The Lyceum: Cyber Intelligence Daily — May 16, 2026

The same Microsoft Exchange Server being actively exploited in the wild this morning was also chained for $200,000 worth of remote code execution at Pwn2Own Berlin yesterday afternoon — two entirely separate research tracks converging on the same product within 24 hours. Linux is now four root-level kernel bugs deep in three weeks, with each requiring its own mitigation. And a Cisco SD-WAN authentication bypass is sitting on a federal patch deadline that expires Sunday evening, May 17, amid a tense patching window for agency teams.

• CVE-2026-42897 — Microsoft Exchange Server 2016, 2019, and Subscription Edition: actively exploited, no permanent patch yet, CVSS not yet scored in NVD. Crafted-email XSS that executes JavaScript in OWA; CISA KEV deadline May 29.
• CVE-2026-20182 — Cisco Catalyst SD-WAN Manager/Controller: actively exploited authentication bypass, KEV deadline Sunday, May 17.
• CVE-2026-46333 (ssh-keysign-pwn) — Linux kernel: information disclosure letting unprivileged users read SSH host keys and /etc/shadow; upstream fix committed, AlmaLinux patched kernels in testing, mitigation is kernel.yama.ptrace_scope=3. Public PoC on GitHub.
• CVE-2026-46300 (Fragnesia) — Linux kernel page-cache corruption granting root; distinct from Dirty Frag but in the same surface, requires its own patch.
• Six dnsmasq CVEs (CVE-2026-2291, CVE-2026-4890, CVE-2026-4892, CVE-2026-4893, CVE-2026-5172, and one additional ID) — DNS cache poisoning, local root via DHCPv6, DoS. Patched in 2.92rel2; embedded devices will never see it.
• Shai-Hulud worm source code — full source published to GitHub per Xakep; lowers the bar for self-propagating malware development.
• Nginx-Rift exploit toolkit — public scanner and payload generator for the 18-year-old NGINX RCE disclosed earlier this week.

If your company runs its own on-premises email server — not Microsoft 365, but the kind you patch yourself at 2 a.m. — someone may already be trying to send you a very special email.

Microsoft disclosed CVE-2026-42897 on May 14, a cross-site scripting flaw in Exchange Server 2016, 2019, and Subscription Edition that Microsoft tagged with an "Exploitation Detected" assessment. The attack is almost embarrassingly simple: send a crafted email, get the recipient to open it in Outlook Web Access, and arbitrary JavaScript executes in their browser. Exchange Online is not affected. (The Hacker News)

CISA added the vulnerability to its Known Exploited Vulnerabilities catalog on May 15 with a federal remediation deadline of May 29. (CISA) The interim mitigation is the Exchange Emergency Mitigation Service — if EEMS is running (it's on by default), the mitigation has already deployed itself. The side effects are mild: calendar printing breaks, some inline images don't render in OWA. (Infosecurity Magazine) Microsoft is working on a permanent patch.

What changes if exploitation broadens: Exchange has been a ransomware on-ramp for years, and this one requires no authentication on the attacker side — just a target who reads email in a browser. The signal to watch: if Microsoft ships the permanent patch before the May 29 KEV deadline, this stays a contained zero-day. If the patch slips past then, expect commodity ransomware crews to weaponize it within days. The flaw surfaced just two days after a Patch Tuesday that fixed 138 other bugs (SecurityAffairs) — a reminder that Patch Tuesday is a starting line, not a finish line.

If your organization runs Cisco Catalyst SD-WAN — the software stitching branch offices, cloud connections, and remote workers into one managed network — federal agencies have until Sunday, May 17 to patch CVE-2026-20182, an authentication-bypass vulnerability that Cisco has confirmed is being exploited in zero-day attacks.

The mechanics matter here. SD-WAN management interfaces sit at the edge of trusted networks. They authenticate to themselves, and everything downstream assumes the authentication worked. An unauthenticated bypass on that plane is a key to a building where every door inside is unlocked because the front gate verified the visitor.

The historical context is worth flagging: the Knowledge Graph context for this issue ties CVE-2026-20182 to UAT-8616, a threat actor previously observed targeting government sector networks. That's a single attribution, not a chorus, but it's consistent with the targeting pattern you'd expect for an edge-management vulnerability — espionage-grade actors who want quiet, persistent access to many networks at once.

What success looks like for defenders: SD-WAN devices patched, management interfaces re-isolated, logs reviewed for the authentication anomalies Cisco's advisory will describe. What failure looks like: the same playbook as every prior edge-device zero-day — three months from now, an incident response firm publishes a case study where the initial compromise traces back to this week.

The Linux kernel is having a rough month, and the latest entry is different in a way that matters.

On May 14, Qualys disclosed CVE-2026-46333, a kernel logic flaw that lets any unprivileged local user read root-owned files — including SSH host private keys and /etc/shadow. A working public PoC named ssh-keysign-pwn is already on GitHub. The bug is six years old; it traces back to a 2020 patch proposal by Jann Horn that was never merged.

Here's the part that separates this from the prior three. Copy Fail, Dirty Frag, and Fragnesia were privilege escalation bugs — bad, but if you patched before exploitation, you're done. ssh-keysign-pwn is information disclosure. If an attacker read your SSH host keys before you applied the mitigation, those keys are out there now, and patching doesn't change that. Server impersonation, silent traffic interception, MITM against everything that ever connects — all of it stays on the table until you rotate.

Linus Torvalds committed the upstream fix the same day. The interim mitigation is one kernel setting: kernel.yama.ptrace_scope=3. AlmaLinux has patched kernels in the testing repository today, with production release pending verification. (AlmaLinux)

And then there's Fragnesia. As The Hacker News reports, Wiz researchers note that Fragnesia "is a separate bug in the ESP/XFRM from Dirty Frag which has received its own patch. However, it is in the same surface and the mitigation is the same as for Dirty Frag." (The Hacker News) Translation: if you patched for Dirty Frag and assumed you were covered, the patches are different but the manual mitigation overlaps. Verify both. Xakep's Russian-language coverage of Dirty Frag described it as a chain of CVE-2026-43284 and CVE-2026-43500 — useful context if you're piecing together the surface from multiple advisories. (Xakep)

The observable signal: if Red Hat's assessment in the next 48 hours confirms a separate patch is needed for Fragnesia on RHEL — distinct from Dirty Frag's fix — every Red Hat shop is looking at another emergency patch cycle. If they manage to consolidate, defenders catch a break for the first time in a month.

Day two added $385,750 in awards for 15 unique zero-days, bringing the two-day total to $908,750 and 39 vulnerabilities. (Zero Day Initiative) The headline: DEVCORE's Cheng-Da Tsai — known to most of the industry as Orange Tsai — earned $200,000 chaining three bugs into remote code execution with SYSTEM privileges on Microsoft Exchange. That's the highest single-target payout in the competition's history, and it's the same product Microsoft confirmed is under active exploitation in the wild. Two entirely different research tracks landing on Exchange in the same 24 hours.

The AI category is the structural shift. Viettel Cyber Security's Le Duc Anh Vu hacked the Cursor AI coding agent for $30,000; Sina Kheirkhah of Summoning Team demoed an OpenAI Codex zero-day for $20,000; Compass Security took Cursor again for $15,000. These are tools that hold privileged access to your codebase and often your cloud credentials. A compromised AI coding agent is a credential-theft device with a UX.

Day three's schedule, per ZDI, includes Microsoft Windows 11, VMware ESXi, Red Hat Enterprise Linux, Microsoft SharePoint, Anthropic Claude Code, and OpenAI Codex — with two ESXi cross-tenant code-execution entries carrying $200,000 payouts each. (Zero Day Initiative) Vendors have 90 days to patch. The signal to watch this afternoon: a successful VMware ESXi cross-tenant escape would be the most consequential finding of the week — ESXi runs the underlying infrastructure for an enormous slice of enterprise computing, and cross-tenant means tenant isolation failed.

Xakep flagged the Fragnesia vulnerability (CVE-2026-46300) in Russian-language coverage before major English outlets picked it up — a page-cache corruption flaw in the Linux kernel's ESP/XFRM subsystem that grants root privileges to unprivileged local users on all major distributions. The Russian write-up emphasizes that Fragnesia shares its attack surface with Dirty Frag (covered earlier this week) but is a distinct bug requiring its own patch. This matters because the same outlet has been running ahead of English-language coverage on Linux kernel issues for a month now — Dirty Frag, Fragnesia, and the NGINX 18-year RCE all surfaced first in Russian. If you patch from English-language advisories only, you're consistently 24-48 hours behind. Source: Xakep [RU]. English coverage has since confirmed.

Xakep reports overnight that the full source code of a worm called Shai-Hulud was published to GitHub. Worm code going public is a meaningful escalation — it dramatically lowers the bar for anyone wanting to build self-propagating malware, and historically the window between public worm source and the first observed in-the-wild deployment is measured in days, not weeks. No major English-language outlet has covered this yet, and attribution, target profile, and propagation mechanism remain unreported in English. Source: Xakep [RU]. No English-language coverage confirmed at time of publication.

CERT-UA's detailed advisory on threat cluster UAC-0247 (also tracked as UAC-0244) documents an intensifying campaign against Ukrainian clinical hospitals, emergency services, municipal government bodies, and individuals connected to FPV drone operations. The malware arsenal includes AGINGFLY (installed via DLL side-loading in trojanized FPV drone software), CHROMELEVATOR for browser credential theft, ZAPIXDESK for WhatsApp data exfiltration, and public tooling like LIGOLO-NG and CHISEL for lateral movement. The targeting profile — humanitarian-aid-themed phishing into healthcare and local government — is consistent with espionage operations exploiting Ukraine's wartime civil infrastructure. CERT-UA's defensive guidance: restrict LNK, HTA, and JavaScript execution, and tightly control mshta.exe and PowerShell. Source: CERT-UA Advisory #6288271 [UA]. No major English-language coverage confirmed at time of publication.

Orange Tsai earned $200,000 for breaking Microsoft Exchange in Berlin while somewhere else in the world a different attacker was breaking Microsoft Exchange for free; a six-year-old Linux bug just learned to steal SSH keys from the same servers you patched twice already this month; and a worm named after a giant sandworm now lives on GitHub waiting for someone bored enough to compile it. A CISO is deciding whether to ruin a weekend or ruin a quarter — the Cisco deadline expires Sunday evening, May 17.

Stay sharp.

Forward this to the friend who still runs their own Exchange server — they're going to need the company.