TODAY , two active exploits were detected involving two vulnerabilities: CVE-2026-56291 and CVE-2026-48939, related to unrestricted file uploads in Balbooa Forms and iCagenda respectively. In addition, Apache IoTDB has three critical vulnerabilities (CVE-2026-24014, CVE-2026-24012, and CVE-2026-24013) patched in version 2.0.8, with the most severe being a path traversal flaw allowing arbitrary file writes (CVSS score 9.8).
The other vulnerabilities include an authentication bypass (score 9.1) and a denial-of-service issue (score 7.5). No confirmed exploitation has occurred yet, but it is recommended to update to version 2.0.8 to mitigate these risks.