Four CVEs across three AI infrastructure platforms represent the highest aggregate priority item in this rollup. SGLang carries two CVSS 9.8 unpatched RCEs (CVE-2026-25750, CVE-2026-3059) in its ZeroMQ broker component requiring no authentication; LangSmith (LangChain) exposes authentication gaps and credential disclosure via CVE-2026-3060; and Amazon Bedrock AgentCore’s DNS sandbox escape (CVE-2026-3989, CVSS 9.5) has been classified as intended behavior by Amazon with no patch forthcoming, leaving organizations to implement compensating egress DNS controls independently. Organizations running AI workloads on these platforms should immediately isolate or firewall SGLang ZeroMQ broker ports, audit LangSmith credentials and permissions, and implement DNS egress filtering for Bedrock AgentCore environments; the Amazon vendor dispute requires a formal risk acceptance decision with executive documentation if the AgentCore Code Interpreter feature remains enabled.