Week in Security: Feb 17–23, 2026

Week in Security: Feb 17–23, 2026 Another week where the interesting stuff wasn't in the headlines. The big CVEs got their press releases; the more useful signal was in the patterns underneath — what they share, what they reveal about how the industry actually operates, and one policy window that's closing faster than anyone seems to have noticed. Here's what I was watching. LLM Gateways Are the New Unaudited API Proxy Layer Two CVEs landed in new-api this week — an XSS in the MarkdownRenderer (CVE-2026-25802) and a SQL LIKE wildcard DoS via the token search endpoint (CVE-2026-25591). The project has 18,000 stars. It's real infrastructure sitting in front of real LLM deployments. The individual CVEs aren't the story. The story is that LLM gateways are quietly eating the same trust position that API proxies held in 2015, and they're getting roughly the same security scrutiny: close to none. They proxy credentials, they log requests, they sit between your application and the model. Two c