Skip to dossier
fruition.net
verified 7h ago
The Perimeter · Issue 05-22-2026

Cisco SD-WAN, PAN-OS captive portal, and a TanStack supply-chain worm

Two critical perimeter bugs are being exploited right now: CISA issued Emergency Directive 26-03 ordering federal agencies to patch Cisco Catalyst SD-WAN Manager/Controller (CVE-2026-20182) by Sunday, and Palo Alto's PAN-OS captive portal zero-day (CVE-2026-0300) is under active exploitation with patches just now landing. Both are unauthenticated, both give attackers full control of the device. The supply chain had its worst week of 2026 so far. The 'Mini Shai-Hulud' worm compromised 84 npm artifacts across TanStack, Mistral, and others using a GitHub Actions Pwn Request chained to OIDC token theft — and produced valid SLSA Level 3 attestations on the malicious builds. OpenAI told macOS users to update. Separately, node-ipc was hit again. On the WordPress side, Breeze Cache (400K installs) is being actively exploited, Slider Revolution 7 ships an authenticated RCE, and Avada Builder (1M installs) has an arbitrary file read plus SQLi. This week, recalculate trust in your build provenance: SLSA attestations are no longer sufficient evidence that a package is clean, and any team running ingress-adjacent Cisco or Palo Alto kit should treat patch windows as hours, not days.
Published
Friday, May 22, 2026
Entries
12
Cadence
Weekly · Fridays
Curator
Brad Anderson
Wire
cisa.gov New addition to the Known Exploited Vulnerabilities catalog ·
github.com GHSA: critical npm package compromise affecting CI pipelines ·
wordfence.com WordPress plugin vulnerability with active exploitation ·
drupal.org Highly critical core security advisory published ·
aws.amazon.com AWS security bulletin: IAM policy evaluation update ·
unit42.paloaltonetworks.com Threat actor expands toolkit targeting public-facing PHP apps ·
krebsonsecurity.com Breach disclosure with named victim and confirmed initial vector ·
snyk.io Composer dependency advisory affecting production framework versions ·
cisa.gov New addition to the Known Exploited Vulnerabilities catalog ·
github.com GHSA: critical npm package compromise affecting CI pipelines ·
wordfence.com WordPress plugin vulnerability with active exploitation ·
drupal.org Highly critical core security advisory published ·
aws.amazon.com AWS security bulletin: IAM policy evaluation update ·
unit42.paloaltonetworks.com Threat actor expands toolkit targeting public-facing PHP apps ·
krebsonsecurity.com Breach disclosure with named victim and confirmed initial vector ·
snyk.io Composer dependency advisory affecting production framework versions ·
01

Web Application

frameworks · browsers · authentication flows

github.com 2d CVSS 8.1

FrankenPHP: Unicode path-splitting flaw lets non-PHP files execute as PHP (CVE-2026-45062)

FrankenPHP's splitPos() in cgi.go misuses golang.org/x/text/search with IgnoreCase when request paths contain non-ASCII bytes, letting an attacker make FrankenPHP treat a non-.php file as a PHP script. Where attackers can place file content via uploads or object storage, this escalates to RCE. CVSS 8.1.

CVE-2026-45062 FrankenPHP
Fruition take

If you've adopted FrankenPHP for any Laravel/Symfony container — particularly with user uploads served from the document root — patch immediately and audit upload paths for any extension allowlist gaps.

02

Supply Chain

packages · build systems · dependency attacks

snyk.io this week
▲ headline

Mini Shai-Hulud worm compromises 84 npm artifacts across TanStack, Mistral, and others — first attack with valid SLSA L3 attestations

Snyk reports a worm chained a GitHub Actions 'Pwn Request,' cache poisoning, and OIDC token extraction from runner memory to publish 84 malicious artifacts across 42 @tanstack/* packages plus @squawk/* and @mistralai/*. The malicious builds carry valid SLSA Build Level 3 attestations, the first npm supply-chain attack to do so. OpenAI told macOS users to update affected dependencies.

@tanstack/* npm packages @mistralai/* npm packages @squawk/* npm packages GitHub Actions OIDC
Fruition take

Audit lockfiles for @tanstack/*, @mistralai/*, and @squawk/* installs from the May 11–14 window; pin to known-good versions and rotate any npm/GitHub tokens used by CI in that period. SLSA attestations alone no longer prove a package is clean — your CI's OIDC trust boundary is now part of the supply chain.

github.com 3d CVSS 9.8

vm2 sandbox escape via async generator (CVE-2026-45411, CVSS 9.8)

A new sandbox breakout in vm2 lets attacker code escape the sandbox and execute arbitrary commands on the host by catching host exceptions through yield* inside an async generator. CVSS 9.8. vm2 has been deprecated for over a year, but the package still pulls ~3M weekly npm downloads through transitive dependencies.

CVE-2026-45411 vm2
Fruition take

If anything in your dependency graph still resolves vm2, treat it as remote code execution: vm2 3.11.3 patches this escape, but the package is deprecated and has a long history of sandbox breakouts, so use 3.11.3 only as a stopgap while you migrate to isolated-vm. Run `npm ls vm2` across services this week.

03

Infrastructure

kubernetes · cloud · network · ingress

unit42.paloaltonetworks.com 1w CVSS 7.8

'Copy Fail' (CVE-2026-31431) Linux kernel LPE: stealthy root across millions of hosts

Unit 42 details CVE-2026-31431, a high-severity Linux kernel local privilege escalation enabling stealthy root access. Cloudflare separately published its detection and mitigation response, confirming no malicious exploitation on its fleet. Patch availability varies by distribution; container hosts and shared-tenant nodes are the priority targets.

CVE-2026-31431 Linux kernel
Fruition take

For Kubernetes operators: patch worker node kernels on the next maintenance window and confirm seccomp/AppArmor profiles are actually enforced on workloads — Copy Fail is the kind of LPE that turns a container escape from a research curiosity into one-shot root.

04

PHP & CMS

wordpress · drupal · plugins · php frameworks

wordfence.com this week

Burst Statistics (200K WordPress sites): critical authentication bypass

Wordfence's PRISM research platform found a critical authentication bypass in Burst Statistics, installed on 200,000+ WordPress sites. Disclosed May 8; patched version available. Combined with the Breeze and Avada disclosures, three high-impact WordPress plugin advisories landed this week.

Burst Statistics WordPress plugin
Fruition take

Burst is often left enabled on sites that no longer actively use it for analytics — sweep client estates for stale activations and either update or deactivate.

wordfence.com this week

Avada Builder (1M installs): arbitrary file read and SQL injection

Wordfence disclosed an Arbitrary File Read and an SQL Injection in Avada Builder, used on roughly 1,000,000 WordPress sites. Both flaws allow data disclosure including credentials and database contents. Patched versions are available; no in-the-wild exploitation reported yet but disclosure on a million-site plugin draws attention fast.

Avada Builder WordPress plugin
Fruition take

Avada is shipped on most premium Avada theme installs — push the Builder update to all managed sites this week, not next sprint, before exploit code circulates.

wordfence.com 1w

Slider Revolution 7 patches authenticated arbitrary file upload to RCE

Slider Revolution patched an authenticated arbitrary file upload reachable by subscriber-level users, enabling RCE. While the plugin reports 5M+ installs, only the ~45,000 sites on 7.0+ are affected — the bug was introduced in the 7.x rewrite. Reported April 18; patch available.

Slider Revolution WordPress plugin
Fruition take

Check if any client site runs Slider Revolution 7.x with open registration enabled — that combination is the immediate exposure. On older 6.x installs you can defer, but plan the 7.x upgrade path.

wordfence.com 1w

Breeze Cache (400K WordPress sites) under mass exploitation for unauthenticated RCE

Wordfence disclosed a critical Arbitrary File Upload in Breeze Cache (~400,000 active installs) on April 22; exploitation began the same day. The flaw lets unauthenticated attackers upload PHP backdoors. Wordfence has blocked 30,000+ exploit attempts. A patched version shipped April 21.

Breeze Cache WordPress plugin
Fruition take

If any managed WordPress site has Breeze installed, confirm it's on the patched build and grep wp-content/uploads for recent .php drops — same-day exploitation means many sites were hit before site owners patched. Add Breeze to your standard WAF virtual-patch list for client estates.

05

Identity & Auth

oauth · saml · iam · session attacks

cloud.google.com 2d

Mandiant: UNC6671 'BlackFile' uses vishing + AiTM to bypass MFA on M365 and Okta

Google Threat Intelligence Group tracks UNC6671 ('BlackFile') running an extortion operation that combines voice phishing with adversary-in-the-middle SSO compromise against Microsoft 365 and Okta. Once inside, operators run Python and PowerShell to programmatically exfiltrate data. AiTM bypasses traditional MFA — phishing-resistant factors are the only durable defense.

Microsoft 365 Okta
Fruition take

If your Auth0 or Okta tenants still allow push or TOTP as a primary factor for admins, this is the campaign to cite when forcing the move to WebAuthn/passkeys. Audit conditional-access policies for any 'trusted location' loophole that AiTM proxies can ride through.

06

Threat Intel

active exploitation · breaches · ransomware

nvd.nist.gov 3d KEV CVSS 10.0
▲ headline

CISA Emergency Directive 26-03: Cisco Catalyst SD-WAN auth bypass (CVE-2026-20182) under active exploitation

CISA added CVE-2026-20182 to KEV and issued Emergency Directive 26-03 requiring federal agencies to patch by Sunday. The flaw lets an unauthenticated remote attacker bypass authentication and gain admin on Cisco Catalyst SD-WAN Manager and Controller. Cisco shipped fixes Thursday; exploitation is observed in the wild. This is the second CVSS 10.0 Cisco network-control bug exploited this year.

CVE-2026-20182 Cisco Catalyst SD-WAN Manager Cisco Catalyst SD-WAN Controller
Fruition take

If you run Catalyst SD-WAN Manager or Controller anywhere in your edge path, patch this weekend and audit admin accounts and recent config pushes — pre-patch exploitation has been confirmed. Treat any SD-WAN management plane reachable from the internet as compromised until you've reviewed access logs.

nvd.nist.gov 2d KEV

Microsoft Exchange OWA XSS (CVE-2026-42897) added to CISA KEV

CISA added CVE-2026-42897, a cross-site scripting flaw in Outlook Web Access during web page generation, to the Known Exploited Vulnerabilities catalog. Under specific interaction conditions, arbitrary JavaScript runs in the user's browser context. Federal agencies must apply mitigations per BOD 22-01.

CVE-2026-42897 Microsoft Exchange Server Outlook Web Access
Fruition take

Any Exchange Server with internet-facing OWA needs the patch this cycle — XSS in OWA is consistently weaponized for session theft against admin accounts.

nvd.nist.gov 1w KEV CVSS 9.3

PAN-OS captive portal zero-day (CVE-2026-0300) actively exploited for unauthenticated RCE as root

Unit 42 confirms in-the-wild exploitation of an out-of-bounds write in the PAN-OS User-ID Authentication Portal (Captive Portal) allowing unauthenticated RCE as root on PA-Series and VM-Series firewalls. Added to CISA KEV May 6; Palo Alto released patches May 13. Workaround: restrict Captive Portal to trusted zones or disable it.

CVE-2026-0300 Palo Alto Networks PAN-OS PA-Series firewalls VM-Series firewalls
Fruition take

If any PAN-OS device exposes the User-ID Authentication Portal to untrusted networks, patch now or disable the portal — root RCE is being exploited. Pull packet captures and review GlobalProtect/User-ID logs for the IoCs in Unit 42's brief before assuming clean.