(TLP CLEAR) Weekly Vulnerabilities to Prioritize – April 30, 2026

Author: Chase Snow

Created: Thursday, April 30, 2026 - 14:21

Categories: Cybersecurity, Security Preparedness

The below vulnerabilities have been identified by WaterISAC analysts as important for water and wastewater utilities to prioritize in their vulnerability management efforts. WaterISAC shares critical vulnerabilities that affect widely used products and may be under active exploitation. WaterISAC draws additional awareness in alerts and advisories when vulnerabilities are confirmed to be impacting, or have a high likelihood of impacting, water and wastewater utilities. Members are encouraged to regularly review these vulnerabilities, many of which are often included in CISA’s Known Exploited Vulnerabilities (KEV) Catalog.

WebPros cPanel and WHM Authentication Bypass via Login Flow
CVSS v3.1: 9.8
CVE: CVE-2026-41940
Description: See WaterISAC’s analysis of this vulnerability. cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
Source: https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026

Linux Kernel “Copy Fail” Privilege Escalation
CVSS v3.1: 7.8
CVE: CVE-2026-31431
Description: In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead – Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
Source: https://www.tenable.com/blog/copy-fail-cve-2026-31431-frequently-asked-questions-about-linux-kernel-privilege-escalation

Cisco Identity Services Engine Path Traversal and Remote Code Execution Vulnerabilities
CVSS 3.1: 4.9, 9.9
CVEs: CVE-2026-20148, CVE-2026-20147
Description: Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to achieve remote code execution or conduct path traversal attacks on an affected device. To exploit these vulnerabilities, the attacker must have valid administrative credentials.
Original Source: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ

GitHub Git Push Remote Code Execution Vulnerability
CVSS v4.0: 8.7
CVE: CVE-2026-3854
Description: An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance. During a git push operation, user-supplied push option values were not properly sanitized before being included in internal service headers. Because the internal header format used a delimiter character that could also appear in user input, an attacker could inject additional metadata fields through crafted push option values. This vulnerability was reported via the GitHub Bug Bounty program and has been fixed in GitHub Enterprise Server versions 3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.7 and 3.19.4.
Source: https://github.blog/security/securing-the-git-push-pipeline-responding-to-a-critical-remote-code-execution-vulnerability/

Windows Shell Security Feature Bypass Vulnerability
CVSS 3.1: 8.8
CVEs: CVE-2026-21510
Description: Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
Original Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510

Oracle VirtualBox Local Privilege Escalation (SoundBlaster 16 race condition)
CVSS 3.1: 7.5
CVEs: CVE-2026-35230
Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts).
Original Source: https://www.oracle.com/security-alerts/cpuapr2026.html

Google Chrome Dawn Use-After-Free RCE Vulnerability
CVSS 3.1: 8.8
CVEs: CVE-2026-5281
Description: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High).
Original Source: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html