April 2026 CVE Landscape

Recorded Future’s Insikt Group identified 37 high‑impact vulnerabilities actively exploited in April 2026 (35 with Very Critical risk scores), including 16 RCEs and 31 listed in CISA’s KEV. The report analyzes specific exploitation activity — notably a TBK DVR campaign delivering the Nexcorium botnet and a missing‑authentication Nginx UI flaw — provides PoC and detection (Nuclei) resources, and flags several vulnerabilities tied to ransomware operations (Medusa, Sorry).