Cybersecurity experts have discovered that several critical vulnerabilities across different software platforms are currently being exploited by attackers. These vulnerabilities allow hackers to gain unauthorized access to computer systems and execute malicious code without needing legitimate user credentials.
One of the most concerning vulnerabilities affects Langflow, an artificial intelligence development platform. The flaw, tracked as CVE-2026-5027, allows unauthenticated remote code execution, meaning hackers can run harmful commands on vulnerable systems without logging in first. Security researchers documented that this vulnerability is being actively exploited in real attacks. The vulnerability works through a path traversal flaw, which is a technique that allows attackers to access files and folders they should not be able to reach.
Google's Chrome web browser also faces an active threat from a zero-day vulnerability in its V8 JavaScript engine, identified as CVE-2026-11645. A zero-day means the flaw was unknown to the software maker when attacks began. Google has released patches, and users are advised to update their browsers immediately.
LiteLLM, another artificial intelligence tool, contains a flaw designated CVE-2026-42271 that can be exploited to achieve unauthenticated remote code execution. Like Langflow, this vulnerability is also being exploited in active attacks.
Enterprise software is also under attack. Ivanti Sentry, used by many businesses for security purposes, contains a maximum severity vulnerability that hackers are actively exploiting. Additionally, SolarWinds Serv-U, a file transfer platform used by organizations worldwide, has a denial-of-service flaw that prevents systems from working properly. This flaw was so serious that the U.S. Cybersecurity and Infrastructure Security Agency added it to their list of actively exploited vulnerabilities.
Security experts emphasize that organizations should prioritize applying security updates immediately. When software companies release patches for vulnerabilities that are already being exploited, the window to protect systems becomes very small. Hackers actively scan for computers that have not yet been updated.
These vulnerabilities highlight the ongoing challenges in cybersecurity. Artificial intelligence platforms, web browsers, enterprise software, and file transfer tools all contain security weaknesses that require constant monitoring and rapid response. Users and companies are urged to stay informed about security updates and install them as soon as possible to prevent becoming victims of cyberattacks.