[Verse 1] June twenty-seven, twenty twenty-six, four vulns on the board BerriAI litellm taking hits, version one-fifty-nine's floored CVE-2026-12773, CVSS seven-point-three UserAPIKeyAuth in the MCP server auth machinery That's the function getting compromised, the proxy path exposed litellm up to one-fifty-eight-point-eight, window not yet closed [Chorus] Patch it before the breach cascades Four CVEs on the page today Scores stacking up like debt unpaid WebSphere, ImageMagick, litellm in the fray Seven-point-four, seven-point-three SSRF and smuggling running free Read the NVD, then fix the seams Vulnerabilities don't wait on your release [Verse 2] ImageMagick slipping on a PSB decode Integer overflow buried in the RLE code CVE-2026-56367, three-point-seven on the scale ReadPSDChannelRLE in psd-dot-c starts to fail Heap out-of-bounds read on crafted image files that you open Versions before seven-one-two-fifteen, the damage gets spoken [Chorus] Patch it before the breach cascades Four CVEs on the page today Scores stacking up like debt unpaid WebSphere, ImageMagick, litellm in the fray Seven-point-four, seven-point-three SSRF and smuggling running free Read the NVD, then fix the seams Vulnerabilities don't wait on your release [Verse 3] IBM WebSphere Application Server, two entries in the log Eight-point-five and nine-point-zero caught deep inside the fog CVE-2026-8646, HTTP request smuggling play Remote attacker crafts a special packet, slips it on its way Seven-point-four, Liberty seventeen through twenty-six affected too The smuggled payload hijacks sessions, swaps identities on you [Bridge] Then CVE-2026-9006 turns the server to a proxy gun Ajax Proxy misconfigured, and the SSRF has begun Seven-point-four again, same product, different weapon drawn Unauthorized requests dispatched from inside your own zone Two WebSphere flaws back to back — don't treat them as one problem They're separate attack chains wearing similar coded costumes [Chorus] Patch it before the breach cascades Four CVEs on the page today Scores stacking up like debt unpaid WebSphere, ImageMagick, litellm in the fray Seven-point-four, seven-point-three SSRF and smuggling running free Read the NVD, then fix the seams Vulnerabilities don't wait on your release [Outro] June twenty-seven, mark it on your incident calendar litellm, ImageMagick, WebSphere — the trifecta irregular Check your versions, push the patches, audit every config file Four CVEs logged today, the threat doesn't hibernate awhile
← Critical CVEs (2 of 3) — June 27, 2026 | IT Security News — June 27, 2026 →