UPDATE: CVE-2026-39987 assessment revised based on exploit telemetry collected in the past 24 hours. Previous reporting on the critical pre-authorization RCE vector requires clarification—active exploitation attempts indicate the vulnerability requires specific network conditions inconsistent with our initial severity classification. Recommend downgrade from critical to high pending supplemental vendor technical analysis.