Over 1,100 New Vulnerabilities Disclosed as Critical WordPress, BeyondTrust, and ICS Flaws Face Active Exploitation Risk

CyberDefender 7 mins0

In the latest reporting period, CRIL tracked 1,102 vulnerabilities disclosed across IT and industrial control systems (ICS), of which 166 have publicly available Proof-of-Concept (PoC) exploits. Public PoCs significantly reduce the window between disclosure and exploitation, raising pressure on defenders to patch swiftly.

Critical severity was observed under both major CVSS standards:

  • CVSS v3.1 Critical: 49 vulnerabilities
  • CVSS v4.0 Critical: 32 vulnerabilities
    Additionally, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added nine vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild.

2. Newly Identified IT Vulnerabilities

This week’s report highlights several high-risk IT vulnerabilities warranting immediate attention from vulnerability management and incident response teams:

2.1 CVE-2026-1357 – WPvivid Backup & Migration Plugin (WordPress) – Critical

  • Affected Software: WPvivid Backup & Migration (WordPress plugin)
  • Vulnerability Type: Unauthenticated arbitrary file upload → Remote Code Execution
  • Cause: Improper handling of RSA decryption errors combined with unsanitized filename inputs
  • Impact: Attackers can upload malicious PHP shells to public directories, leading to unauthenticated code execution on web servers.
  • Exploit Status: Public PoC available and observed in underground discussions.

2.2 CVE-2026-1731 – BeyondTrust Remote Support & PRA – Critical

  • Affected Software: BeyondTrust Remote Support (RS) & Privileged Remote Access (PRA)
  • Vulnerability Type: OS command injection via WebSockets
  • Impact: Can allow complete system compromise, including lateral movement and persistent access.
  • Exploit Status: Public PoC available.

2.3 CVE-2025-49132 – Pterodactyl Panel – Critical

  • Affected Software: Pterodactyl game-server management panel
  • Vulnerability Type: Remote Code Execution via insufficient validation
  • Impact: Attackers may execute arbitrary code without authentication.
  • Threat Activity: Weaponized exploits actively shared on underground forums.

2.4 CVE-2026-25639 – Axios HTTP Client – High Severity

  • Affected Software: Axios HTTP client (Node.js/browser library)
  • Vulnerability Type: Denial-of-Service (DoS) via crafted JSON payloads
  • Impact: Crashing of applications that leverage Axios for HTTP requests.
  • Exploit Status: PoC publicly available.

2.5 CVE-2026-20841 – Windows Notepad – High Severity

  • Affected Software: Microsoft Notepad
  • Vulnerability Type: Command injection via crafted files
  • Impact: Local privilege escalation and potential malware execution via text documents.

3. Vulnerabilities Added to CISA’s KEV Catalog

CISA’s KEV list serves as a reliable proxy for active real-world exploitation, with adversaries confirmed targeting these flaws:

  • CVE-2026-2441 – Google Chrome: Use-after-free vulnerability enabling arbitrary code execution.
  • CVE-2025-15556 – Notepad++ Update Integrity: Exploited by the Lotus Blossom threat actor group.
    (Further KEV entries detailed in the source report.)

4. Critical Industrial Control System (ICS) Vulnerabilities

CRIL’s dataset also identified several critical vulnerabilities impacting OT and industrial network technologies, posing significant infrastructure risk:

4.1 CVE-2026-1670 – Honeywell CCTV Products – Critical

  • Impact: Remote password recovery email manipulation → Full administrative takeover.
  • Severity: CVSS 9.8, no authentication required.
  • Risk: High mass-exploitation potential for physical surveillance compromise.

4.2 CVE-2026-25715 – PUSR USR-W610 Router – Critical

  • Cause: Weak password mechanism and authentication bypass.
  • Impact: Credential compromise and arbitrary system control.
  • Note: Affected product is end-of-life, with no planned patches.

4.3 Siemens Simcenter Femap & Nastran Series – High Severity

  • Vulnerability Type: Out-of-bounds read/write and buffer overflow
  • Impact: Memory corruption and potential code execution in engineering and simulation environments.
  • Sector Impact: Critical Manufacturing and Energy systems.

5. Sector Risk Analysis & Trends

5.1 Manufacturing and ICS Exposure

Data shows Critical Manufacturing sectors account for a majority of ICS risk, highlighting persistent exposure in OT environments that lack segmentation or real-time monitoring.

5.2 PoC Propagation and Threat Actor Activity

The rapid appearance of public PoCs — often within hours of disclosure — enables adversaries to lower attack barriers and tailor exploit payloads for automated campaigns. Underground forum traffic correlates with exploitation attempts observed by Cyble’s sensor network.

6. Recommended Defensive Measures

To counter the evolving threat landscape, organizations should adopt a risk-based, layered vulnerability management strategy:

  • Prioritize Internet-facing assets: Patch externally reachable services first.
  • Segment IT and OT networks: Limit cross-domain lateral movement.
  • Enforce strong authentication: Use multi-factor authentication (MFA) and device attestation.
  • Retire or isolate EOL systems: Especially those without vendor support.
  • Continuous monitoring: Detect exploit attempts and anomalous traffic.
  • Routine vulnerability scanning and pen testing: Validate patch efficacy and coverage.

7. Conclusion: Escalating Threat Dynamics

The volume, diversity, and severity of newly disclosed vulnerabilities — paired with frequent PoC releases and KEV additions — illustrate an accelerating threat environment where patching speed and prioritization are critical. Defensive teams must leverage intelligence feeds, prioritize based on real-world exploitability, and continuously validate mitigation effectiveness.

CyberDefender