Here are today's top three highest-risk Cloud Infrastructure vulnerability selected and summarized for you.
Selection note: candidates match container / cluster-related keywords in our stored source text. NVD published today first; then NVD last modified today with publication within roughly the last 30 days.
CVE: CVE-2026-33587
CVSS: 9.2
Risk level: CRITICAL
Affected versions: Open Notebook v1.8.3 (Docker containerized deployments)
Summary: This vulnerability is caused by insufficient input sanitization for user-created transformations in Open Notebook v1.8.3. It allows an authenticated application user to inject malicious template payloads, leading to arbitrary Python and operating system command execution on the hosting Docker container. Full compromise of the container instance is possible.
Remediation: Upgrade Open Notebook to a patched version that fixes the input sanitization issue. If no patch is available immediately, restrict application access to only trusted users. Add network segmentation to limit the vulnerable container's access to other infrastructure resources.
Exploit info: No public exploit found yet.
ʳ·ʳCVE: CVE-2026-31431
CVSS: 7.8
Risk level: HIGH
Affected versions: Vulnerable Linux kernel versions with incorrect algif_aead in-place operation
Summary: This flaw exists in the Linux kernel's crypto algif_aead subsystem due to incorrect handling of in-place cryptographic operations. It can lead to memory corruption and potential privilege escalation that impacts container runtimes and host systems. CISA has added this vulnerability to its Known Exploited Vulnerabilities catalog.
Remediation: Apply the latest official Linux kernel security patches that resolve this issue. Reboot all affected host systems to load the patched kernel. Run regular vulnerability scans to confirm that vulnerable kernel versions are no longer in use.
Exploit info: No public exploit found yet.
ᵉ‣ᵉCVE: CVE-2026-42010
CVSS: 7.1
Risk level: HIGH
Affected versions: Vulnerable GnuTLS versions with RSA-PSK support
Summary: A flaw in GnuTLS causes incorrect username matching for RSA-PSK cipher suites when usernames contain NUL characters. A remote unauthenticated attacker can send a specially crafted username to bypass authentication checks on vulnerable servers. This allows unauthorized access to services protected by vulnerable GnuTLS configurations.
Remediation: Update GnuTLS to the latest patched version that fixes the username matching logic. Disable the RSA-PSK cipher suite if it is not actively in use. Restart all services that link against the vulnerable GnuTLS library after patching.
Exploit info: No public exploit found yet.
This digest is for your personal use only. Please do not share or forward. Unauthorized distribution may result in account termination.