ZEN SecDBMay 27

🚨 [CISA-2026:0527] CISA Adds 3 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0527)

CISA has added 3 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-45321 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-45321)
- Name: TanStack Unspecified Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: TanStack
- Product: TanStack
- Notes: This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpx ; https://nvd.nist.gov/vuln/detail/CVE-2026-45321

⚠️ CVE-2026-48027 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-48027)
- Name: Nx Console Embedded Malicious Code Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Nx
- Product: Nx Console
- Notes: This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/nrwl/nx-console/security/advisories/GHSA-c9j4-9m59-847w ; https://nvd.nist.gov/vuln/detail/CVE-2026-48027

⚠️ CVE-2026-8398 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-8398)
- Name: Daemon Tools Lite Embedded Malicious Code Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Daemon
- Product: Daemon Tools Lite
- Notes: https://blog.daemon-tools.cc/post/security-incident ; https://nvd.nist.gov/vuln/detail/CVE-2026-8398

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260527 #cisa20260527 #cve_2026_45321 #cve_2026_48027 #cve_2026_8398 #cve202645321 #cve202648027 #cve20268398

[CISA-2026:0527] CISA Adds 3 Known Exploited Vulnerabilities to Catalog - Advisory | ZEN SecDB Portal

CISA-2026:0527 - CISA has added 3 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types...

ZEN SecDB Portal