Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

OpenDCIM multi-flaw exploitation wave (CVE-2026-28515, CVE-2026-28516, CVE-2026-28517)

Exploitation Wave
First reported
Last updated
Happening score
H score 46
1 unique sources, 1 articles

Summary

Hide ▲

openDCIM is seeing an active exploitation wave tied to CVE-2026-28515, CVE-2026-28516, and CVE-2026-28517, with attackers targeting vulnerable installations and moving toward remote code execution. The activity has been linked to a single Chinese IP and automated checks for exposed deployments before a PHP web shell is dropped. The flaws can be chained in as few as five HTTP requests to reach a reverse shell on affected systems. That makes unpatched openDCIM deployments a live compromise risk, not just a theoretical issue.

Related Happenings

NGINX Plus and NGINX Open Source ngx_http_rewrite_module heap buffer overflow remote code execution flaw (CVE-2026-42945)

Vulnerability
First: 14.05.2026 09:00 Last: 14.05.2026 09:00 Sources 1

How related: A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck.

About this happening: **CVE-2026-42945** exposes a **heap buffer overflow** in **NGINX Plus** and **NGINX Open Source** through **ngx_http_rewrite_module**, creating risk of **unauthenticated remote co...

Open Happening

Windows ikeext.dll double-free RCE (CVE-2026-33824)

Vulnerability
First: 13.05.2026 16:46 Last: 13.05.2026 16:46 Sources 1

About this happening: **CVE-2026-33824** is a **double-free flaw** in **Windows ikeext.dll** that can let an **unauthenticated attacker** trigger **remote code execution** on systems with **IKEv2** ena...

Open Happening

Exim BDAT use-after-free in GnuTLS builds security flaw (CVE-2026-45185)

Vulnerability
First: 12.05.2026 19:44 Last: 12.05.2026 19:44 Sources 1

About this happening: **Exim** has shipped a fix for **CVE-2026-45185**, a **BDAT use-after-free** that can cause **heap corruption** and potential **code execution** on affected mail servers. The flaw...

Open Happening

Ollama GGUF model loader heap out-of-bounds read security flaw (CVE-2026-7482)

Vulnerability
First: 10.05.2026 15:41 Last: 10.05.2026 15:41 Sources 1

About this happening: **CVE-2026-7482** in **Ollama** is a critical **GGUF model loader** out-of-bounds read that can let a **remote, unauthenticated attacker** leak **entire process memory** from expo...

Open Happening

CPanel security patch release for CVE-2026-29201

Security Patch Release
First: 09.05.2026 10:16 Last: 09.05.2026 10:16 Sources 1

About this happening: **cPanel** released updates for **cPanel and Web Host Manager (WHM)** to fix **three vulnerabilities** that could enable **privilege escalation**, **code execution**, or **denial-...

Open Happening

Timeline

  1. 17.05.2026 14:57 2 articles · 10d ago

    openDCIM CVE-2026-28515, CVE-2026-28516, and CVE-2026-28517 exploitation wave

    Campaign Scope Update

    VulnCheck says openDCIM deployments are being targeted in an active exploitation wave involving CVE-2026-28515, CVE-2026-28516, and CVE-2026-28517. The observed activity is tied to a single Chinese IP that appears to use a customized implementation of Vulnhuntr to check for vulnerable installations before dropping a PHP web shell, and the three flaws can be chained over five HTTP requests to reach remote code execution and a reverse shell.

    Show sources
    Open in new tab