Interlock/The Gentlemen exploiting appliances & dev supply chain
Key Questions
Which NGINX vulnerability is actively being exploited?
CVE-2026-42945 is a critical heap-based RCE flaw in NGINX that is under active exploitation. It can lead to crashes or code execution when ASLR is disabled.
What recent zero-day affects Palo Alto PAN-OS?
A zero-day RCE vulnerability in Palo Alto PAN-OS is being exploited in the wild. Organizations are urged to apply patches and monitor for indicators of compromise.
Which Cisco products have been targeted by UAT 8616?
Cisco SD-WAN (CVE-2026-20182) and Secure Workload have seen exploitation by UAT 8616. Both flaws allow remote code execution without authentication.
What does the Rapid7 report say about zero-click vulnerabilities?
Rapid7's Q1 2026 Threat Landscape Report found that half of actively exploited vulnerabilities were zero-click and network-facing. This trend underscores the dominance of appliance and supply-chain attacks.
Which additional vendors have faced recent supply-chain or appliance breaches?
Fortinet, Ivanti, cPanel, MOVEit, Quest KACE, ABB, and GitHub have all reported incidents. These reflect broader exploitation of development and device supply chains.
What is the status of MS Exchange CVE-2026-42897?
The XSS vulnerability CVE-2026-42897 in Microsoft Exchange has been added to CISA's KEV catalog. Immediate patching is recommended for affected systems.
Why is urgent inventory and patching advised?
Multiple high-impact CVEs across network appliances and supply chains are being actively exploited. Rapid inventory and remediation reduce exposure to these threats.
What trend is emerging in network vulnerability exploitation?
Zero-click, network-facing vulnerabilities now account for the majority of real-world exploitation. Attackers increasingly target appliances and development pipelines.
NGINX CVE-2026-42945 heap RCE active; MS Exchange CVE-2026-42897 XSS (CISA KEV); Palo Alto PAN-OS zero-day RCE; Cisco SD-WAN CVE-2026-20182 exploited by UAT 8616 and Secure Workload RCE; plus Fortinet/Ivanti/cPanel/MOVEit/Quest KACE/ABB/GitHub supply chain breach. Rapid7 confirms zero-click network vulns dominant. Urgent inventory/patch. Status: developing.