Four Critical CVEs Draw Active Exploits This Week

Four separate vulnerability disclosures drew active exploitation attempts or urgent patch warnings this week, spanning NGINX web servers, Microsoft Outlook, VMware Fusion, and the PraisonAI multi-agent framework — a concentrated burst of risk across enterprise infrastructure and AI tooling alike.

CVE-2026-42945: NGINX Heap Overflow Under Active Attack

Attacks exploiting a critical heap buffer overflow in NGINX began over the weekend, just days after F5 released patches on its quarterly schedule. The flaw, tracked as CVE-2026-42945 and assigned a CVSS score of 9.2, was introduced into the NGINX codebase 16 years ago and affects the `ngxhttprewrite_module` component in both NGINX Plus and NGINX Open Source.

According to VulnCheck, the bug stems from a two-pass process in the script engine — one pass computes the required buffer size, a second copies data into it. Because the internal engine state changes between passes, a rewrite rule containing a question mark causes an unpropagated flag to produce an undersized buffer allocation. Attacker-controlled URI data then writes past the heap boundary.

VulnCheck researcher Patrick Garrity confirmed active exploitation via the firm’s canary infrastructure. On default deployments with ASLR enabled, the practical outcome is a denial-of-service via worker process crash. RCE is possible only when ASLR is disabled — a non-default configuration — but Depthfirst, which published technical details and proof-of-concept code shortly after the patch dropped, demonstrated that the overflow size is fully attacker-controlled by padding the request URI with plus signs.

VulnCheck estimates roughly 5.7 million internet-exposed NGINX servers run a potentially vulnerable version, though exploitation also requires a specific rewrite configuration, narrowing the truly at-risk population. Administrators should apply F5’s quarterly patch immediately and audit rewrite directives.

CVE-2026-40361: Zero-Click Outlook RCE Patched in 137-Vuln Patch Tuesday

Microsoft’s latest Patch Tuesday addressed 137 vulnerabilities, but one stands out for enterprise defenders: CVE-2026-40361, a zero-click remote code execution flaw affecting a DLL shared by both Microsoft Word and Outlook.

Haifei Li, developer of the zero-day detection platform Expmon and the researcher credited with reporting the bug, posted on X that the vulnerability is a use-after-free bug triggered the moment a victim reads or previews a malicious email — no link clicks or attachment opens required. Because the flaw lives in Outlook’s email rendering engine, standard perimeter defenses offer no protection; a crafted email traverses enterprise firewalls and lands directly in the inbox.

Li drew an explicit comparison to CVE-2015-6172 (BadWinmail), a flaw he discovered over a decade ago that was labeled an “enterprise killer” at the time. He described CVE-2026-40361 as carrying the same attack vector and the same potential impact: “Essentially, anyone could compromise a CEO or CFO just by sending an email.”

Microsoft rated the vulnerability ‘exploitation more likely’. Li noted he produced only a proof-of-concept, not a working RCE exploit, but cautioned that the bar for weaponization is low given the zero-click delivery mechanism. Until the patch is applied, setting Outlook to render emails in plain text only is a valid interim mitigation, though it degrades usability.

CVE-2026-41702: VMware Fusion Privilege Escalation Ahead of Pwn2Own

Broadcom patched a high-severity privilege escalation vulnerability in VMware Fusion on Thursday. The flaw, CVE-2026-41702, is a time-of-check time-of-use (TOCTOU) race condition that occurs during an operation performed by a SETUID binary.

According to Broadcom’s advisory, a local non-administrative user can exploit the race condition to escalate privileges to root on the host system. The vendor rated the bug ‘important’, and security researcher Mathieu Farrell was credited with the report.

The timing is notable: the patch arrived as VMware products are being targeted at this week’s Pwn2Own hacking competition, where successful ESX exploits carry prizes of up to $200,000. Broadcom has deployed members of its security team to the event and may release additional patches in the coming days depending on competition outcomes. VMware Workstation, historically a high-value Pwn2Own target, has been removed from this year’s target list.

No in-the-wild exploitation of CVE-2026-41702 has been reported, but the track record for VMware flaws is poor: CISA’s Known Exploited Vulnerabilities catalog currently lists 26 VMware flaws that reached active exploitation.

CVE-2026-44338: PraisonAI Auth Bypass Scanned Within Four Hours of Disclosure

Scanning activity targeting a newly disclosed authentication bypass in the PraisonAI multi-agent framework began less than four hours after the advisory went public, according to application protection firm Sysdig.

PraisonAI versions 2.5.6 through 4.6.33 shipped with a legacy Flask API server that had authentication disabled by default. As described in a NIST advisory, any caller that can reach the server can access `/agents` to retrieve configured agent metadata and trigger the `agents.yaml` workflow via `/chat` without supplying a token.

Sysdig observed a scanner identifying itself as `CVE-Detector/1.0` probing the exact vulnerable endpoint 3 hours and 44 minutes after disclosure. Two passes ran eight minutes apart, each pushing approximately 70 requests in roughly 50 seconds. The first pass swept generic disclosure paths; the second narrowed to AI-agent surfaces. The scanner targeted `/agents` but did not send requests to `/chat`, indicating reconnaissance and host validation rather than active exploitation.

Sysdig assessed that achieving RCE through this vulnerability is not straightforward — the unauthenticated attacker can only trigger pre-configured agent workflows, not inject arbitrary commands directly. Even so, the sub-four-hour scan window illustrates how quickly AI infrastructure is being swept for weaknesses as autonomous agent frameworks proliferate.

What This Means

This week’s cluster of disclosures reflects two converging pressures on security teams. First, the gap between patch release and weaponization continues to shrink. CVE-2026-42945 moved from PoC publication to confirmed in-the-wild exploitation in under a week; CVE-2026-44338 attracted automated scanning in under four hours. Neither timeline leaves room for leisurely patch cycles.

Second, the attack surface is widening in directions that enterprise tooling wasn’t designed to monitor. The PraisonAI case is a preview: as organizations deploy AI agent frameworks — often by individual teams outside central IT governance — unauthenticated endpoints will accumulate faster than vulnerability scanners are tuned to find them. The CVE-2026-44338 scanner was already purpose-built for AI-agent surfaces, suggesting adversary tooling is keeping pace.

The Outlook flaw deserves particular urgency for organizations with large Exchange deployments. Zero-click email bugs are rare enough that each one warrants treating as a fire drill. Li’s comparison to BadWinmail is not alarmist: that 2015 vulnerability took months to fully remediate across enterprise environments despite its severity, and the new flaw shares its delivery mechanism.

Prioritization this week: patch Outlook first (zero-click, ‘exploitation more likely’), NGINX second (active exploitation confirmed, 5.7M exposed servers), VMware Fusion third (local-only but Pwn2Own pressure may accelerate public exploit availability), and audit any PraisonAI deployments for default authentication configuration.

FAQ

What is CVE-2026-42945 and who is affected?

CVE-2026-42945 is a heap buffer overflow in NGINX’s `ngxhttprewrite_module`, rated CVSS 9.2, affecting both NGINX Plus and NGINX Open Source. Servers using rewrite and set directives are at risk; VulnCheck estimates roughly 5.7 million internet-exposed instances run a potentially vulnerable version, though actual exploitability depends on specific rewrite configurations.

Does the Microsoft Outlook zero-click bug require opening an attachment?

No. CVE-2026-40361 is triggered when a victim reads or previews a malicious email in Outlook — no link clicks or attachment interaction required. Haifei Li, the researcher who reported it, described it as exploiting Outlook’s email rendering engine, which makes it difficult to block at the network perimeter.

How quickly do attackers typically scan for newly disclosed CVEs?

In the case of CVE-2026-44338 in PraisonAI, automated scanning began 3 hours and 44 minutes after public disclosure, according to Sysdig. This is consistent with a broader trend: security researchers and threat actors alike run continuous pipelines that ingest new CVE advisories and immediately generate targeted probes, meaning the window between disclosure and first scan is now measured in hours, not days.