Januscape CVE-2026-53359: 16-year KVM guest-to-host escape, Intel and AMD, public DoS PoC      Adobe ColdFusion CVE-2026-48282 CVSS 10.0 exploited in under 2 hours, now CISA KEV      Tenda routers: hardcoded authentication backdoor across multiple firmware versions, no patch      Januscape CVE-2026-53359: 16-year KVM guest-to-host escape, Intel and AMD, public DoS PoC      Adobe ColdFusion CVE-2026-48282 CVSS 10.0 exploited in under 2 hours, now CISA KEV      Tenda routers: hardcoded authentication backdoor across multiple firmware versions, no patch     
CyberSipTM
Intelligence without the noise
Issue No. 81
July 8, 2026
3 items · past 24h
<5 min read
Today's picture

Researcher Hyunwoo Kim published Januscape, the first KVM guest-to-host escape that triggers on both Intel and AMD, carrying a 16-year-old use-after-free in the hypervisor's shadow MMU that a public proof-of-concept turns into a reliable host kernel panic and a private exploit turns into full root code execution on the host. Adobe ColdFusion CVE-2026-48282, a CVSS 10.0 path traversal that Adobe patched June 30, was exploited in the wild within two hours of public technical details going live and landed on CISA KEV this morning with a July 10 federal deadline. And CERT/CC documented a hardcoded authentication backdoor present across multiple Tenda router firmware versions since at least 2021, with no patch available and no CVE remediation path from the vendor.

Today's intelligence
3 items
01 Critical KVM Hypervisor VM Escape
Januscape: a 16-year-old KVM bug lets a guest VM escape to the host on both Intel and AMD
The public proof of concept crashes the host. The researcher says a second, private exploit achieves full root code execution on the host from inside the guest. No QEMU involved. Just the hypervisor doing what it has always done, incorrectly.
CVECVE-2026-53359
DisclosedJuly 6, 2026
AffectsLinux KVM/x86
kernels since 2010
FixCommit 81ccda30b4e8
Stable: 6.1.177+

Hyunwoo Kim disclosed CVE-2026-53359 on July 6 after using it as a zero-day in Google's kvmCTF program, which offers up to $250,000 for full KVM guest-to-host escapes. The bug is a use-after-free in the KVM x86 shadow MMU, introduced by a commit in August 2010 and present in every affected kernel shipped in the 16 years since. Shadow paging is KVM's fallback memory translation path for guests that cannot use hardware-assisted page tables. When KVM reuses a shadow page whose role does not match the current translation context, it can free a kvm_mmu_page structure that is still referenced elsewhere. Anything that later touches that dangling pointer is operating on freed memory.

The public proof of concept demonstrates a reliable host kernel panic from inside a guest with a loadable kernel module and a few seconds of racing. Kim states that a separate, unreleased exploit turns the same corruption into full code execution with root on the host, which would put every other tenant VM on the same physical machine inside the blast radius. The exploit works on both Intel (VMX) and AMD (SVM) with separate code paths in the same trigger. Kim notes a secondary attack path: on distributions such as RHEL where /dev/kvm is world-accessible by default, an unprivileged local user can open the device, create a throwaway VM, and trigger the bug to crash the host without the server ever acting as a multi-tenant hypervisor. Fixes reached stable kernels on July 4 in versions 6.1.177, 6.6.144, 6.12.95, 6.18.38, and 7.1.3. Distribution backports are on their own schedules.

Any x86 KVM host that accepts untrusted guest VMs with nested virtualization enabled should treat this as an emergency patch. The primary risk is a compromised or malicious guest VM escaping to root on the host and reaching every other tenant on the same physical machine. The secondary risk, relevant to shared hosting even without multi-tenant VMs, is that any unprivileged local user on a distribution that ships /dev/kvm world-accessible can crash the host. The public PoC makes the denial-of-service path immediately accessible. The full escape exploit is private but the vulnerability class and memory corruption are confirmed.
This is Kim's third Linux kernel disclosure in roughly ten weeks, following Dirty Frag in May and ITScape (the first KVM/arm64 escape) in June. Januscape closes the trilogy on the x86 side. Three different subsystems, three different bug classes, one researcher. More directly: the KVM shadow paging code has now produced two separate use-after-frees in the same general area within about sixty days. The May fix for CVE-2026-46113 checked one field; Januscape required checking two. Legacy code paths kept alive for backward compatibility are not receiving the same scrutiny as hardware-accelerated defaults. That is where Kim keeps finding the bugs.
  • Apply kernel updates containing commit 81ccda30b4e8 as soon as your distribution ships them. Check the package changelog rather than relying on uname -r alone, as backport version numbers vary. Reboot or use live patching.
  • If patching cannot happen immediately, disable nested virtualization on hosts that accept untrusted guests: set kvm_intel.nested=0 on Intel or kvm_amd.nested=0 on AMD. This removes the primary guest-to-host escape path.
  • On distributions where /dev/kvm is world-accessible (RHEL and derivatives by default), restrict permissions to prevent unprivileged local users from opening the device and triggering the denial-of-service path before the patch ships.
A 16-year-old bug in the code that enforces the boundary between a virtual machine and the physical host it runs on. The public half crashes the host. The private half owns it. In cloud environments where root inside a VM is the default configuration, that is the entire trust model at risk. Patch the hypervisor the way you would patch a remote code execution vulnerability facing the internet.
02 Critical Adobe ColdFusion CISA KEV
ColdFusion CVE-2026-48282 exploited within two hours of disclosure, hits CISA KEV with a July 10 deadline
Adobe's 72-hour patch window recommendation was already aspirational. The attackers moved in under two hours. Federal agencies have until Thursday. Everyone else should treat that deadline as their own.
CVECVE-2026-48282
CVSS10.0
KEV addedJuly 7, 2026
Fed deadlineJuly 10, 2026

CVE-2026-48282 is a path traversal vulnerability in Adobe ColdFusion's Remote Development Services feature. When RDS is enabled and its authentication is disabled, an unauthenticated remote attacker can send a crafted HTTP request to write a malicious file to a web-accessible location and achieve arbitrary code execution. Adobe patched the flaw on June 30 as part of emergency bulletin APSB26-68, which covered seven CVSS 10.0 vulnerabilities across ColdFusion and Campaign Classic and was covered in Issue 77. Adobe assigned it Priority Rating 1 and recommended patching within 72 hours, saying at the time that it was not aware of exploitation in the wild.

That changed within hours of watchTowr Labs publishing a technical analysis on July 2. KEVIntel founder Ryan Dewhurst reported that his global honeypot network detected exploitation within under two hours of the CVE's public technical details going live. The initial exploitation attempt, originating from an IP address geolocated to India, tried to read C:\Windows\win.ini via a crafted RDS payload, a standard probe to confirm read access before moving to file write. CISA added CVE-2026-48282 to its Known Exploited Vulnerabilities catalog on July 7, 2026, with a federal remediation deadline of July 10. Adobe's own advisory now acknowledges confirmed in-the-wild exploitation. The Shadowserver Foundation tracks approximately 750 to 800 internet-facing ColdFusion instances, though the subset with RDS enabled and authentication disabled is narrower.

The precondition for this flaw, RDS enabled with authentication disabled, is non-default but common in development and staging environments that were never hardened before internet exposure. The 72-hour recommendation Adobe issued on June 30 was already an aggressive timeline relative to enterprise patch cycles. Exploitation began in under two hours of public technical details. Any ColdFusion server that is or was internet-facing in the past week and has not been patched should be treated as potentially compromised, not just potentially vulnerable.
Adobe's public advisory did not acknowledge in-the-wild exploitation until after independent trackers including KEVIntel, the Canadian Centre for Cyber Security, Resecurity, and watchTowr had already reported it publicly. The gap between what independent honeypot networks see and what a vendor's advisory formally acknowledges is relevant for teams that use vendor advisory status as a patch prioritization gate. In this case, that gap was at least five days. The exploitation window for ColdFusion vulnerabilities has historically compressed very quickly. GreyNoise documented a coordinated campaign exploiting roughly a dozen ColdFusion vulnerabilities over the Christmas 2025 holiday period. This flaw's exploitation timeline is consistent with that pattern.
  • Patch ColdFusion to 2025 Update 10 or 2023 Update 21 immediately. The July 10 federal deadline is three days away. Any organization that has not patched should treat this as an emergency change regardless of patch cycle.
  • Audit whether RDS is enabled on any ColdFusion server. If RDS is not in active use for IDE development, disable it entirely. This closes the specific precondition this attack requires and provides immediate risk reduction independent of patch timing.
  • For any ColdFusion server that was internet-facing since June 30 and has not been patched, hunt for indicators of compromise: unauthorized files in the ColdFusion web root and /CFIDE/ directories, unexpected scheduled tasks, and new administrative accounts created since July 2.
Adobe recommended patching within 72 hours. The attackers needed under two. The gap between vendor disclosure and independent exploitation evidence was five days. If your patching process relies on waiting for the vendor advisory to confirm exploitation before escalating priority, this week is a useful case study in what that lag costs.
03 High Tenda No Patch
Tenda routers ship with a hardcoded backdoor that bypasses all authentication, no patch exists
The backdoor is in the login function of the web server binary across multiple firmware versions shipping since at least 2021. CERT/CC documented it. Tenda has not responded. The fix is network isolation.
CVECVE-2026-11405
SeverityCVSS 9.8
DisclosedJuly 7, 2026
PatchNone available

CERT/CC published an advisory on July 7 documenting CVE-2026-11405, a hardcoded authentication backdoor present in the firmware of multiple Tenda router models. The vulnerability exists within the login() function of the /bin/httpd web server binary. The firmware implements a normal MD5-based authentication path, but the login() function includes a secondary code path that grants full administrative access when a specific hardcoded value is presented, bypassing password verification entirely. An attacker with network access to the router's web management interface can obtain full administrative control without valid credentials.

The affected firmware versions span multiple Tenda models including the FH1201, W15E, AC10, AC5, and AC6 across firmware builds released between 2021 and the present. CERT/CC notes that Tenda did not respond to its disclosure attempts and that no patch is available. The backdoor is present in the compiled binary and cannot be disabled through configuration. CERT/CC rates the flaw CVSS 9.8 given the network-based attack vector, no authentication required, and full administrative impact.

Tenda is one of the highest-volume consumer and small business router vendors in the world, particularly in Asia and across distributed and remote work environments. A hardcoded backdoor that grants full administrative access means every affected device is permanently vulnerable regardless of the password complexity or the firmware update history, since the backdoor exists in the binary, not in a configuration. Organizations managing remote worker fleets that include personal or ISP-provided routers should not assume these devices are outside their threat model. An attacker with administrative access to a home or branch router can intercept, redirect, or monitor all traffic passing through it.
This brief has documented device ownership scope carefully since Issue 64: remote worker network hardware lives outside organizational ownership and control. The practical consequence is that a VPN client running on a laptop does not protect traffic that passes through a compromised router before the VPN tunnel is established, including DNS queries, pre-authentication traffic, and any split-tunnel traffic. Organizations with zero-trust architecture that verifies device posture but does not account for the physical network path should consider whether Tenda devices on employee home networks represent an accepted risk or an unreviewed one.
  • Identify any Tenda routers in your environment or on remote worker networks. The affected models include FH1201, W15E, AC10, AC5, and AC6. No firmware patch is available; physical replacement is the only permanent remediation.
  • Until replacement, ensure the router management interface is not exposed to the internet. Restrict management access to the local LAN only, disable remote administration if enabled, and change the management port from its default if the interface must remain accessible.
  • For remote worker environments where router hardware is not organizationally controlled, ensure all corporate traffic routes through a VPN tunnel established before any application traffic, and enforce split-tunnel policies that prevent corporate DNS from resolving through potentially compromised local resolvers.
A backdoor is not a vulnerability in the normal sense. It was put there. Whether intentional or the result of a developer convenience that never got removed, the outcome is the same: every affected Tenda device ships with a key under the mat, and Tenda has not responded to the researchers who found it. Replace the hardware or accept the risk explicitly.
Cross-source standouts
01
The same researcher has now broken KVM three times in ten weeks, each time in a different subsystem
Hyunwoo Kim disclosed Dirty Frag in May, ITScape (KVM/arm64) in June, and Januscape (KVM/x86) this week. Three different subsystems, three different bug classes, one researcher, ten weeks. The through-line is not a single architectural flaw but a methodology: Kim is systematically auditing legacy code paths in KVM that handle edge cases rather than the common, hardware-accelerated path. The shadow MMU code has now produced two separate use-after-frees in the same general area within sixty days, and the second required checking an additional field that the first fix missed. This is a documented pattern in kernel security: a patch that closes one variant of a bug class leaves the adjacent variant unexamined until someone specifically goes looking. Kim is the person going looking.
02
Adobe's 72-hour patch recommendation and the vendor advisory acknowledgment gap are two different problems
Adobe issued a Priority 1 bulletin on June 30 and recommended patching within 72 hours. Exploitation began within two hours of public technical details on July 2. Adobe's own advisory did not formally acknowledge in-the-wild exploitation until after five independent sources had publicly reported it. This brief noted in Issue 78 that vendor exploitability likelihood assessments are a useful input but not a reliable gate. The ColdFusion case adds a sharper version of that problem: even vendors who correctly assess high exploitation risk and issue their fastest possible recommendation can find that the exploitation timeline outpaces the acknowledgment process. The practical implication for defenders is that the most reliable early exploitation signal comes from independent honeypot networks, CISA KEV additions, and threat intelligence services, not from vendor advisory updates. Teams that gate their patch escalation on vendor-confirmed exploitation should audit whether that gate is adding false safety rather than real signal.
Still watching
Days 2–4
JadePuffer / Langflow CVE-2025-3248 (Issue 80) — first fully autonomous AI agent ransomware. Patch Langflow, remove secrets from environment variables, isolate Nacos from public internet.
Day 2
Bad Epoll CVE-2026-46242 (Issue 79 · Linux ≥6.4) — 99% reliable local root, no workaround. Patch kernels from your distribution. Prioritize cloud VMs, Kubernetes nodes, and container hosts.
Day 3
M365 ROPC OAuth spray (Issue 80 · 81M attempts) — MFA bypassed at 64 organizations via deprecated flow. Enforce MFA for All Users, All Cloud Apps, All Client App types unconditionally.
Day 2
SharePoint CVE-2026-45659 (Issue 78 · CVSS 8.8) — CISA KEV, actively exploited. Apply Microsoft May 2026 updates. Audit Site Member accounts and server-side logs.
Day 5