cybr.cx | Daily Digest — May 12, 2026

Critical Vulnerabilities

CVE-2026-8260 | D-Link DCS-935L | CVSS 8.8 — HIGH
A remotely exploitable buffer overflow in the HNAP service of D-Link DCS-935L cameras (firmware ≤1.10.01) lets an unauthenticated attacker manipulate the AdminPassword parameter and potentially execute arbitrary code. A public exploit is already circulating. If you have these cameras on any network segment, isolate or replace them immediately — D-Link's end-of-life track record on this hardware line is not encouraging.

CVE-2026-45006 | OpenClaw (before 2026.4.23) | CVSS 8.8 — HIGH
An improper access control flaw in OpenClaw's gateway tool allows compromised AI models to bypass an incomplete denylist and push unsafe configuration changes via config.apply and config.patch. The blast radius is significant: attackers can persist modifications affecting command execution, network behaviour, credentials, and operator policies. If you're running AI gateway infrastructure on OpenClaw, treat this as a priority patch.

CVE-2026-43640 | Bitwarden Server (pre-v2026.4.1) | CVSS 8.1 — HIGH
Any authenticated user holding SCIM management privileges can retrieve or rotate an organisation's SCIM API key using only a valid session — no master-password re-authentication required. SCIM keys control user provisioning across your entire org; exposure here means an attacker with a hijacked admin session can silently enumerate or manipulate your directory sync. Patch or upgrade to v2026.4.1 immediately.

CVE-2026-4802 | Red Hat Cockpit | CVSS 8.0 — HIGH
Unsanitised parameters within crafted links in Cockpit's system logs UI allow remote attackers to inject shell metacharacters and trigger arbitrary command execution on the host. Cockpit is widely deployed for Linux server management, making this particularly attractive to post-compromise lateral movement. Update to the latest patched release and audit who has access to the Cockpit interface.

CVE-2026-43639 | Bitwarden Server (pre-v2026.4.0) | CVSS 8.0 — HIGH
A missing authorisation check lets a provider service user add any arbitrary organisation to their provider via a single POST request, resulting in full organisation takeover. This only affects cloud-hosted Bitwarden deployments — self-hosted installations block the endpoint by design. Cloud customers should verify they're on v2026.4.0 or later and audit provider-level service accounts.

CVE-2026-43500 | Linux Kernel (rxrpc) | CVSS 7.8 — HIGH
The rxrpc subsystem fails to unshare DATA and RESPONSE packets that carry paged fragments but aren't cloned, potentially allowing memory corruption in kernel space. The fix ensures unsharing happens regardless of clone state. Distributions shipping kernels with the rxrpc subsystem enabled should apply upstream patches promptly.

CVE-2026-45004 | OpenClaw (before 2026.4.23) | CVSS 7.8 — HIGH
OpenClaw's plugin setup resolver loads setup-api.js from the current working directory. An attacker who can place a malicious file at extensions/<plugin>/setup-api.js in a repository — and convince a user to run any OpenClaw command from that directory — achieves arbitrary JavaScript execution. Classic path-confusion supply chain risk; treat any OpenClaw workspace from an untrusted source as a potential code execution vector until patched.

CVE-2026-44995 | OpenClaw (before 2026.4.20) | CVSS 7.3 — HIGH
Malicious workspace configurations can inject dangerous environment variables (NODE_OPTIONS, LD_PRELOAD, BASH_ENV) into spawned MCP server processes, leading to code execution at session start. Three OpenClaw CVEs in one week is a pattern worth noting — if OpenClaw is in your toolchain, a full audit of your workspace configurations is warranted alongside patching.

Headline News

AI-Assisted Zero-Day Delivers First Known Mass-Exploitation 2FA Bypass
Threat actors have deployed what researchers are calling the first documented case of AI-developed tooling used to identify and exploit a zero-day vulnerability enabling 2FA bypass at scale. The technique moved beyond targeted attacks into broad, automated exploitation — a meaningful shift in the threat landscape. Historically, weaponising zero-days at this level required substantial human expertise and time; AI is apparently compressing that timeline dangerously. For defenders, this raises the urgency around session management hardening, anomaly detection on authentication flows, and the limits of TOTP-based 2FA as a primary control against sophisticated adversaries.

"Bleeding Llama" — Memory Disclosure in Ollama Exposes Secrets on ~300,000 AI Servers
A critical memory disclosure vulnerability in Ollama, the popular local AI model server, has been found exposing sensitive data — including secrets and credentials — across an estimated 300,000 internet-facing deployments. The flaw, dubbed "Bleeding Llama" by researchers, is reminiscent of Heartbleed in its mechanism: model inference requests can be manipulated to leak contents of adjacent server memory. The scale of exposure reflects the explosive and often ungoverned adoption of self-hosted AI inference infrastructure, where operators frequently skip network segmentation and access controls that would be standard for traditional services. Anyone running Ollama externally — or even internally without strict network controls — should treat this as critical: patch immediately, rotate any credentials that may have been in scope, and audit what's actually reachable on port 11434.

Google: AI-Powered Hacking Has Reached Industrial Scale
Google's threat intelligence teams have published findings characterising AI-assisted offensive operations as having crossed a threshold into industrial-scale capability over the past three months. The report documents adversaries using AI not just for phishing content generation — now largely assumed — but for vulnerability discovery, exploit refinement, and attack campaign orchestration at volumes and speeds that outpace traditional defender response cycles. The implication for practitioners is stark: the asymmetry between attacker agility and defender visibility is widening. Investment in automated detection pipelines, AI-augmented threat hunting, and reduced mean-time-to-patch is no longer aspirational security posture — it's catch-up.

Schrödinger's Feed

Researchers at the University of Vienna have demonstrated quantum superposition in metal particles composed of thousands of atoms — objects many orders of magnitude larger than the quantum systems this behaviour was previously considered exclusive to. Using precision laser techniques, the team observed genuine quantum interference, pushing the boundary of where classical physics ends and quantum mechanics begins. It's a fundamental result rather than an applied one, but it has quiet implications: the larger the systems that can be placed in superposition, the more pressure accumulates on assumptions baked into classical cryptographic hardware design. Practitioners watching the post-quantum migration timeline should note that theoretical quantum capabilities are expanding faster than many roadmaps assumed.

/dev/random

Google has quietly changed Gmail account registration to require scanning a QR code and then sending — not receiving — an SMS, a reversal of the direction the industry has been moving for a decade. The privacy implications have not gone unnoticed: rather than Google pushing a code to you, you're now actively transmitting from your device, which is a meaningful distinction depending on your threat model and who your carrier talks to. It's a bold move for a company whose entire business model is knowing things about you — but points for creativity. Somewhere, a Signal developer is watching this and reconsidering their life choices.