Happy Friday! The following are the Initial Access Intelligence team's deliverables for the past week.
This week, the team added an exploit for CVE-2026-0257, a critical authentication bypass vulnerability in Palo Alto Networks PAN-OS GlobalProtect that Rapid7 reported was being exploited across multiple organizations on May 29, 2026, roughly two weeks post-disclosure. The vulnerability allows an unauthenticated attacker to forge a valid token to grant VPN access as the targeted user without credentials. Exploitability requires that authentication override cookies be enabled, and "a specific certificate configuration" must exist — i.e., the cookie encryption and decryption certificate must be reused with another feature, which potentially exposes the public key for that cert. This configuration appears to be common, based on our team's analysis.
Network signatures are not provided for this vulnerability; the bug is a server-side validation issue, and when the forged token is utilized, it appears semantically identical to a legitimate token. Our exploit comes with PCAPs and ASM queries; VulnCheck's own Target Intelligence data finds more than 10K vulnerable instances.
The team developed a chained exploit for CVE-2026-33032, an authentication bypass in the Model Context Protocol (MCP) server bundled with Nginx UI in versions before 2.3.3. The packaged exploit chains the MCP bypass with CVE-2026-27944, a pre-authentication information disclosure that leaks both an active operator credential and the decryption material needed to use it, removing the auth gate the MCP bypass would otherwise need. Neither CVE was disclosed as remote code execution on its own; chaining them end-to-end lands an unauthenticated root shell on the host through the nginx instance Nginx UI manages. Our Shodan query returns approximately 2,600 internet-exposed Nginx UI instances; no exploitation has been reported yet. Our exploit comes with a target Docker container, PCAPs, and Suricata, Snort, YARA, and Sigma rules.
The team added an exploit for CVE-2026-28414, an unauthenticated absolute path traversal in Gradio, the open-source Python framework for building web UIs around machine-learning models. VulnCheck's Canary Intelligence network detected first-time exploitation of CVE-2026-28414 on May 31, 2026, when the vulnerability was added to VulnCheck KEV; it is not yet on CISA KEV. The flaw lets an unauthenticated attacker read arbitrary files the Gradio worker process can access. It is gated on the server platform rather than a version alone: it only fires on Gradio before 6.7 running on Windows with Python 3.13 or later, where a change to os.path.isabs lets a leading-slash path escape the static directory to the drive root. Most Gradio deployments run on Linux and are unaffected, which narrows the reachable population. Our exploit comes with a PCAP and Suricata and Snort rules.
The team developed an exploit for CVE-2026-41176, an unauthenticated remote code execution vulnerability in rclone, the open-source command-line tool for managing and syncing files across cloud storage. When rclone's remote control daemon (rclone rcd) is started without global HTTP authentication, an unauthenticated attacker can drop the authentication requirement on the entire control API and then reach code execution as the rclone process user, which on common deployments is root. Operators frequently run the rc daemon for unattended backup and sync automation, so an exposed instance without auth is a direct path to full host compromise. Our Shodan query returns approximately 370 internet-exposed rclone instances at time of writing; no exploitation has been reported. Our exploit comes with a target Docker container, PCAPs, and Suricata and Snort rules.
The team also developed an exploit for CVE-2026-43633, a session deserialization mismatch vulnerability in Hestia Control Panel. The flaw allows an authenticated attacker to pass a malformed HTTP header into the session file, which directly influences the level of privilege the attacker should have for launching a web terminal session. Although the vulnerability is considered a post-authentication attack, the default Hestia setup has auto-login enabled, which means it is also possible to implement this as a pre-auth attack. The web terminal isn't installed by default, though it appears to be common. Our Shodan query returns 34K+ Hestia instances on the public internet. The exploit package comes with a version scanner that can further verify whether the host has the web terminal running or not, along with Suricata and Snort rules, and PCAPs.
The team also added an exploit for CVE-2026-26210, an unauthenticated remote code execution vulnerability discovered by our own Chocapikk in the balance_serve request scheduler of KTransformers, which is an open-source LLM inference engine that mixes CPU and GPU compute to run large transformer models on commodity hardware. The scheduler deserializes attacker-controlled data with no authentication, so any host that can reach the scheduler port runs arbitrary code as the inference process user, which on GPU inference hosts is typically root. No exploitation in the wild has been reported. The scheduler binds an ephemeral port chosen at startup and exposes no version banner, so it is not currently fingerprinted by Shodan or Censys, and no ASM queries ship with this release. Our exploit comes with a target Docker container, a PCAP, and Suricata and Snort rules.
The team added an exploit for CVE-2025-61882, an authentication bypass vulnerability coupled with an XSL template injection vulnerability that grants RCE on vulnerable versions of Oracle E-Business Suite. The vulnerability was disclosed amid zero-day exploitation in October 2025; it was added to VulnCheck KEV on October 4, 2025 and to CISA KEV two days later. A bevy of threat actors are attributed to the CVE, including Cl0p, Graceful Spider, Slippy Spider, and ShinyHunters. Our Censys query shows just over 3,200 EBS instances on the internet.
Coverage includes an exploit, network signatures, PCAPs, a YARA rule, and ASM queries that were added in a previous release.
The team added ASM queries for CVE-2026-41089, a critical buffer overflow vulnerability in Microsoft Windows Netlogon that was disclosed in the May 2026 Patch Tuesday release and reported exploited by the Belgian Centre for Cybersecurity on May 29. The vulnerability affects a wide range of Windows versions; the team added ASM queries for Shodan, Censys, and FOFA, with our Shodan query finding over 20K results.