Find notable cyber news and cases, enriched with sources, timelines, and signals.

OpenDCIM multi-flaw exploitation wave (CVE-2026-28515, CVE-2026-28516, CVE-2026-28517)

Exploitation Wave
First reported
Last updated
Happening score
H score 46
1 unique sources, 1 articles

Summary

Hide ▲

openDCIM is seeing an active exploitation wave tied to CVE-2026-28515, CVE-2026-28516, and CVE-2026-28517, with attackers targeting vulnerable installations and moving toward remote code execution. The activity has been linked to a single Chinese IP and automated checks for exposed deployments before a PHP web shell is dropped. The flaws can be chained in as few as five HTTP requests to reach a reverse shell on affected systems. That makes unpatched openDCIM deployments a live compromise risk, not just a theoretical issue.

Related Happenings

NGINX web server critical flaws (multiple vulnerabilities)

Vulnerability
H score38 First: 18.06.2026 14:33 Last: 18.06.2026 14:33 Sources 1

About this happening: **NGINX** had two critical web server vulnerabilities, **CVE-2026-42530** and **CVE-2026-42055**, that can let **remote unauthenticated attackers** trigger **remote code execution...

HTTP/2 servers HPACK flow-control DoS denial-of-service flaw (CVE-2026-49975)

Vulnerability
H score26 First: 03.06.2026 22:08 Last: 03.06.2026 22:08 Sources 1

About this happening: **HTTP/2 servers** were found vulnerable to the **HTTP/2 Bomb** DoS weakness, where **HPACK compression amplification** plus **HTTP/2 flow-control stalling** lets a single client...

NGINX and Apache HTTPD HTTP/2 Bomb mitigations

Advisory/Mitigation
H score46 First: 03.06.2026 11:33 Last: 03.06.2026 11:33 Sources 1

About this happening: Calif issued mitigation guidance for **NGINX** and **Apache HTTPD** operators after **HTTP/2 Bomb** was found to enable a **remote denial-of-service** against default HTTP/2 confi...

Major web servers HTTP/2 Bomb remote DoS denial-of-service flaw

Vulnerability
H score39 First: 03.06.2026 11:33 Last: 03.06.2026 11:33 Sources 1

About this happening: Researchers disclosed **HTTP/2 Bomb**, a **remote denial-of-service** vulnerability in **default HTTP/2 configurations** that can make **NGINX, Apache HTTPD, Microsoft IIS, Envoy,...

NGINX Plus and NGINX Open Source ngx_http_rewrite_module heap buffer overflow remote code execution flaw (CVE-2026-42945)

Vulnerability
H score28 First: 14.05.2026 09:00 Last: 14.05.2026 09:00 Sources 1

How related: A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck.

About this happening: **CVE-2026-42945** exposes a **heap buffer overflow** in **NGINX Plus** and **NGINX Open Source** through **ngx_http_rewrite_module**, creating risk of **unauthenticated remote co...

Timeline

  1. 17.05.2026 14:57 2 articles · 1mo ago

    openDCIM CVE-2026-28515, CVE-2026-28516, and CVE-2026-28517 exploitation wave

    Campaign Scope Update

    VulnCheck says openDCIM deployments are being targeted in an active exploitation wave involving CVE-2026-28515, CVE-2026-28516, and CVE-2026-28517. The observed activity is tied to a single Chinese IP that appears to use a customized implementation of Vulnhuntr to check for vulnerable installations before dropping a PHP web shell, and the three flaws can be chained over five HTTP requests to reach remote code execution and a reverse shell.

    Show sources