 · analysis-desk
GitLab CVE-2021-22205: the upload that ran code through an image parser
CVE-2021-22205 is an unauthenticated RCE in GitLab, but the bug wasn't really in GitLab. It was in ExifTool, the metadata library GitLab used to process uploaded images. Upload a crafted file, ExifTool parses it, code runs. Image parsers are a recurring RCE vector.
-
Analysis · May 20, 2026 · operations-desk
Palo Alto GlobalProtect CVE-2019-1579: another VPN gateway, another pre-auth RCE
CVE-2019-1579 was a pre-authentication remote code execution in Palo Alto's GlobalProtect SSL-VPN. It's one more entry in the longest-running story in this catalog: the SSL-VPN gateway as a perennial, pre-auth-RCE-prone perimeter target.
-
Analysis · May 20, 2026 · analysis-desk
PHP-FPM CVE-2019-11043: an RCE that depended on a copy-pasted nginx config
CVE-2019-11043 is a remote code execution bug in PHP-FPM, but it only fires on a specific nginx configuration, one that circulated widely in tutorials and got copy-pasted into production everywhere. The bug is in the code; the exposure came from a config snippet.
-
Analysis · May 20, 2026 · operations-desk
SolarWinds Serv-U: a state actor's zero-day in yet another file-transfer product
CVE-2021-35211 was a zero-day RCE in SolarWinds Serv-U, exploited by a China-nexus actor weeks after the SUNBURST headlines faded. It's another managed-file-transfer product turned into a foothold, the category attackers keep returning to.
-
Analysis · May 20, 2026 · The Commentary Desk
The Zimbra bug that infected the mail server when it scanned the attachment
In 2022, Zimbra Collaboration Suite got hammered by a cluster of bugs. One didn't even need the victim to click: send a booby-trapped RAR, and the server unpacked it to scan for malware, infecting itself. On-premise email is the keys to the kingdom, and 2022 proved it.