The Plumb Line

24 hours ending 2026-05-19T12:00:00 UTC

Ten.

Ten critical-severity vulnerabilities landed in the NVD in a single 24-hour window — not a monthly patch dump, not a coordinated disclosure event, just a Monday. One of them scores a perfect 10.0.

That number deserves a moment before the geopolitics. CVE-2026-42822 is a CVSS 10.0 — the ceiling — in Azure Local's Disconnected Operations component. An unauthorized attacker can elevate privileges over the network with no authentication required. Maximum score, network-accessible, no credentials needed. The rest of the pile includes two separate remote code execution paths in SGLang's multimodal runtime (CVE-2026-7301 and CVE-2026-7304, both CVSS 9.8), one of which fires whenever a pickle.loads() call ingests a malicious message on a ROUTER socket that binds to 0.0.0.0 by default. Anyone running SGLang in an AI inference pipeline and assuming the default config is safe should stop assuming that. Also in the batch: the Amazon Redshift Python driver before 2.1.14 calls eval() on server-returned data, meaning a rogue server or a man-in-the-middle can run arbitrary code on any client that connects. If your data pipeline touches Redshift, version 2.1.14 is not optional.

Yesterday's issue catalogued six Kuiper satellites in a single window and flagged a wall of CVEs — several of them years old and still unpatched. Today the CVE picture is fresher and higher-severity, and the satellite belt has a new occupant: the ESA/CSA SMILE mission (Solar wind Magnetosphere Ionosphere Link Explorer) launched on a Vega-C from Kourou at 03:52 UTC. Status was confirmed Go for Launch. The orbital register is filling up on both the commercial and scientific sides simultaneously.

The AI Stack Has an Attack Surface Problem

Three of today's critical CVEs live specifically in AI infrastructure — SGLang, MLflow, and AutoGPT — and they share a profile worth naming: they all involve trusting runtime data that arrives from external sources. SGLang's ROUTER socket deserves the most attention. It binds to every interface by default, receives messages, and hands them to pickle.loads() without validation. The CVE description is explicit: this enables remote code execution "when exposed to the internet." That is not a niche deployment scenario. SGLang is used in production multimodal inference stacks.

MLflow 3.9.0 adds a different angle: the MLflow Assistant's /ajax-api endpoints fail to validate request origin, allowing a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the API. That's a CVSS 9.6. AutoGPT versions 0.6.34 through 0.6.51 deserialize Redis cache bytes with pickle.loads and no integrity check — CVSS 7.6, but the attack path runs through a component that most AutoGPT deployments treat as internal-only infrastructure. The pattern across all three: deserialization without validation, network exposure without authentication. These are not novel vulnerability classes. They are the same mistakes the web stack made in 2010, now replicated in AI tooling at scale.

Also patched or documented this window: Dokploy PaaS versions 0.26.6 and below (CVSS 9.9, OS command injection via appName parameter), lwIP through 2.2.1 (CVSS 9.8, buffer overflow in the SNMPv3 USM handler), and the Piotnet Addons for Elementor Pro WordPress plugin through 7.1.70 (CVSS 9.8, arbitrary file upload, no authentication required on the pafe_ajax_form_builder function). The WordPress plugin is the most likely to be exploited fastest — it runs on shared hosting at massive scale, and file upload vulnerabilities in WordPress plugins have historically gone from publication to active exploitation in under 48 hours.

Fire, Freeze, and the Southern Plains Corridor

The southern plains are running two simultaneous extremes. Red Flag Warnings covered a corridor from Baca County, Colorado, through Ford and Clark Counties in Kansas, through Andrews, Loving, and Winkler Counties in Texas, and into eastern New Mexico's Guadalupe Mountains — all active within this window, all citing critical fire weather conditions. NWS Norman issued both a Red Flag Warning and a prior Fire Weather Watch for western Oklahoma counties including Beckham, Harmon, Greer, and Jackson.

Meanwhile, a late-season freeze is bearing down on an unusual geographic range. Freeze Watches issued by NWS offices in Grand Junction, Denver, Pueblo, Cheyenne, and Goodland cover a band running from the Colorado Front Range through the Wyoming Laramie Valley, across the Nebraska panhandle, and into Yuma, Kit Carson, and Cheyenne Counties in Kansas. Mid-May freeze watches at this latitude and this geographic breadth are not routine. Agricultural operations across the Colorado-Wyoming-Kansas-Nebraska corridor are facing a compressed window between fire risk to the south and freeze risk to the north.

Yesterday's issue flagged a different severe weather split — Wyoming winter storm warnings and Missouri flood watches running simultaneously. Today the storm architecture has shifted south and west: the Wyoming mountain warnings have largely expired, replaced by this freeze-fire pincer across the high plains. The Missouri basin flood picture is not in this window's active alerts.

The Sanctions Pipeline and a Russian Bank

Promsvyazbank — Russia's state-owned defense-sector bank, already carrying debarment and export control flags across U.S. SAM exclusions, Singapore terrorism lists, and Cyprus corporate registries — received a fresh OpenSanctions update this window. The bank's presence across three separate enforcement datasets (U.S., Singapore, Cyprus) signals continued multi-jurisdictional pressure on Russian financial infrastructure, not a single-country action. This is the mundane machinery of sanctions enforcement: not a headline, but a record that a compliance officer in Frankfurt or Singapore will find when they run a counterparty check.

Iraq's AML list also pushed a significant batch — more than 20 named individuals added or updated, spanning surnames associated with Al-Hamdani, Al-Naimi, Al-Zuhairi, and Al-Jubouri family networks. Australia's Border Force sanctioned sponsors list picked up four new companies: T&Q Interior Solutions, AYA Constructions Pty Ltd, Keyalike Services Pty Ltd, and Ralifah Medical Centre — all debarred from sponsor activity. These are immigration compliance actions, not terrorism designations, but they reflect active enforcement on labor migration networks.

The Vanuatu Aftershock Register

A M5.7 struck 51 km SSW of Port-Vila, Vanuatu at 02:29 UTC, depth 27 km, USGS green alert, no tsunami. Yesterday's issue didn't cover Vanuatu specifically, but the broader Pacific arc has been active across this window: the Solomon Islands saw a M4.8 at 81 km depth, and Fiji a M4.6 at 564 km depth — deep enough to be structural rather than surficial. The Port-Vila event is shallow enough (27 km) that local shaking would have been felt in the capital. USGS green alert indicates limited damage expectation, but Vanuatu's building stock means green alerts can still produce injuries.

China registered a M5.1 26 km northwest of Liuzhou at 10 km depth. Liuzhou is a city of roughly four million people in Guangxi province. No alert flag was assigned in the USGS data. Two Alaska Aleutian events — M4.9 near Atka and M4.4 near Attu Station — are routine for that arc and carried no alerts.

The Launch That Has Been Waiting Since 2019

The SMILE spacecraft — a joint European Space Agency and Canadian Space Agency mission to study solar wind interaction with Earth's magnetosphere — launched on Vega-C from the Guiana Space Centre in French Guiana at 03:52 UTC. SMILE has been in development since at least 2015 and was originally targeting a 2023 launch before delays pushed it to this window. It will fly an elliptical orbit with an apogee deep in the magnetosphere, spending long arcs of each orbit in the region it's designed to study. The Vega-C vehicle returned to service after its December 2022 failure; this is a confirmation that the corrected configuration is flying again.

What We Can't Tell You

1. Whether CVE-2026-42822 is under active exploitation — The CVSS 10.0 Azure Local flaw was published this window; CISA has not added it to the Known Exploited Vulnerabilities catalog in the available data.

2. The current Ebola case count in DRC — Yesterday's issue confirmed CDC evacuation operations were active; no updated figures appear in today's source data.

3. What the Wikipedia "2023–2026 mpox epidemic" article update contains specifically — The event record shows the article was updated in this window but does not specify what changed.

By the Numbers

The day's shape: a CVSS 10.0 in Microsoft's edge infrastructure, a decade's worth of deserialization mistakes now replicated in AI tooling, a late-season freeze-fire pincer across the high plains, and SMILE finally reaching orbit after years of delays. Every claim traces back to a primary record on disk. CVE-2026-42822 is unauthenticated, network-reachable, and scored 10.0 — patch Azure Local before the next issue lands.

— *The Plumb Line*. Sourced from 163 grounded events across 27 source databases.

Sources

Cybersecurity — Critical CVEs

• nvd_cve/CVE-2026-42822 — CVSS 10.0: Azure Local Disconnected Operations, unauthenticated network privilege escalation
• nvd_cve/CVE-2026-27130 — CVSS 9.9: Dokploy ≤0.26.6, OS command injection via appName
• nvd_cve/CVE-2026-7301 — CVSS 9.8: SGLang ROUTER socket, pickle.loads() RCE, binds 0.0.0.0 by default
• nvd_cve/CVE-2026-7304 — CVSS 9.8: SGLang custom logit processor, dill.loads() RCE when option enabled
• nvd_cve/CVE-2026-4885 — CVSS 9.8: Piotnet Addons for Elementor Pro ≤7.1.70, unauthenticated file upload
• nvd_cve/CVE-2026-8838 — CVSS 9.8: Amazon Redshift Python driver <2.1.14, eval() on server data
• nvd_cve/CVE-2026-25244 — CVSS 9.8: WebdriverIO <9.24.0, command injection RCE in test orchestration
• nvd_cve/CVE-2026-8836 — CVSS 9.8: lwIP ≤2.2.1, SNMPv3 USM handler buffer overflow
• nvd_cve/CVE-2026-2611 — CVSS 9.6: MLflow 3.9.0 Assistant, improper origin validation on /ajax-api
• nvd_cve/CVE-2026-45230 — CVSS 9.1: DumbAssets ≤1.0.11, unauthenticated path traversal / arbitrary file deletion
• nvd_cve/CVE-2026-7302 — CVSS 9.1: SGLang, unauthenticated path traversal, arbitrary file write
• nvd_cve/CVE-2026-45495 — CVSS 8.8: Microsoft Edge (Chromium-based), RCE
• nvd_cve/CVE-2026-33233 — CVSS 7.6: AutoGPT 0.6.34–0.6.51, Redis cache pickle.loads without integrity check

Cybersecurity — High CVEs

• nvd_cve/CVE-2026-41085 — CVSS 8.8: Thermo Fisher Scientific Torrent Suite Dx, privilege escalation
• nvd_cve/CVE-2026-27648 — CVSS 8.8: OpenHarmony ≤v6.0, RCE in pre-installed apps
• nvd_cve/CVE-2025-57282 — CVSS 8.8: ngrok v4.3.3 and 5.0.0-beta.2, command injection
• nvd_cve/CVE-2026-22810 — CVSS 8.2: Joplin <3.5.7, path traversal in importer
• nvd_cve/CVE-2026-8851 — CVSS 8.1: SOGo 5.12.7, SQL injection in ACL management
• nvd_cve/CVE-2026-47092 — CVSS 7.8: Claude HUD ≤0.0.12, COMSPEC command injection

Weather

• noaa_alerts/urn:oid:2.49.0.1.840.0.a76e9e72f... — NWS Grand Junction CO: Freeze Watch, Lower/Central Yampa River Basin
• noaa_alerts/urn:oid:2.49.0.1.840.0.868df1b9eb... — NWS Denver CO: Freeze Watch, Front Range counties through Logan/Phillips
• noaa_alerts/urn:oid:2.49.0.1.840.0.4af93efa63... — NWS Goodland KS: Freeze Watch, Yuma/Kit Carson/Cheyenne Counties
• noaa_alerts/urn:oid:2.49.0.1.840.0.ddb21813af... — NWS Norman OK: Red Flag Warning, Harper/Ellis/Roger Mills/Beckham/Harmon/Greer
• noaa_alerts/urn:oid:2.49.0.1.840.0.e684afed93... — NWS Midland/Odessa TX: Red Flag Warning, Andrews/Loving/Winkler/Guadalupe Mountains
• noaa_alerts/urn:oid:2.49.0.1.840.0.feb16e9ace... —