FeedExploreAsk AIAlertsSavedProfile

Categories

AICybersecurityInfrastructureDatabaseTech Updates

Tech news that matters.

← All research

Cybersecurity

Critical CVEs of 2026

Notifire's running roll-up of the year's highest-impact vulnerabilities — what they were, who was affected, what defenders did.

Each year a small handful of CVEs reshape security practice. Heartbleed (2014), Shellshock (2014), Spectre/Meltdown (2018), Log4Shell (2021), XZ (2024). This page is Notifire's running index of the 2026 entrants: which were exploited in the wild, which forced industry-wide patching, and which changed default trust assumptions for years to come.

Notifire's editorial team curates this list against three criteria: severity (CVSS ≥ 9.0 or active exploitation), reach (millions of affected systems or supply-chain blast radius), and persistence (the disclosure changed defensive practice). News briefings on the individual CVEs are linked below as they appear.

Latest briefings on Critical CVEs of 2026

  • AI

    A Normal-Looking Image Can Jailbreak AI Models

    Researchers found a way to jailbreak vision-language AI models using tiny, invisible changes to images. This new attack method bypasses standard safety filters that only analyze text prompts, creating a significant new security risk.

    Neeraj Dhiman · 2w ago

  • Infra

    Global push to replace US cloud with open source

    At a recent UN event, global leaders argued for replacing proprietary US cloud services with open-source alternatives. This push for 'digital sovereignty' stems from a growing distrust of American tech giants and a view of open source as critical infrastructure.

    Ashish Kale · 3w ago

  • AI

    Government Request Forces OpenAI to Limit GPT-5.6 Access

    OpenAI is limiting access to its new GPT-5.6 model following a government request. The company warns this sets a concerning precedent for AI regulation, potentially restricting access to powerful tools for developers, businesses, and security teams.

    Neeraj Dhiman · 3w ago

  • Security

    New AI Coalition to Find and Fix Open Source Flaws

    Cybersecurity firm Chainguard has launched Athena, an industry coalition using AI to find and fix vulnerabilities in critical open-source software. The group aims to secure the foundational components of the internet before attackers can exploit them.

    Neeraj Dhiman · 3w ago

  • AI

    Salesforce AI Agent Only Charges for Solved Problems

    Salesforce launched a new AI help agent with a novel pricing model. Companies will only pay when the AI successfully resolves a customer issue, directly linking support costs to its actual performance and value.

    Neeraj Dhiman · 3w ago

  • AI

    Vercel Adds AI Model with Double the Throughput

    Vercel's AI Gateway now offers the GLM 5.2 Fast model, which runs with twice the throughput of other serverless options. This allows developers to build faster and more responsive AI-powered applications on the platform.

    Neeraj Dhiman · 3w ago

  • Tech

    Ukraine Open-Sources Captured Russian Military Technology

    Ukraine's Ministry of Defence has launched TrophyLab, a new platform open-sourcing intelligence on captured Russian military hardware. Verified allies can access technical data, schematics, and even request physical samples to develop countermeasures.

    Taranpreet Singh · 3w ago

  • Infra

    Find and Fix Workflow Bugs Faster on Vercel

    Vercel has launched a redesigned trace viewer for its Workflows tool. The update helps developers debug complex processes more quickly by making it easier to search, zoom, and inspect each step of a workflow run.

    Ashish Kale · 3w ago

  • AI

    OpenAI Is Using AI to Fix Open-Source Flaws

    OpenAI is now using AI to automatically find and fix security bugs in popular open-source projects. The "Patch the Planet" initiative aims to secure the software supply chain that underpins countless enterprise applications.

    Neeraj Dhiman · 3w ago

  • Infra

    Vercel Wants to Replace Your Feature Flag Tool

    Vercel has launched its own feature flagging tool, built directly into its platform. This gives developers a native way to safely roll out new features and test changes, potentially replacing third-party services like LaunchDarkly.

    Ashish Kale · 3w ago

  • AI

    Cursor Acquires Open-Source Copilot Rival Continue

    AI code editor Cursor has acquired Continue, an open-source alternative to GitHub Copilot. The move signals further consolidation in the competitive market for AI-powered developer tools, reducing the number of independent players.

    Neeraj Dhiman · 3w ago

  • Infra

    Vercel Now Lets You Build Real-Time Apps

    Vercel now supports WebSockets in its serverless functions, a long-requested feature. This allows developers to build real-time applications like live chats and collaborative tools directly on the platform, paying only for active processing time.

    Ashish Kale · 3w ago

  • Tech

    US Space Force Just Ran a Secretive Space Drill

    The US Space Force and Rocket Lab quietly launched a satellite from New Zealand in a rapid-response military drill. The exercise tests the ability to quickly deploy space assets during a crisis, with little to no advance notice.

    Taranpreet Singh · 3w ago

  • Infra

    Vercel Unlocks 24-Hour Sessions for Developers

    Vercel now allows its Sandboxes to run for up to 24 hours, a major increase from the previous five-hour limit. This change helps developers run complex, long-running tasks like large data processing and extensive testing.

    Ashish Kale · Jun 17, 2026

  • Infra

    Vercel Adds a Stop Button for In-Flight Workflows

    Vercel's Workflow SDK now lets developers cancel long-running tasks while they're still in progress. This gives them more control over complex application processes and helps prevent wasted resources on jobs that are no longer needed.

    Ashish Kale · Jun 16, 2026

  • Security

    Chrome and Defender Under Active Attack

    Google issued an urgent update for a critical Chrome vulnerability that could allow code execution. Meanwhile, attackers are actively exploiting flaws in Microsoft Defender. Other security news includes scrutiny of child safety on major platforms and new spyware detection tools.

    Neeraj Dhiman · Jun 16, 2026

  • Security

    Critical GDAL Library Vulnerability Discovered

    A high-severity vulnerability has been discovered in the Geospatial Data Abstraction Library (GDAL). The flaw, located in its bundled LibTIFF component, could allow an attacker to execute arbitrary code, cause a denial of service, or access sensitive information by using a specially crafted TIFF image file.

    Neeraj Dhiman · Jun 16, 2026

  • Security

    Open-source private security camera updated

    Secluso, an open-source home security camera system, has been updated. Formerly Privastead, it offers end-to-end encryption using OpenMLS and focuses on user privacy. The system is designed for easy deployment on hardware like the Raspberry Pi, providing a private alternative to commercial IoT solutions.

    Neeraj Dhiman · Jun 16, 2026

  • Data

    Elastic Releases Important Security Update

    Elastic has released version 8.19.16 of the Elastic Stack, a security patch that addresses potential vulnerabilities. The company recommends all users upgrade to this latest version to ensure their deployments are protected. This update supersedes previous versions and is crucial for maintaining system security.

    Taranpreet Singh · Jun 16, 2026

  • Security

    Multiple Security Flaws Found In MediaWiki

    Multiple vulnerabilities have been discovered in MediaWiki, the popular open-source wiki software. The flaws could allow attackers to determine if users have two-factor authentication enabled and to view the titles of intentionally hidden log entries, posing a risk to user privacy and site security.

    Neeraj Dhiman · Jun 16, 2026

  • Security

    Ubuntu SSSD Flaw Creates Service Disruption

    A vulnerability was discovered in Ubuntu's System Security Services Daemon (SSSD). A local attacker can exploit this by sending malformed data to the PAM passkey responder, causing it to crash. This results in a denial of service, preventing users from authenticating on affected systems.

    Neeraj Dhiman · Jun 16, 2026

  • Security

    A Perl Library Flaw Makes Passwords Easier to Crack

    The Crypt-SaltedHash library for Perl used a weak method to generate random "salts," a key part of password security. This makes the salts predictable, allowing attackers to more easily crack hashed passwords on systems using this library.

    Neeraj Dhiman · Jun 16, 2026

  • Security

    Ubuntu Patches Local Eavesdropping Vulnerability

    Ubuntu has released a security update for its 20.04 LTS version, addressing a vulnerability in the xdg-dbus-proxy component. The flaw could allow a local attacker to intercept certain D-Bus messages by exploiting incorrect handling of policy rules. Users are advised to apply the patch promptly.

    Neeraj Dhiman · Jun 16, 2026

  • Security

    Ubuntu Patches Flaw That Lets JPEGs Crash Apps

    Ubuntu has patched a critical vulnerability in its GDK-PixBuf image library. A specially crafted JPEG file could crash an application, cause a denial of service, or even allow an attacker to execute arbitrary code on affected systems.

    Neeraj Dhiman · Jun 16, 2026

  • Security

    NNCP Flaw Allows Remote File Access

    A security vulnerability has been found in the NNCP file transfer utility. The flaw allows a remote attacker to bypass directory restrictions and read or write files anywhere on the system. This is a high-severity path traversal issue affecting users of this specific tool.

    Neeraj Dhiman · Jun 16, 2026

  • Security

    Ubuntu 20.04 Flaw Lets Attackers Crash Systems

    A security flaw has been found in a core audio library on Ubuntu 20.04 LTS. Attackers could exploit it with a special file to crash applications or potentially run malicious code, requiring an immediate system update.

    Neeraj Dhiman · Jun 16, 2026

  • Security

    Security Flaw in Ubuntu Papers App

    A remote code execution vulnerability was found in the Papers reference management app on Ubuntu. Attackers can exploit it by tricking users into opening a malicious PDF file, potentially allowing them to run arbitrary code. The flaw stems from how the application handles specific PDF actions.

    Neeraj Dhiman · Jun 16, 2026

  • Security

    Vulnerability Found in Highlight.js Library

    A prototype pollution vulnerability has been discovered in Highlight.js, a widely-used syntax highlighting library. The flaw could allow an attacker to cause a denial of service or trigger unexpected application behavior. It affects web applications that use the library for displaying code snippets.

    Neeraj Dhiman · Jun 16, 2026

  • Security

    Media File Flaw Puts Legacy Ubuntu Servers at Risk

    A security patch has been released for a critical GStreamer vulnerability affecting Ubuntu 16.04 LTS. Malicious AVI files could allow attackers to crash systems or run arbitrary code, making this update crucial for teams managing legacy infrastructure.

    Neeraj Dhiman · Jun 16, 2026

  • Security

    Texmaker Vulnerability Allows Code Execution

    A security flaw has been discovered in the Texmaker LaTeX editor. The vulnerability stems from how the application handles TIFF image files, allowing a malicious image to cause a denial of service, leak sensitive information, or permit remote code execution on a user's system.

    Neeraj Dhiman · Jun 16, 2026

Frequently asked questions

What makes a CVE “critical”?

A CVSS base score ≥ 9.0, plus at least one of: active in-the-wild exploitation, very large affected population, or remote unauthenticated RCE. Notifire applies the same bar to its critical list.

Where can I subscribe to CVE alerts?

The NVD RSS feed, CISA's Known Exploited Vulnerabilities (KEV) catalog, and vendor PSIRT mailing lists. Notifire's /security RSS feed (notifire.in/rss.xml filtered to security) covers the highest-impact disclosures.

How fast should we patch a critical CVE?

Active in-the-wild exploitation: same day. Critical remote unauthenticated RCE without active exploitation: 72 hours. Critical authenticated or local: 14 days, prioritised against business risk. CISA mandates 14 days for KEV-listed CVEs on US federal systems.

What is SBOM-driven CVE response?

Maintain a signed Software Bill of Materials for every artifact in production; when a CVE drops, query the SBOM database to find every running workload that contains the vulnerable component. Reduces MTTD on a new CVE from days to minutes.

✦ Notifire newsletter

Follow Critical CVEs of 2026

We track Critical CVEs of 2026 as the news cycle moves. Get the briefings that matter in your inbox — free, no spam.

The day's most important tech briefings. No spam, unsubscribe anytime.

Related topics

  • Software supply-chain security
  • Kubernetes security

Tech intelligence for engineering teams

Short, verified briefings on AI, cybersecurity, infrastructure, and data — with the analysis and action steps that matter. Every briefing is sourced, fact-checked, and bylined to a named editor.

[email protected]Story tips & corrections welcomeHow we report →

The Notifire briefing

Verified tech intelligence in your inbox — AI, security, infra, and data.

The day's most important tech briefings. No spam, unsubscribe anytime.

Sections

  • AI
  • Cybersecurity
  • Infrastructure
  • Database
  • Tech Updates
  • Web3 & Chains

Newsroom

  • About Notifire
  • Editorial team
  • Editorial standards
  • Methodology
  • AI disclosure
  • Corrections

Resources

  • Explore
  • Research hubs
  • Comparisons
  • Tech glossary
  • FAQ
  • Alerts & watchlists

Follow

  • RSS feed
  • Atom feed
  • LinkedIn
  • X / Twitter
  • Facebook
  • Instagram
  • YouTube
© 2026 NotifirePrivacyTermsCorrections
An independent, AI-assisted publication. Built at </Alpheric>
IntelligenceLive panel
Live

Top trending

Last 24h

    Popular tags

    Add to watchlist

    +OpenAI+Claude+PostgreSQL+Kubernetes+Cloudflare+AWS+CVE Critical

    Notifire score

    0–100 priority signal — combines impact, freshness, trending velocity, and source credibility.

    FeedExploreAskAlertsSavedProfile