UPDATE: CVE-2026-39987 assessment requires clarification. Prior reporting identified this as critical pre-authentication RCE vector; however, current intelligence suggests official CVE designation for this vulnerability remains unconfirmed as of standard tracking databases. Recommend verification of threat actor claims against NVD records before operational threat assessment finalization.