Action1 5 Patch Tuesday 5 Patch Tuesday July 2026

Patch Tuesday July 2026

Published:
July 14, 2026
Last Updated:
July 14, 2026

By Jack Bicer

First 200 endpoints free, no feature limits.

No credit card required, full access to all features.

Patch Tuesday July 2026 Updates – Vulnerability Digest from Action1

This digest explains the most serious vulnerabilities in popular Windows software that have been patched over the past month.

For even more information, watch the recorded July 2026 Vulnerability Digest webinar, join our next Patch Tuesday webinar and visit our Patch Tuesday Watch page.

Microsoft Vulnerabilities

Microsoft’s July 2026 Patch Tuesday delivers fixes for a staggering 570 vulnerabilities, including 61 critical flaws and three actively exploited zero-days. Microsoft has warned that organizations should expect security updates to become more frequent as the company expands its use of AI to uncover vulnerabilities and accelerate patch development, while continuing to rely on human engineers for final validation and release decisions.

For defenders, this means the challenge is no longer just keeping up with attackers, but also keeping pace with an accelerating stream of security fixes. With three zero-days already being exploited in the wild, this month’s updates should be treated as a high priority.

CVE-2026-50661 – Windows BitLocker Security Feature Bypass Vulnerability

“Encryption only protects data when its defenses remain intact. A single security bypass can turn a stolen device into a source of exposed business information.”

A protection mechanism failure in Microsoft Windows BitLocker allows an unauthorized attacker with physical access to a device to bypass the BitLocker Device Encryption security feature. If successfully exploited, the vulnerability could allow access to data stored on encrypted system drives, reducing the protection that BitLocker is designed to provide. Microsoft has classified this issue as requiring customer action and has released security updates for affected Windows client and server platforms.

CVSS Score: 6.1

SEVERITY: Important

THREAT:

This vulnerability targets Windows BitLocker, Microsoft’s full-disk encryption feature. An attacker who gains physical possession of a vulnerable system may be able to bypass BitLocker protection and access encrypted data. Although the attack requires physical access, the potential exposure of sensitive corporate or personal information makes this a significant security concern, particularly for lost, stolen, or unattended devices.

EXPLOITS:

At the time of publication, the vulnerability has been publicly disclosed but has not been reported as exploited. Microsoft rates exploitation as less likely, and there is no confirmed public proof-of-concept or zero-day exploitation documented in the provided information.

TECHNICAL SUMMARY:

The vulnerability is caused by a protection mechanism failure (CWE-693) within Windows BitLocker. Instead of compromising encryption algorithms directly, the flaw allows an attacker with physical access to bypass the BitLocker Device Encryption feature protecting the system storage device. Successful exploitation can result in unauthorized access to encrypted information stored on the affected system. The vulnerability does not impact system availability but has a high impact on both confidentiality and integrity of protected data.

EXPLOITABILITY:

Affected products include multiple supported versions of Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022, and Windows Server 2025, including applicable Server Core installations listed in Microsoft’s advisory. Exploitation requires physical access to the target device and does not require user interaction or privileges.

BUSINESS IMPACT:

Organizations relying on BitLocker to protect sensitive information on laptops, desktops, and servers face an increased risk if devices are lost, stolen, or accessed by unauthorized individuals. A successful attack could expose confidential business data, regulated information, intellectual property, or credentials that organizations expect to remain protected by disk encryption. Systems deployed in remote locations or shared environments may be particularly vulnerable.

WORKAROUND:

No mitigations or workarounds are available. Microsoft has published security updates to address the vulnerability, and applying the appropriate update is the recommended remediation.

CVE-2026-56155 – Active Directory Federation Services Elevation of Privilege Vulnerability

“When attackers turn ordinary user access into administrator control, a single compromised account can become the key to the entire environment.”

An insufficient granularity of access control vulnerability in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate privileges locally. A successful attack could grant administrator privileges, enabling an attacker to gain complete control over the affected system. Microsoft has confirmed active exploitation of this vulnerability and released security updates for affected Windows client and server platforms.

CVSS Score: 7.8

SEVERITY: Important

THREAT:

This vulnerability affects Active Directory Federation Services by allowing a locally authenticated attacker with low privileges to elevate their permissions to administrator level. Once elevated, an attacker could execute privileged commands, modify system settings, install malicious software, create additional administrative accounts, or disable security controls. Because AD FS is commonly used for identity and authentication services, successful exploitation can have significant security implications.

EXPLOITS:

Microsoft confirms that active exploitation has been detected. The vulnerability was not publicly disclosed before the security update, but attackers are known to be exploiting it in the wild. The provided information does not confirm the existence of publicly available proof-of-concept exploit code.

TECHNICAL SUMMARY:

The vulnerability is caused by insufficient granularity of access control (CWE-1220) within Active Directory Federation Services. Improper enforcement of authorization boundaries allows an authenticated local attacker with low privileges to gain administrator privileges. The vulnerability impacts the confidentiality, integrity, and availability of affected systems, giving an attacker broad control once exploitation is successful.

EXPLOITABILITY:

Affected products include Windows 10 Version 1607 and Version 1809, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, and Windows Server 2025, including applicable Server Core installations listed in Microsoft’s advisory. Exploitation requires local access and a low-privileged authenticated account but does not require user interaction.

BUSINESS IMPACT:

Privilege escalation vulnerabilities pose a serious risk because they allow attackers who have already gained limited access to take complete control of affected systems. In environments using AD FS for authentication and identity services, administrator-level compromise can lead to unauthorized access to sensitive business resources, disruption of critical services, deployment of ransomware, theft of credentials, and broader compromise of enterprise infrastructure.

WORKAROUND:

No mitigations or workarounds are available. Microsoft recommends deploying the appropriate security updates to eliminate the vulnerability.

URGENCY:

This vulnerability should be prioritized because Microsoft has confirmed active exploitation in the wild. Although local access is required, attackers who obtain an initial foothold can use this flaw to gain administrator privileges and significantly expand their control over affected systems. Organizations should prioritize patching AD FS servers and other affected systems that are accessible by users or administrators.

CVE-2026-56164 – Microsoft SharePoint Server Elevation of Privilege Vulnerability

“An internet-facing server without proper authentication can give attackers an open door where there should only be a locked gate.”

A missing authentication vulnerability in Microsoft SharePoint Server allows an unauthorized attacker to elevate privileges over the network. Because the flaw is remotely exploitable without requiring authentication or user interaction, attackers can target vulnerable SharePoint servers directly. Microsoft has confirmed active exploitation of this vulnerability and has released security updates for affected SharePoint versions.

CVSS Score: 5.3

SEVERITY: Moderate

THREAT:

This vulnerability affects Microsoft SharePoint Server by allowing an unauthenticated attacker to perform privilege escalation over the network. The flaw stems from missing authentication for a critical function, enabling an attacker to reach functionality that should require authorization. Internet-facing SharePoint servers are particularly exposed because the attack can be performed remotely without valid credentials.

EXPLOITS:

Microsoft confirms that active exploitation has been detected. The vulnerability was not publicly disclosed before the security update. The CVSS v3.1 temporal metrics indicate Functional exploit code maturity, demonstrating that working exploit code exists. The provided information does not specifically confirm publicly available proof-of-concept code.

TECHNICAL SUMMARY:

The vulnerability is caused by missing authentication for a critical function (CWE-306) within Microsoft SharePoint Server. An attacker can send specially crafted network requests to access functionality that should require authentication, resulting in privilege escalation. The vulnerability primarily impacts system integrity by allowing unauthorized actions without requiring prior authentication or user interaction.

EXPLOITABILITY:

Affected products include Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, and Microsoft SharePoint Server Subscription Edition. The vulnerability is remotely exploitable over the network with no privileges required and no user interaction, making internet-accessible SharePoint deployments the highest priority for remediation.

BUSINESS IMPACT:

Organizations using SharePoint for document management, collaboration, and business workflows face increased risk if vulnerable servers are exposed. Successful exploitation could allow attackers to gain elevated privileges, modify SharePoint content, compromise collaboration environments, and establish a foothold for further attacks against enterprise infrastructure. Since SharePoint often stores sensitive corporate information, compromise of these systems can have significant operational and security consequences.

WORKAROUND:

No workaround is available. Microsoft recommends installing the appropriate security updates. As an additional mitigation, organizations should enable Antimalware Scan Interface (AMSI) integration and configure Request Body Scan mode to Full to improve detection of malicious SharePoint requests until updates are fully deployed.

URGENCY:

This vulnerability should be prioritized because Microsoft has confirmed active exploitation in the wild. The combination of remote network access, no authentication requirement, no user interaction, and functional exploit code significantly lowers the barrier to successful attacks. Organizations with internet-facing SharePoint servers should deploy the security updates as soon as possible.

Critical or Zero Day – Immediate DeploymentCheckpoint Quantum Security Gateway

“When authentication fails silently, the VPN becomes the attacker’s front door.”

Check Point patched CVE-2026-50751 in Quantum Security Gateway. This logic flow weakness in Remote Access and Mobile Access certificate validation within the deprecated IKEv1 key exchange process allows an unauthenticated remote attacker to bypass user authentication and establish a VPN connection without a valid user password. The CVSS score is 9.3, which is Critical severity.

The vulnerability directly impacts remote access controls and can provide unauthorized access to protected network resources. The issue requires no valid credentials and no user interaction. Active exploitation has been reported.

 

Critical or Zero Day – Immediate DeploymentFortiSandbox

“A sandbox should contain threats, not become the path for command execution.”

Fortinet patched CVE-2026-25089 in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS. This OS command injection vulnerability could allow an unauthenticated attacker to execute unauthorized commands through specially crafted HTTP requests. The CVSS score is 9.1, which is Critical severity.

The issue enables remote code execution and affects multiple FortiSandbox release branches. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.

 

Critical or Zero Day – Immediate DeploymentAdobe Campaign Classic

“These bugs put Adobe Campaign Classic at direct risk of full-impact compromise without user interaction.”

Adobe patched two Critical vulnerabilities in Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier. CVE-2026-48303 is an incorrect authorization vulnerability that could allow arbitrary code execution in the context of the current user. CVE-2026-47938 is a server-side request forgery vulnerability that could result in privilege escalation. CVE-2026-48303 has a CVSS score of 10.0, which is Critical severity. CVE-2026-47938 has a CVSS score of 10.0, which is Critical severity.

Exploitation does not require user interaction, which raises business risk for exposed or poorly controlled deployments. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.

 

Critical or Zero Day – Immediate DeploymentSplunk Enterprise

“A service without authentication can turn a trusted platform into an easy target.”

Splunk patched CVE-2026-20253 in Splunk Enterprise and Splunk Cloud Platform. This vulnerability exists in a PostgreSQL sidecar service endpoint that lacks authentication controls, allowing any network-reachable attacker to create or truncate arbitrary files without providing credentials. The CVSS score is 9.8, which is Critical severity.

The issue can allow unauthorized modification of files and may impact the confidentiality, integrity, and availability of affected systems. Because the vulnerable endpoint is accessible without authentication, organizations should prioritize remediation of exposed deployments. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.

 

Critical or Zero Day – Immediate DeploymentFortiSandbox

“Security tools lose their value when attackers can turn them into command execution platforms.”

Fortinet patched CVE-2026-25089 in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS. This OS command injection vulnerability (CWE-78) could allow an unauthenticated attacker to execute unauthorized commands through specially crafted HTTP requests. The CVSS score is 9.1, which is Critical severity.

The vulnerability affects FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, all FortiSandbox 4.2 versions, FortiSandbox Cloud 5.0.4 through 5.0.5, and FortiSandbox PaaS 5.0.4 through 5.0.5. Successful exploitation could allow remote code execution without requiring authentication or user interaction. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.

 

Critical or Zero Day – Immediate DeploymentIvanti Sentry

“These vulnerabilities put Ivanti Sentry at risk of root-level compromise and full admin takeover.”

Ivanti patched two Critical vulnerabilities in Sentry before versions R10.5.2, R10.6.2, and R10.7.1. CVE-2026-10520 is an OS command injection vulnerability that allows a remote unauthenticated attacker to achieve root-level remote code execution. CVE-2026-10520 has a CVSS score of 10.0, which is Critical severity. CVE-2026-10523 is an authentication bypass vulnerability that allows a remote unauthenticated attacker to create arbitrary administrative accounts and gain full administrative access. CVE-2026-10523 has a CVSS score of 9.9, which is Critical severity.

Active exploitation has been reported for CVE-2026-10520. No verified exploitation has been confirmed for CVE-2026-10523.

 

Critical or Zero Day – Immediate DeploymentSAP NetWeaver / Spring Security

“These critical patches close serious paths to data exposure, service disruption, and platform compromise.”

SAP and VMware patched four Critical vulnerabilities across SAP NetWeaver, ABAP Platform, SAP NetWeaver Application Server Java, and Spring Security. CVE-2026-44748 has a CVSS score of 9.9, which is Critical severity. CVE-2026-27671 has a CVSS score of 9.8, which is Critical severity. CVE-2026-22732 has a CVSS score of 9.1, which is Critical severity. CVE-2026-40128 has a CVSS score of 9.0, which is Critical severity.

The SAP vulnerabilities cover signed XML tampering, improper RFC protocol validation, and path traversal through malicious HTTP logon requests. These issues can lead to unauthorized access, memory corruption, data exposure, and service disruption. The Spring Security issue can prevent expected HTTP security headers from being written. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.

 

Critical or Zero Day – Immediate DeploymentPeopleSoft Enterprise PeopleTools

“A vulnerable management interface can turn a business platform into an attacker-controlled system.”

Oracle patched CVE-2026-35273 in PeopleSoft Enterprise PeopleTools. This vulnerability affects the Updates Environment Management component in supported versions 8.61 and 8.62. An unauthenticated attacker with network access over HTTP can exploit the vulnerability to compromise PeopleSoft Enterprise PeopleTools. The CVSS score is 9.8, which is Critical severity.

Successful exploitation can result in complete takeover of the affected PeopleSoft Enterprise PeopleTools environment, with high impact to confidentiality, integrity, and availability. The vulnerability requires no authentication and no user interaction. Active exploitation has been reported.

 

Critical or Zero Day – Immediate DeploymentChrome

“Active Chrome exploitation turns browser patching into an immediate security priority.”

Chrome has been updated to address multiple vulnerabilities across browser components including V8, Blink, Autofill, GPU, Navigation, DevTools, FileSystem, Bluetooth, Skia, CSS, Dawn, Passwords, and Web Authentication. Several vulnerabilities are High severity, including active exploitation cases tied to code execution, memory corruption, and sandboxed execution paths. CVE-2026-13022 has no listed CVSS base score.

This update also includes Medium severity issues involving same-origin policy bypass, site isolation bypass, and information disclosure. Active exploitation is reported for CVE-2026-11645, CVE-2026-2441, CVE-2026-3909, CVE-2026-3910, and CVE-2026-5281, making this a high-priority browser update.

 

Critical or Zero Day – Immediate DeploymentQuantum Security Gateway

“A VPN login bypass turns the front door into an open path for attackers.”

Check Point patched CVE-2026-50751 in Quantum Security Gateway. This logic flow weakness affects Remote Access and Mobile Access certificate validation in the deprecated IKEv1 key exchange process. It allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password. The CVSS score is 9.3, which is Critical severity.

This vulnerability impacts VPN authentication and can allow unauthorized remote access into protected environments. Active exploitation has been reported.

 

Critical or Zero Day – Immediate DeploymentAdobe Campaign Classic (ACC)

“Critical weaknesses in campaign infrastructure can quickly become pathways to broader enterprise compromise.”

Adobe patched two Critical vulnerabilities in Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier. CVE-2026-47938 is a Server-Side Request Forgery (SSRF) vulnerability that could result in privilege escalation. CVE-2026-48303 is an incorrect authorization vulnerability that could allow arbitrary code execution in the context of the current user. Both vulnerabilities have a CVSS score of 10.0, which is Critical severity.

Neither vulnerability requires user interaction, increasing the risk to exposed deployments. Successful exploitation could allow attackers to escalate privileges, bypass authorization controls, or execute code within the affected environment. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.

 

Critical or Zero Day – Immediate DeploymentCisco Catalyst SD-WAN

“When management systems can be manipulated, attackers can turn routine administration into a path to root access.”

Cisco patched two vulnerabilities affecting Catalyst SD-WAN components. CVE-2026-20262 has a CVSS score of 6.5, which is Medium severity. CVE-2026-20245 has a CVSS score of 7.8, which is High severity.

CVE-2026-20262 affects Cisco Catalyst SD-WAN Manager and allows an authenticated attacker to create or overwrite arbitrary files through improper validation during file uploads. The vulnerability could be leveraged to elevate privileges and obtain root access. CVE-2026-20245 affects Catalyst SD-WAN Controller, Manager, and Validator components and allows a privileged attacker to execute arbitrary commands as root through a crafted file upload. Successful exploitation can lead to command execution and full control of the affected system.

Active exploitation has been reported for both vulnerabilities. Cisco has observed limited exploitation of CVE-2026-20245 resulting in configuration changes being pushed to edge devices.

 

High with EoP or RCE – Expedited DeploymentMicrosoft 365 Apps for Mac

“Office document risks can quickly become code execution and privilege exposure risks.”

This patch addresses eight vulnerabilities in Microsoft 365 Apps for Mac. The update covers memory handling, race condition, type confusion, out-of-bounds read, heap overflow, numeric truncation, and use-after-free issues. Several of these vulnerabilities may allow remote code execution through crafted content, while others create privilege or stability risks.

CVE-2026-44817 has a CVSS score of 7.8, which is High severity. CVE-2026-44818 has a CVSS score of 7.0, which is High severity. CVE-2026-44819 has a CVSS score of 7.8, which is High severity. CVE-2026-44820 has a CVSS score of 7.8, which is High severity. CVE-2026-44821 has a CVSS score of 5.5, which is Medium severity. CVE-2026-44822 has a CVSS score of 8.2, which is High severity. CVE-2026-44823 has a CVSS score of 7.8, which is High severity. CVE-2026-44824 has a CVSS score of 7.8, which is High severity.

No verified exploitation has been reported.

 

Critical or Zero Day – Immediate DeploymentOracle Identity Manager & Identity Manager Connector

“Identity systems sit at the center of trust, making critical vulnerabilities impossible to ignore.”

This patch addresses multiple vulnerabilities in Oracle Identity Manager and Oracle Identity Manager Connector components. The update includes five vulnerabilities affecting Oracle Identity Manager and four vulnerabilities affecting Oracle Identity Manager Connector. These products manage authentication, provisioning, and identity lifecycle operations across enterprise environments, making them high-value targets for attackers.

CVE-2026-46807 has a CVSS score of 9.8, which is Critical severity. CVE-2026-35268 has a CVSS score of 9.9, which is Critical severity. CVE-2026-35265 has a CVSS score of 8.8, which is High severity. CVE-2026-35267 has a CVSS score of 8.8, which is High severity. CVE-2026-35269 has a CVSS score of 7.5, which is High severity.

For Oracle Identity Manager Connector, CVE-2026-35294 has a CVSS score of 9.9, which is Critical severity. CVE-2026-46792 has a CVSS score of 9.9, which is Critical severity. CVE-2026-46793 has a CVSS score of 9.9, which is Critical severity. CVE-2026-46794 has a CVSS score of 9.9, which is Critical severity.

No verified exploitation has been reported for these vulnerabilities. However, the presence of multiple Critical severity vulnerabilities within identity and access management infrastructure significantly increases organizational risk and warrants prompt remediation.

 

Critical or Zero Day – Immediate DeploymentJD Edwards EnterpriseOne Accounts Payable & General Ledger

“Critical ERP vulnerabilities can put core financial operations directly at risk.”

This patch addresses three vulnerabilities in Oracle JD Edwards EnterpriseOne financial applications. CVE-2026-46908 and CVE-2026-46891 affect Accounts Payable, while CVE-2026-46893 affects General Ledger. These systems support sensitive financial workflows, making successful compromise especially serious for enterprise operations.

CVE-2026-46908 has a CVSS score of 9.9, which is Critical severity. CVE-2026-46891 has a CVSS score of 8.1, which is High severity. CVE-2026-46893 has a CVSS score of 9.9, which is Critical severity.

No verified exploitation has been reported. The presence of two Critical severity vulnerabilities in financial application components raises the urgency of applying the patch across affected JD Edwards environments.

 

Critical or Zero Day – Immediate DeploymentMySQL Server, MySQL NDB Cluster, MySQL Router & MySQL Shell

“When critical database infrastructure vulnerabilities stack up, the risk extends far beyond the database itself.”

This patch addresses multiple vulnerabilities across Oracle MySQL Server, MySQL NDB Cluster, MySQL Router, and MySQL Shell. These components form the foundation of many enterprise database environments, supporting data storage, routing, clustering, administration, and management functions. The update includes both Critical and High severity vulnerabilities affecting key parts of the MySQL ecosystem.

CVE-2026-46863 has a CVSS score of 7.5, which is High severity. CVE-2026-46861 has a CVSS score of 9.6, which is Critical severity. CVE-2026-46860 has a CVSS score of 9.8, which is Critical severity. CVE-2026-46862 has a CVSS score of 7.5, which is High severity. CVE-2026-46850 has a CVSS score of 9.9, which is Critical severity. CVE-2026-46870 has a CVSS score of 8.5, which is High severity.

The most severe vulnerabilities affect MySQL Shell, MySQL Router, and MySQL NDB Cluster, with CVSS scores ranging from 9.6 to 9.9. No verified exploitation has been reported. However, the concentration of Critical severity vulnerabilities across core database infrastructure makes this a high-priority update for organizations operating MySQL environments.

 

Critical or Zero Day – Immediate DeploymentOracle Access Manager

“Access management weaknesses can put the front door of the enterprise at risk.”

This patch addresses two vulnerabilities in Oracle Access Manager. The update covers CVE-2026-35313 and CVE-2026-35314, affecting a core identity and access control platform used to manage authentication and application access across enterprise environments.

CVE-2026-35313 has a CVSS score of 9.9, which is Critical severity. CVE-2026-35314 has a CVSS score of 7.3, which is High severity.

No verified exploitation has been reported. The Critical severity rating makes this a high-priority update for organizations using Oracle Access Manager, especially where the platform protects business-critical applications and identity workflows.

Low – Environmental DeploymentRed Hat Enterprise Linux 10

“Media and system utility bugs can become serious attack paths when they reach trusted Linux workloads.”

Red Hat Enterprise Linux 10 has been updated to address eleven High severity vulnerabilities affecting GStreamer, cifs-utils, and libaom components. CVE-2026-52720 has a CVSS score of 8.8, which is High severity. CVE-2026-12505 has a CVSS score of 7.8, which is High severity. CVE-2026-52719, CVE-2026-52722, CVE-2026-53703, CVE-2026-53704, CVE-2026-56209, CVE-2026-56210, and CVE-2026-56211 each have a CVSS score of 7.1, which is High severity. CVE-2026-53705 and CVE-2026-56208 each have a CVSS score of 7.6, which is High severity.

The patch covers memory corruption, out-of-bounds read and write issues, SQL-adjacent media parsing risks, local privilege escalation through cifs-utils, and codec vulnerabilities that could lead to crashes, information disclosure, privilege escalation, or code execution in exposed processing paths.

 

Low – Environmental Deployment  Adobe Acrobat Reader 

“Opening the wrong document should never open the door to an attacker.”

This security update addresses CVE-2020-9695, a high-severity out-of-bounds write vulnerability affecting Adobe Acrobat Reader. A specially crafted PDF file can trigger memory corruption, allowing arbitrary code execution in the context of the current user. Exploitation requires the user to open a malicious file. The CVSS score is 7.8, which is High severity.

The update corrects the memory handling issue that causes the out-of-bounds write, preventing attackers from executing arbitrary code through malicious PDF documents. There is no verified evidence of active real-world exploitation or a public proof-of-concept for this vulnerability.

 

Critical or Zero Day – Immediate DeploymentLinux Kernel

“Fixing dozens of kernel bugs at once closes far more doors than attackers can open.”

This security update addresses multiple Critical vulnerabilities in the Linux kernel, including CVE-2026-52914, CVE-2026-52924, CVE-2026-52931, CVE-2026-52955, CVE-2026-52982, CVE-2026-52986, CVE-2026-52989, CVE-2026-52993, CVE-2026-53002, CVE-2026-53006, CVE-2026-53010, CVE-2026-53045, CVE-2026-53046, CVE-2026-53049, CVE-2026-53055, CVE-2026-53086, CVE-2026-53088, CVE-2026-53151, CVE-2026-53175, CVE-2026-53176, CVE-2026-53215, CVE-2026-53216, CVE-2026-53221, CVE-2026-53228, CVE-2026-53246, CVE-2026-53247, CVE-2026-53260, and CVE-2026-53309. Each vulnerability has a CVSS score of 9.8, which is Critical severity.

The vulnerabilities affect multiple Linux kernel subsystems, including networking, memory management, storage, file systems, SCTP, Netfilter, SMB, Ceph, device drivers, XDP, virtualization, and protocol handling. The issues include use-after-free conditions, out-of-bounds memory access, double-free conditions, buffer validation failures, memory corruption, race conditions, integer overflows, and denial-of-service scenarios. Together, these flaws can impact kernel stability, availability, and the integrity of affected systems.

The update strengthens memory safety, improves bounds checking, corrects reference counting, fixes race conditions, validates protocol data, and hardens multiple kernel components against malformed input and unsafe memory operations. There is no verified evidence of active real-world exploitation or a public proof-of-concept for any of these vulnerabilities.

 

Critical or Zero Day – Immediate DeploymentApple iOS and iPadOS

“Protecting the kernel protects everything that runs on top of it.”

This update addresses three vulnerabilities affecting Apple iOS and iPadOS. CVE-2026-43724 has a CVSS score of 9.8, which is Critical severity, and could allow an application to write to kernel memory or cause an unexpected system termination. CVE-2026-39868 has a CVSS score of 9.1, which is Critical severity, and could allow an application to corrupt kernel memory or unexpectedly terminate the system. CVE-2026-43722 has a CVSS score of 5.5, which is Medium severity, and could allow an application to leak sensitive kernel state.

The update improves input validation and input sanitization to strengthen kernel protections, prevent memory corruption, and reduce the risk of system instability. These vulnerabilities are fixed in iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2. There is no verified evidence of active real-world exploitation or a public proof-of-concept for any of these vulnerabilities.

 

Critical or Zero Day – Immediate DeploymentOracle Payments

“A critical vulnerability under active attack leaves little room for delay.”

This update addresses CVE-2026-46817, a critical vulnerability affecting Oracle Payments. The CVSS score is 9.8, which is Critical severity. Oracle has released a fix for this vulnerability as part of its security updates.

Oracle has not publicly disclosed technical details describing the vulnerability. Active exploitation has been confirmed, making timely deployment of the available update essential to reduce exposure. The update mitigates the identified security risk in affected Oracle Payments deployments.

 

Critical or Zero Day – Immediate DeploymentCisco Identity Services Engine Software

“Identity platforms become high-value targets when attackers can reach the operating system or expose sensitive authentication data.”

Cisco patched two vulnerabilities affecting Cisco Identity Services Engine (ISE) and ISE-PIC. CVE-2026-20181 has a CVSS score of 9.1, which is Critical severity. CVE-2026-20190 has a CVSS score of 7.5, which is High severity.

CVE-2026-20181 is an input validation vulnerability that allows an authenticated administrator to execute arbitrary commands on the underlying operating system through crafted HTTP requests. Successful exploitation can provide user-level OS access and subsequent privilege escalation to root. In single-node deployments, exploitation could also cause a denial-of-service condition that prevents new endpoints from authenticating to the network. CVE-2026-20190 is an authorization weakness that allows an unauthenticated remote attacker to access sensitive information, including hashed credentials that could be leveraged in future attacks.

No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.

 

Critical or Zero Day – Immediate DeploymentSolarWinds Serv-U

“A simple network request should never be able to take down a critical file transfer service.”

SolarWinds patched CVE-2026-28318 in Serv-U. This vulnerability allows an unauthenticated attacker to send specially crafted POST requests using Content-Encoding: deflate that can crash the Serv-U service, resulting in a denial-of-service condition. The CVSS score is 7.5, which is High severity.

This issue does not require authentication or user interaction to exploit. Active exploitation has been reported. SolarWinds has provided mitigation guidance for customers who cannot immediately deploy the update.


 

 

Critical or Zero Day – Immediate DeploymentLiteLLM

“An AI gateway becomes a system gateway when users can execute commands on the host.”

BerriAI patched CVE-2026-42271 in LiteLLM. Versions 1.74.2 through 1.83.6 allowed authenticated users to abuse MCP server testing endpoints to execute arbitrary commands on the host running the LiteLLM proxy. The vulnerable endpoints accepted full server configurations and could spawn attacker-supplied commands as subprocesses with the privileges of the proxy process. The CVSS score is 8.7, which is High severity.

The issue stems from insufficient authorization controls on MCP preview functionality. Any authenticated user with a valid proxy API key, including low-privilege internal users, could execute commands on the underlying system. This vulnerability enables remote code execution and has been patched in version 1.83.7. Active exploitation has been reported.

 

Low – Environmental DeploymentAcrobat Reader

“A single malicious PDF can turn a routine document review into a security event.”

Adobe released updates for Acrobat Reader to address multiple vulnerabilities affecting versions 24.001.30365, 26.001.21651, and earlier. The update resolves several memory corruption issues, including out-of-bounds write and Use After Free vulnerabilities that could result in arbitrary code execution in the context of the current user when a victim opens a malicious file. The patch also addresses information disclosure vulnerabilities and an uncontrolled search path issue that could lead to code execution.

CVE-2026-47911, CVE-2026-47912, CVE-2026-47913, CVE-2026-47915, and CVE-2026-47916 each have a CVSS score of 7.8, which is High severity. CVE-2026-47937 has a CVSS score of 7.4, which is High severity. CVE-2026-47923 and CVE-2026-47924 each have a CVSS score of 5.5, which is Medium severity.

The highest risk vulnerabilities could allow arbitrary code execution after a user opens a specially crafted PDF file. The remaining vulnerabilities could expose sensitive memory contents or enable privilege-related abuse. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed for these vulnerabilities.

High with EoP or RCE – Expedited DeploymentCortex XSIAM CommvaultSecurityIQ Marketplace

“When credentials are not validated correctly, protected resources stop being protected.”

Palo Alto Networks patched CVE-2026-0274 in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM. This improper credential validation vulnerability could allow an unauthenticated attacker to access and modify protected resources without authorization. The CVSS score is 8.1, which is High severity.

The vulnerability impacts authentication controls and can lead to unauthorized access to sensitive resources. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.

 

High with EoP or RCE – Expedited DeploymentLangflow

“A file upload feature becomes dangerous when attackers can choose where files land.”

Langflow patched CVE-2026-5027 in the POST /api/v2/files endpoint. The endpoint did not properly sanitize the filename parameter in multipart form data, allowing attackers to use path traversal sequences to write files to arbitrary locations on the filesystem. The CVSS score is 8.8, which is High severity.

This vulnerability can lead to unauthorized file writes and privilege-related abuse on affected systems. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.

Critical or Zero Day – Immediate DeploymentVeeam Backup and Replication

“Backup systems are trusted assets, which makes remote code execution vulnerabilities especially dangerous.”

Veeam patched CVE-2026-44963 in Backup and Replication. This deserialization vulnerability (CWE-502) allows remote code execution on the Backup Server by an authenticated domain user. The CVSS score is 9.4, which is Critical severity.

Successful exploitation could allow an attacker to execute arbitrary code on the Backup Server, potentially compromising backup operations and the broader environment. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.

High with EoP or RCE – Expedited DeploymentOpenSSL

“A signed message should verify trust, not create an opportunity for memory corruption.”

OpenSSL patched CVE-2026-45447, a use-after-free vulnerability affecting PKCS#7 and S/MIME signature verification. A specially crafted signed message can trigger incorrect handling of a caller-owned BIO during PKCS7_verify(), leading to a use-after-free condition. The CVSS score is 8.8, which is High severity.

Successful exploitation may result in application crashes, heap corruption, or potentially remote code execution depending on application behavior and memory allocation conditions. Applications using OpenSSL PKCS#7 APIs are affected, while applications using CMS APIs are not. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.

Critical or Zero Day – Immediate DeploymentTrane Tracer SC

“Building control systems become business risks when attackers can bypass trust and reach sensitive functions.”

Trane patched four vulnerabilities affecting Tracer SC, Tracer SC+, and Tracer Concierge. CVE-2026-28252 has a CVSS score of 9.2, which is Critical severity. CVE-2026-28253 has a CVSS score of 8.7, which is High severity. CVE-2026-28254 has a CVSS score of 6.9, which is Medium severity. CVE-2026-28255 has a CVSS score of 8.2, which is High severity.

The issues include risky cryptography that could allow authentication bypass and root-level access, excessive memory allocation that could cause denial of service, missing authorization that could expose sensitive information through unprotected APIs, and hard-coded credentials that could enable account takeover. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.

High with EoP or RCE – Expedited DeploymentCortex XSIAM CommvaultSecurityIQ Marketplace

“Authentication controls only work when credentials are validated correctly.”

Palo Alto Networks patched CVE-2026-0274 in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM. This improper credential validation vulnerability allows an unauthenticated attacker to access and modify protected resources without authorization. The CVSS score is 8.1, which is High severity.

Successful exploitation could allow attackers to bypass expected access controls and make unauthorized changes to protected resources. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.

 

Critical or Zero Day – Immediate DeploymentLangGraph / LangGraphJS

“AI workflow platforms become high-value targets when trust boundaries around data and queries break down.”

LangChain patched multiple vulnerabilities affecting LangGraph and LangGraphJS checkpoint implementations. CVE-2025-67644 has a CVSS score of 7.3, which is High severity. CVE-2026-28277 has a CVSS score of 6.8, which is Medium severity. CVE-2026-27022 has a CVSS score of 6.5, which is Medium severity.

The vulnerabilities include SQL injection in LangGraph SQLite Checkpoint, unsafe deserialization of checkpoint data, and query injection in the Redis checkpoint implementation. Successful exploitation could allow manipulation of database queries, bypass of intended access controls, or execution of malicious payloads when crafted checkpoint data is loaded. CVE-2025-67644 is fixed in version 3.0.1, and CVE-2026-27022 is fixed in version 1.0.2. No public patch is available for CVE-2026-28277.

Proof-of-concept code has been reported for CVE-2026-27022. No verified active exploitation has been confirmed for the other vulnerabilities.

 

Critical or Zero Day – Immediate DeploymentAdobe Experience Manager Forms JEE

“A form field should collect data, not become a path to account compromise.”

Adobe patched two Cross-Site Scripting vulnerabilities in Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0, and earlier. CVE-2026-34691 is a stored XSS vulnerability with a CVSS score of 9.3, which is Critical severity. CVE-2026-34693 is a reflected XSS vulnerability with a CVSS score of 8.0, which is High severity.

Successful exploitation could allow malicious JavaScript to run in a victim’s browser, potentially giving an attacker elevated access or control over the victim’s account or session. CVE-2026-34693 requires user interaction through a crafted URL or compromised web page. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.

 

Critical or Zero Day – Immediate DeploymentColdFusion

“ColdFusion vulnerabilities can turn trusted application workflows into paths for code execution and data exposure.”

Adobe patched multiple vulnerabilities in ColdFusion versions 2023.19, 2025.8, and earlier. CVE-2026-47928 has a CVSS score of 9.6, which is Critical severity. CVE-2026-47929 has a CVSS score of 8.4, which is High severity. CVE-2026-47930 has a CVSS score of 8.1, which is High severity. CVE-2026-47931 has a CVSS score of 8.4, which is High severity. CVE-2026-47932 has a CVSS score of 8.8, which is High severity. CVE-2026-47960 has a CVSS score of 7.4, which is High severity.

The update addresses improper input validation, incorrect authorization, path traversal, and XXE vulnerabilities. Successful exploitation could allow arbitrary code execution, security feature bypass, unauthorized file or directory access, or arbitrary file system reads. Some issues require user interaction through a malicious file, while others do not. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.

 

High with EoP or RCE – Expedited DeploymentDreamweaver Desktop

“Opening a malicious project file should never become a path to code execution or data exposure.”

Adobe patched multiple vulnerabilities in Dreamweaver Desktop version 21.7 and earlier. CVE-2026-47906 has a CVSS score of 8.6, which is High severity. CVE-2026-47907 has a CVSS score of 8.2, which is High severity. CVE-2026-47908 has a CVSS score of 7.8, which is High severity.

The vulnerabilities include a dependency on a vulnerable third-party component, improper access control, and an uninitialized pointer issue. Successful exploitation could result in arbitrary code execution or unauthorized access to sensitive files and directories. All three vulnerabilities require user interaction, as a victim must open a malicious file. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.

 

High with EoP or RCE – Expedited DeploymentAdobe InCopy

“A malicious file can turn a publishing workflow into a code execution risk.”

Adobe patched three High severity vulnerabilities in InCopy versions 21.3, 20.5.3, and earlier. CVE-2026-34706, CVE-2026-34707, and CVE-2026-34708 each have a CVSS score of 7.8, which is High severity.

The vulnerabilities include out-of-bounds write, heap-based buffer overflow, and stack-based buffer overflow issues. Successful exploitation could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction, as a victim must open a malicious file. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.

High with EoP or RCE – Expedited DeploymentAdobe InDesign Desktop

“A malicious document can turn a creative workflow into a code execution opportunity.”

Adobe patched multiple vulnerabilities in InDesign Desktop versions 21.3, 20.5.3, and earlier. CVE-2026-34695, CVE-2026-34696, CVE-2026-34697, CVE-2026-34698, CVE-2026-34699, CVE-2026-34700, CVE-2026-34701, and CVE-2026-34702 each have a CVSS score of 7.8, which is High severity. CVE-2026-34703 has a CVSS score of 5.5, which is Medium severity.

The update addresses stack-based buffer overflows, heap-based buffer overflows, use-after-free conditions, out-of-bounds writes, and a NULL pointer dereference vulnerability. Successful exploitation could allow arbitrary code execution in the context of the current user or cause application denial of service. All vulnerabilities require user interaction, as a victim must open a malicious file. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.

 

High with EoP or RCE – Expedited DeploymentAdobe Substance3D – Sampler

“A crafted 3D asset can turn a creative workflow into a code execution risk.”

Adobe patched four High severity vulnerabilities in Substance3D – Sampler versions 6.0.0 and earlier. CVE-2026-34709, CVE-2026-34710, CVE-2026-48305, and CVE-2026-48306 each have a CVSS score of 7.8, which is High severity.

The vulnerabilities are out-of-bounds write issues that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction, as a victim must open a malicious file. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.

 

High or Medium – Important DeploymentGitLab

“Collaboration platforms become security risks when trust boundaries between users and administrators break down.”

GitLab patched four High severity vulnerabilities affecting GitLab CE and EE. CVE-2026-10087 and CVE-2026-6552 each have a CVSS score of 8.7, which is High severity. CVE-2026-7250 has a CVSS score of 7.5, which is High severity. CVE-2026-8589 has a CVSS score of 7.3, which is High severity.

The vulnerabilities include cross-site scripting in the Analytics Dashboard, improper authorization in Group SAML identity management, denial-of-service through API request parsing, and improper input sanitization that could allow unauthorized email address additions to user accounts. Successful exploitation could lead to account takeover, execution of unauthorized client-side code, service disruption, or unauthorized account modifications. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.


 

Critical or Zero Day – Immediate DeploymentCVE-2026-50656 – Microsoft Defender Elevation of Privilege Vulnerability

“A locally exploited privilege escalation flaw can turn a limited foothold into full system control, allowing attackers to move from access to impact with alarming speed.”

Microsoft Defender contains an elevation of privilege vulnerability in the Microsoft Malware Protection Engine, publicly referred to as “RoguePlanet.” The vulnerability arises from improper link resolution before file access, which can allow an attacker with low privileges on a system to elevate their permissions and gain significantly greater control over the affected device. Microsoft has acknowledged the issue and is working on a security update.

CVSS Score: 7.8

SEVERITY: Important

THREAT:
An attacker who already has local access to a vulnerable system could exploit this flaw to obtain elevated privileges. Successful exploitation could provide access to sensitive data, allow modification of system settings, and enable further malicious activity on the compromised device.

EXPLOITS:
The vulnerability has been publicly disclosed. Microsoft reports that the vulnerability is not currently being exploited. No confirmed zero-day exploitation has been reported. Microsoft assesses exploitation as more likely, and the CVSS metrics indicate Functional exploit code maturity.

TECHNICAL SUMMARY:
The vulnerability is associated with CWE-59: Improper Link Resolution Before File Access (‘Link Following’). This class of flaw occurs when software follows symbolic links, junctions, or other filesystem redirections without properly validating the target resource. An attacker with low privileges may be able to manipulate file operations performed by the Microsoft Malware Protection Engine, causing privileged processes to access or modify unintended files. Because the vulnerability affects a security-sensitive component operating with elevated privileges, successful exploitation can result in high-impact consequences affecting confidentiality, integrity, and availability.

EXPLOITABILITY:
Affected systems include Microsoft Defender environments that use the vulnerable Microsoft Malware Protection Engine. Exploitation requires local access and low privileges but does not require user interaction. An attacker could leverage crafted filesystem links or redirections to influence privileged file operations and elevate permissions on the system.

BUSINESS IMPACT:
Privilege escalation vulnerabilities are frequently used as a second-stage attack after an initial compromise. A successful attacker could gain greater control over endpoints, disable security controls, access sensitive business information, alter critical files, or establish persistence. Even when remote access is not possible through the vulnerability itself, it can significantly increase the impact of other attacks and accelerate lateral movement within an environment.

WORKAROUND:
If a security update is not yet available or cannot be immediately deployed:

  • Restrict local access to systems wherever possible.
  • Enforce least-privilege access controls.
  • Monitor for suspicious filesystem link creation and abnormal Defender-related activity.
  • Ensure endpoint protection and detection capabilities are actively monitoring for privilege escalation attempts.

URGENCY:
Although the vulnerability is not currently reported as exploited, it has been publicly disclosed and Microsoft assesses exploitation as more likely. The flaw affects a security component and can enable elevation of privilege with low attack complexity, low required privileges, and no user interaction. Organizations should closely monitor for the availability of Microsoft’s security update and prioritize deployment once released.

 

Critical or Zero Day – Immediate DeploymentJoomla Content Editor (JCE)

“A content editor should manage content, not provide attackers a path to run code on the server.”

The Joomla Content Editor (JCE) extension for Joomla patched CVE-2026-48907, a Critical vulnerability that allows unauthenticated users to create new editor profiles and ultimately upload and execute PHP code. The CVSS score is 10.0, which is Critical severity.

Successful exploitation can lead to arbitrary code execution on the affected Joomla server, resulting in full compromise of the web application and potentially the underlying host. The vulnerability requires no authentication, significantly increasing the risk to exposed systems. Active exploitation has been reported.


 

Critical or Zero Day – Immediate DeploymentcPanel Plugin

“A shared hosting boundary is only effective when one user cannot influence another user’s files.”

LiteSpeed patched CVE-2026-54420 in the cPanel Plugin before version 2.4.8 and LiteSpeed WHM PlugIn before version 5.3.2.0. The vulnerability involves improper handling of user-provided symbolic links on shared hosting servers running CloudLinux/CageFS. The CVSS score is 8.5, which is High severity.

Successful exploitation could allow a user with FTP or web shell access on a shared hosting server to bypass intended isolation controls and access resources outside their authorized scope. This may lead to unauthorized access to data belonging to other users hosted on the same system. Active exploitation has been reported.

 

Critical or Zero Day – Immediate DeploymentSplunk AI Toolkit

“AI integrations create new opportunities for productivity, but also new paths to system compromise when controls fail.”

Splunk patched two vulnerabilities in Splunk AI Toolkit versions below 5.7.4. CVE-2026-20266 has a CVSS score of 9.1, which is Critical severity. CVE-2026-20265 has a CVSS score of 4.3, which is Medium severity.

The update addresses an OS command injection vulnerability caused by unsafe shell execution in the btool configuration helper and an outbound request control weakness caused by an insecure default domain allowlist. Successful exploitation of CVE-2026-20266 could allow an administrator to execute arbitrary operating system commands on the host running Splunk Enterprise. CVE-2026-20265 could allow a low-privileged user to trigger outbound HTTP requests to attacker-controlled infrastructure, creating a potential data exfiltration path.

No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.

 

Critical or Zero Day – Immediate Deploymentaxios

“HTTP client weaknesses can turn trusted outbound requests into attacker-controlled traffic paths.”

Axios patched three vulnerabilities affecting proxy handling, header injection behavior, and prototype pollution gadget exposure. CVE-2026-42043 has a CVSS score of 7.2, which is High severity. CVE-2026-40175 has a CVSS score of 4.8, which is Medium severity. CVE-2026-42264 has a CVSS score of 7.4, which is High severity.

The vulnerabilities could allow NO_PROXY bypass, unsafe outbound request manipulation, header injection, or polluted configuration values being applied to HTTP requests. Proof-of-concept code has been reported for all three vulnerabilities.

 

Critical or Zero Day – Immediate DeploymentApache Tomcat

“Critical web server weaknesses can turn authentication and access controls into points of failure.”

Apache patched multiple Critical vulnerabilities in Apache Tomcat. CVE-2026-41293 has a CVSS score of 9.8, which is Critical severity. CVE-2026-43512 has a CVSS score of 9.8, which is Critical severity. CVE-2026-43515 has a CVSS score of 9.1, which is Critical severity.

The update addresses improper input validation, digest authentication bypass, and improper authorization when multiple method constraints define an HTTP method for the same extension. Successful exploitation could allow attackers to bypass authentication or authorization controls and gain access beyond intended restrictions. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.

 

 

High with EoP or RCE – Expedited DeploymentNGINX Open Source / NGINX Gateway Fabric

“Configuration and memory handling weaknesses can turn core infrastructure services into attack surfaces.”

F5 patched four High severity vulnerabilities affecting NGINX Open Source, NGINX Plus, and NGINX Gateway Fabric. CVE-2026-42530, CVE-2026-42055, CVE-2026-11311, and CVE-2026-50107 each have a CVSS score of 8.1, which is High severity.

The vulnerabilities include a use-after-free condition in the HTTP/3 QUIC module, a heap-based buffer overflow affecting HTTP/2 proxying, and two configuration injection vulnerabilities in NGINX Gateway Fabric. Successful exploitation could lead to worker process crashes, arbitrary code execution under specific conditions, or unauthorized injection of NGINX configuration directives through manipulated custom resource definitions.

No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.

 

Critical or Zero Day – Immediate DeploymentSimpleHelp

“When identity checks fail, attackers can become trusted users instantly.”

This patch addresses CVE-2026-48558 in SimpleHelp. The vulnerability affects SimpleHelp versions 5.5.15 and earlier, as well as 6.0 pre-release versions. An authentication bypass weakness in the OpenID Connect (OIDC) authentication flow allows identity tokens to be accepted without validating their cryptographic signatures. As a result, a remote, unauthenticated attacker can forge identity claims and obtain a fully authenticated technician session.

CVE-2026-48558 has a CVSS score of 10.0, which is Critical severity. The vulnerability is classified as CWE-347, Improper Verification of Cryptographic Signature. In affected deployments, attackers may gain technician-level access without valid credentials and potentially bypass multi-factor authentication controls. No user interaction is required.

 

Critical or Zero Day – Immediate Deploymentrclone

“One exposed setting can quietly remove every security check behind it.”

This patch addresses CVE-2026-41176 in rclone. The vulnerability affects versions 1.45.0 through 1.73.4 and stems from an authorization weakness in the RC endpoint options/set. The endpoint allows modification of global runtime configuration without requiring authentication. An unauthenticated attacker can disable RC authorization controls by setting rc.NoAuth=true, exposing administrative functionality that should normally be restricted.

CVE-2026-41176 has a CVSS score of 9.2, which is Critical severity. The vulnerability is classified as CWE-306, Missing Authentication for Critical Function. Successful exploitation can allow unauthorized access to sensitive configuration and operational management functions on affected RC servers. A public proof-of-concept (PoC) has been reported. Version 1.73.5 patches the issue.

 

High or Medium – Important DeploymentFirefox

“Memory corruption bugs may stay hidden until they become a path to code execution.”

This patch addresses three memory safety vulnerabilities in Mozilla Firefox and Thunderbird. CVE-2026-12326, CVE-2026-12327, and CVE-2026-12328 affect multiple Firefox, Firefox ESR, and Thunderbird releases. Mozilla reported that these issues involve memory safety defects that showed evidence of memory corruption. Such conditions can potentially be leveraged to execute arbitrary code under certain circumstances.

CVE-2026-12326 has a CVSS score of 8.1, which is High severity. CVE-2026-12327 has a CVSS score of 8.1, which is High severity. CVE-2026-12328 has a CVSS score of 8.1, which is High severity.

The vulnerabilities were corrected in Firefox 152, Thunderbird 152, Firefox ESR 140.12, Thunderbird ESR 140.12, and Firefox ESR 115.37, depending on the affected product branch. While no verified exploitation has been reported, the presence of memory corruption behavior increases the security risk and warrants prompt patching.

 

Critical or Zero Day – Immediate DeploymentCore Privileged Access Manager (BoKS)

“A privileged service with command injection risk can turn network access into system control.”

This patch addresses CVE-2026-9862 in Fortra Core Privileged Access Manager (BoKS). The vulnerability affects the boks_autoregisterd service and allows OS command injection during autoregistration processing. A remote attacker with network access to the service may execute commands using the privileges of the vulnerable service.

CVE-2026-9862 has a CVSS score of 9.8, which is Critical severity. The issue is classified as CWE-78, OS Command Injection. Remote Code Execution is possible, but no verified exploitation has been reported.

 

High with EoP or RCE – Expedited DeploymentMicrosoft Excel for Android

“One spreadsheet should never be enough to gain code execution or elevated access.”

This patch addresses three vulnerabilities in Microsoft Excel for Android. The update resolves an improper access control issue as well as two integer overflow vulnerabilities that could expose users to elevated privileges or code execution through specially crafted content.

CVE-2026-45649 has a CVSS score of 7.1, which is High severity. The vulnerability is classified as CWE-284 and may allow Elevation of Privilege.

CVE-2026-44803 has a CVSS score of 7.8, which is High severity. The vulnerability is classified as CWE-190 and may allow Remote Code Execution.

CVE-2026-44812 has a CVSS score of 7.8, which is High severity. The vulnerability is classified as CWE-190 and may allow Remote Code Execution.

No verified exploitation has been reported for these vulnerabilities. Organizations using Microsoft Excel for Android should apply the update to reduce the risk of malicious spreadsheet-based attacks and unauthorized privilege gains.

 

Critical or Zero Day – Immediate DeploymentJD Edwards EnterpriseOne Human Resources Management

“When HR systems face critical vulnerabilities, sensitive employee data and business operations are both at stake.”

This patch addresses CVE-2026-46892 in Oracle JD Edwards EnterpriseOne Human Resources Management. The vulnerability affects a core HR application used to manage employee information, workforce processes, and human resources operations within enterprise environments.

CVE-2026-46892 has a CVSS score of 9.1, which is Critical severity.

No verified exploitation has been reported. However, the Critical severity rating indicates a significant risk to affected environments and highlights the importance of applying the update to protect HR-related systems and sensitive workforce data.


 

Critical or Zero Day – Immediate DeploymentJD Edwards EnterpriseOne Order Promising

“A critical weakness in supply chain planning can quickly become a business continuity problem.”

This patch addresses CVE-2026-46907 in Oracle JD Edwards EnterpriseOne Order Promising. The vulnerability affects the Order Promising component, which plays a key role in inventory availability, fulfillment planning, and order management processes across enterprise environments.

CVE-2026-46907 has a CVSS score of 9.9, which is Critical severity.

No verified exploitation has been reported. However, the Critical severity rating indicates a significant risk to affected systems. Because Order Promising supports essential supply chain and fulfillment operations, organizations should prioritize remediation to reduce exposure and maintain operational integrity.

 

Critical or Zero Day – Immediate DeploymentJD Edwards EnterpriseOne Project Costing

“Critical risks in project costing systems can threaten financial control and delivery confidence.”

This patch addresses CVE-2026-46911 in Oracle JD Edwards EnterpriseOne Project Costing. The vulnerability affects a business-critical ERP component used to manage project budgets, costs, accounting, and financial tracking across enterprise operations.

CVE-2026-46911 has a CVSS score of 9.6, which is Critical severity.

No verified exploitation has been reported. The Critical severity rating makes this a high-priority update for organizations using JD Edwards Project Costing, especially where project financials support regulated, contractual, or revenue-impacting work.

 

Critical or Zero Day – Immediate DeploymentJD Edwards EnterpriseOne Tools

“A broad set of critical ERP tool vulnerabilities can put the business platform itself at risk.”

This patch addresses fourteen vulnerabilities in Oracle JD Edwards EnterpriseOne Tools. The update includes thirteen Critical severity vulnerabilities and one High severity vulnerability affecting a core ERP platform component that supports enterprise application operations, administration, and business workflows.

CVE-2026-46878, CVE-2026-46879, CVE-2026-46880, CVE-2026-46881, CVE-2026-46882, CVE-2026-46883, CVE-2026-46904, CVE-2026-46905, and CVE-2026-46909 each have a CVSS score of 9.8, which is Critical severity. CVE-2026-46906 has a CVSS score of 9.6, which is Critical severity. CVE-2026-46910 has a CVSS score of 9.1, which is Critical severity. CVE-2026-46912 and CVE-2026-46913 each have a CVSS score of 9.3, which is Critical severity. CVE-2026-46903 has a CVSS score of 8.8, which is High severity.

No verified exploitation has been reported. The volume and severity of these vulnerabilities make this a high-priority update for JD Edwards environments.

 

Critical or Zero Day – Immediate DeploymentOracle Agile PLM

“A critical vulnerability in product lifecycle management can expose the systems that drive product development and operations.”

This patch addresses CVE-2026-46859 in Oracle Agile PLM. The vulnerability affects Oracle’s Product Lifecycle Management platform, which is widely used to manage product data, engineering processes, manufacturing workflows, and compliance requirements across enterprise environments.

CVE-2026-46859 has a CVSS score of 9.8, which is Critical severity.

No verified exploitation has been reported. However, the Critical severity rating indicates a significant risk to affected environments. Because Agile PLM often serves as a central repository for product and engineering information, organizations should prioritize this update to reduce exposure and protect critical business operations.

 

Critical or Zero Day – Immediate DeploymentOracle Advanced Outbound Telephony

“Critical telephony platform risks can disrupt customer outreach and expose business operations.”

This patch addresses three vulnerabilities in Oracle Advanced Outbound Telephony. The update covers CVE-2026-46949, CVE-2026-46947, and CVE-2026-46950, affecting an enterprise communication platform used to support outbound customer engagement and telephony workflows.

CVE-2026-46949 has a CVSS score of 9.1, which is Critical severity. CVE-2026-46947 has a CVSS score of 8.8, which is High severity. CVE-2026-46950 has a CVSS score of 8.8, which is High severity.

No verified exploitation has been reported. The Critical severity rating makes this a high-priority update for organizations using Oracle Advanced Outbound Telephony in customer service, sales, or contact center operations.

 

Critical or Zero Day – Immediate DeploymentOracle Enterprise Command Center Framework

“Critical dashboard framework risks can expose the business systems leaders depend on every day.”

This patch addresses eight vulnerabilities in Oracle Enterprise Command Center Framework. The update includes seven Critical severity vulnerabilities and one High severity vulnerability affecting a framework used to deliver enterprise dashboards, analytics, and command center views across Oracle business applications.

CVE-2026-46895 has a CVSS score of 9.9, which is Critical severity. CVE-2026-46896 has a CVSS score of 9.1, which is Critical severity. CVE-2026-46897 has a CVSS score of 9.9, which is Critical severity. CVE-2026-46899 has a CVSS score of 9.6, which is Critical severity. CVE-2026-46900 has a CVSS score of 9.9, which is Critical severity. CVE-2026-46901 has a CVSS score of 9.9, which is Critical severity. CVE-2026-46902 has a CVSS score of 9.8, which is Critical severity. CVE-2026-46898 has a CVSS score of 8.1, which is High severity.

No verified exploitation has been reported. The number and severity of these vulnerabilities make this a priority update for Oracle enterprise application environments.


 

Critical or Zero Day – Immediate DeploymentOracle Enterprise Manager Base Platform

“When the platform used to manage enterprise systems is exposed, the impact can reach every managed asset.”

This patch addresses multiple vulnerabilities in Oracle Enterprise Manager Base Platform. The update includes nine Critical severity vulnerabilities and three High severity vulnerabilities affecting Oracle’s centralized management platform used to monitor, administer, and control enterprise infrastructure and applications.

CVE-2026-46832 has a CVSS score of 9.9, which is Critical severity. CVE-2026-46852 has a CVSS score of 9.9, which is Critical severity. CVE-2026-46853 has a CVSS score of 9.6, which is Critical severity. CVE-2026-46854 has a CVSS score of 9.9, which is Critical severity. CVE-2026-46855 has a CVSS score of 9.9, which is Critical severity. CVE-2026-46856 has a CVSS score of 9.6, which is Critical severity. CVE-2026-46857 has a CVSS score of 9.8, which is Critical severity. CVE-2026-46872 has a CVSS score of 9.0, which is Critical severity. CVE-2026-46875 has a CVSS score of 9.1, which is Critical severity.

CVE-2026-46864 has a CVSS score of 8.8, which is High severity. CVE-2026-46865 has a CVSS score of 8.2, which is High severity. CVE-2026-46866 has a CVSS score of 8.2, which is High severity.

No verified exploitation has been reported. The concentration of Critical severity vulnerabilities within a centralized management platform significantly increases organizational risk and makes this update a high priority for affected environments.

 

Critical or Zero Day – Immediate DeploymentOracle iSupport

“When customer support platforms face critical vulnerabilities, both service operations and customer trust are at risk.”

This patch addresses three vulnerabilities in Oracle iSupport. The update covers CVE-2026-46944, CVE-2026-46945, and CVE-2026-46946, affecting Oracle’s self-service customer support platform used for case management, service requests, knowledge access, and customer engagement.

CVE-2026-46944 has a CVSS score of 9.1, which is Critical severity. CVE-2026-46945 has a CVSS score of 9.1, which is Critical severity. CVE-2026-46946 has a CVSS score of 9.1, which is Critical severity.

No verified exploitation has been reported. The presence of multiple Critical severity vulnerabilities within a customer-facing support platform makes this a high-priority update for organizations relying on Oracle iSupport to deliver customer service operations.

 

Critical or Zero Day – Immediate DeploymentOracle Process Manufacturing Process Planning & Product Development

“Critical manufacturing system risks can disrupt planning, product development, and operational control.”

This patch addresses three vulnerabilities in Oracle Process Manufacturing components. CVE-2026-46942 affects Process Planning, while CVE-2026-46918 and CVE-2026-46916 affect Product Development. These systems support manufacturing workflows, formulation, planning, and product lifecycle operations.

CVE-2026-46942 has a CVSS score of 8.8, which is High severity. CVE-2026-46918 has a CVSS score of 9.9, which is Critical severity. CVE-2026-46916 has a CVSS score of 8.8, which is High severity.

No verified exploitation has been reported. The Critical severity rating makes this a priority update for Oracle manufacturing environments.

 

Critical or Zero Day – Immediate DeploymentOracle Solaris

“A critical operating system vulnerability can place the foundation of enterprise infrastructure at risk.”

This patch addresses two vulnerabilities in Oracle Solaris. The update includes one Critical severity vulnerability and one High severity vulnerability affecting Oracle’s enterprise operating system platform, which supports critical servers, applications, and infrastructure services.

CVE-2026-46978 has a CVSS score of 10.0, which is Critical severity. CVE-2026-46914 has a CVSS score of 7.1, which is High severity.

No verified exploitation has been reported. The presence of a maximum-severity CVSS score of 10.0 makes this a high-priority update for organizations operating Oracle Solaris environments. Prompt remediation is recommended to reduce exposure across affected systems.


 

Critical or Zero Day – Immediate DeploymentOracle Unified Directory

“Critical directory service risks can weaken the identity backbone of the enterprise.”

This patch addresses three vulnerabilities in Oracle Unified Directory. The update includes two Critical severity vulnerabilities and one High severity vulnerability affecting Oracle’s directory services platform, which supports identity data, authentication flows, and enterprise access management.

CVE-2026-46773 has a CVSS score of 9.8, which is Critical severity. CVE-2026-46774 has a CVSS score of 9.8, which is Critical severity. CVE-2026-46776 has a CVSS score of 8.6, which is High severity.

No verified exploitation has been reported. The Critical severity ratings make this a high-priority update for organizations relying on Oracle Unified Directory for identity and access services.

 

Critical or Zero Day – Immediate DeploymentOracle Universal Work Queue

“Critical workflow vulnerabilities can disrupt the systems that keep business operations moving.”

This patch addresses four vulnerabilities in Oracle Universal Work Queue. The update includes two Critical severity vulnerabilities and two High severity vulnerabilities affecting a platform used to route, prioritize, and manage work items across enterprise business processes and service operations.

CVE-2026-46963 has a CVSS score of 9.9, which is Critical severity. CVE-2026-46964 has a CVSS score of 9.9, which is Critical severity. CVE-2026-46965 has a CVSS score of 8.8, which is High severity. CVE-2026-46966 has a CVSS score of 7.5, which is High severity.

No verified exploitation has been reported. The presence of multiple Critical severity vulnerabilities within a workflow management platform makes this a high-priority update for organizations that depend on Oracle Universal Work Queue to support business-critical operations.

 

Critical or Zero Day – Immediate DeploymentOracle Virtual Directory

“A critical directory vulnerability can undermine the systems that connect users, applications, and data.”

This patch addresses CVE-2026-35312 in Oracle Virtual Directory. The vulnerability affects Oracle’s directory virtualization platform, which is commonly used to aggregate, manage, and present identity information from multiple directory sources across enterprise environments.

CVE-2026-35312 has a CVSS score of 9.8, which is Critical severity.

No verified exploitation has been reported. The Critical severity rating makes this a high-priority update for organizations that rely on Oracle Virtual Directory to support authentication, identity management, and directory integration services.

 

Critical or Zero Day – Immediate DeploymentOracle WebCenter Content

“This patch closes a large cluster of serious WebCenter Content risks before they can turn into business disruption.”

Oracle WebCenter Content has been updated to address 26 vulnerabilities across critical and high severity levels. The critical vulnerabilities are CVE-2026-35270, CVE-2026-35286, CVE-2026-35316, CVE-2026-35319, CVE-2026-35320, CVE-2026-35321, CVE-2026-35323, CVE-2026-46766, CVE-2026-46777, CVE-2026-46785, CVE-2026-46786, CVE-2026-46789, CVE-2026-46795, CVE-2026-46805, and CVE-2026-46813. Their CVSS scores are 9.1, 9.8, 9.9, 9.8, 9.0, 9.9, 9.9, 9.8, 9.1, 9.3, 9.6, 9.6, 9.3, 9.3, and 9.8, which are Critical severity.

The high severity vulnerabilities are CVE-2026-35315, CVE-2026-35317, CVE-2026-35322, CVE-2026-35324, CVE-2026-35325, CVE-2026-46787, CVE-2026-46788, CVE-2026-46804, CVE-2026-46806, CVE-2026-46808, and CVE-2026-35326. Their CVSS scores are 8.8, 8.8, 8.8, 8.8, 8.8, 8.0, 8.4, 8.7, 8.2, 8.7, and 7.2, which are High severity.

 

Critical or Zero Day – Immediate DeploymentOracle WebCenter Enterprise Capture

“When every vulnerability is critical, patching becomes a business priority, not just an IT task.”

Oracle WebCenter Enterprise Capture has been updated to address ten critical vulnerabilities affecting the platform. The update includes CVE-2026-46778 and CVE-2026-46781, each with a CVSS score of 10.0, which is Critical severity. CVE-2026-35280, CVE-2026-35281, CVE-2026-35282, CVE-2026-35283, CVE-2026-35284, CVE-2026-35285, CVE-2026-46779, and CVE-2026-46782 each have a CVSS score of 9.9, which is Critical severity.

This patch addresses a concentrated set of high-impact security weaknesses within Oracle WebCenter Enterprise Capture. All included vulnerabilities are rated Critical, creating a significant risk profile for affected deployments. No verified exploitation information was provided for these vulnerabilities.

 

Critical or Zero Day – Immediate DeploymentOracle WebCenter Portal

“A portal with this many critical risks can expose the business fast.”

Oracle WebCenter Portal has been updated to address ten critical vulnerabilities affecting the platform. CVE-2026-46803 and CVE-2026-46846 each have a CVSS score of 10.0, which is Critical severity. CVE-2026-46765, CVE-2026-46767, CVE-2026-46802, CVE-2026-46814, CVE-2026-46838, CVE-2026-46844, and CVE-2026-46847 each have a CVSS score of 9.9, which is Critical severity. CVE-2026-46845 has a CVSS score of 9.8, which is Critical severity.

This patch addresses a concentrated set of severe security weaknesses in Oracle WebCenter Portal. No verified exploitation information was provided for these vulnerabilities.

 

Critical or Zero Day – Immediate DeploymentOracle WebCenter Sites

“A public-facing content platform only needs one critical weakness to create a major business problem.”

Oracle WebCenter Sites has been updated to address eleven vulnerabilities spanning critical and high severity levels. CVE-2026-46798 and CVE-2026-46800 each have a CVSS score of 10.0, which is Critical severity. CVE-2026-35293, CVE-2026-35296, CVE-2026-46797, CVE-2026-46799, and CVE-2026-46801 each have a CVSS score of 9.8, which is Critical severity. CVE-2026-46809 has a CVSS score of 9.1, which is Critical severity.

The update also addresses several High severity vulnerabilities. CVE-2026-35318 has a CVSS score of 8.8, which is High severity. CVE-2026-46796 has a CVSS score of 8.0, which is High severity. CVE-2026-35295 has a CVSS score of 7.5, which is High severity. No verified exploitation information was provided for any of the vulnerabilities included in this update.


 

Critical or Zero Day – Immediate DeploymentPeopleSoft Enterprise PT PeopleTools

“A critical PeopleTools issue can put core business systems directly in the risk zone.”

PeopleSoft Enterprise PT PeopleTools has been updated to address eight vulnerabilities, including one Critical severity issue and seven High severity issues. CVE-2026-35278 has a CVSS score of 9.8, which is Critical severity. CVE-2026-35271 has a CVSS score of 8.7, which is High severity. CVE-2026-35272 has a CVSS score of 8.4, which is High severity. CVE-2026-35274 has a CVSS score of 8.2, which is High severity.

The update also covers CVE-2026-35276, CVE-2026-35279, and CVE-2026-35289, each with a CVSS score of 8.1, which is High severity. CVE-2026-35288 has a CVSS score of 8.2, which is High severity. No verified exploitation information was provided for these vulnerabilities.

 

Critical or Zero Day – Immediate DeploymentPeopleSoft Enterprise PT PeopleTools

“A critical PeopleTools issue can put core business systems directly in the risk zone.”

PeopleSoft Enterprise PT PeopleTools has been updated to address eight vulnerabilities, including one Critical severity issue and seven High severity issues. CVE-2026-35278 has a CVSS score of 9.8, which is Critical severity. CVE-2026-35271 has a CVSS score of 8.7, which is High severity. CVE-2026-35272 has a CVSS score of 8.4, which is High severity. CVE-2026-35274 has a CVSS score of 8.2, which is High severity.

The update also covers CVE-2026-35276, CVE-2026-35279, and CVE-2026-35289, each with a CVSS score of 8.1, which is High severity. CVE-2026-35288 has a CVSS score of 8.2, which is High severity. No verified exploitation information was provided for these vulnerabilities.

 

Critical or Zero Day – Immediate DeploymentSiebel Apps – Marketing

“A marketing system takeover risk can quickly become a customer data and business continuity problem.”

Siebel Apps – Marketing has been updated to address five vulnerabilities, including four Critical severity issues and one High severity issue. CVE-2026-46884, CVE-2026-46887, CVE-2026-46889, and CVE-2026-46890 each have a CVSS score of 9.8, which is Critical severity. CVE-2026-46886 has a CVSS score of 8.8, which is High severity.

This patch reduces serious exposure in the Siebel marketing environment and addresses vulnerabilities that could impact application control, data protection, and business operations.

 

Critical or Zero Day – Immediate DeploymentSiebel CRM Cloud Applications

“A single critical CRM vulnerability can put customer-facing operations at risk.”

Siebel CRM Cloud Applications has been updated to address five vulnerabilities, including one Critical severity issue and four High severity issues. CVE-2026-46919 has a CVSS score of 9.8, which is Critical severity. CVE-2026-46920 has a CVSS score of 8.1, which is High severity. CVE-2026-46921 has a CVSS score of 8.8, which is High severity. CVE-2026-46925 has a CVSS score of 8.3, which is High severity. CVE-2026-46926 has a CVSS score of 8.8, which is High severity.

This update addresses significant security weaknesses within the Siebel CRM Cloud Applications environment. The presence of a Critical severity vulnerability, combined with multiple High severity vulnerabilities, increases the potential impact to customer relationship management functions and associated business processes. No verified exploitation information was provided for these vulnerabilities.

 

Critical or Zero Day – Immediate DeploymentWebLogic Server

“A critical WebLogic weakness can put core applications and business services in the blast zone.”

WebLogic Server has been updated to address twelve vulnerabilities, including five Critical severity issues and seven High severity issues. CVE-2026-35292 and CVE-2026-35301 each have a CVSS score of 10.0, which is Critical severity. CVE-2026-35263 has a CVSS score of 9.9, which is Critical severity. CVE-2026-35298 has a CVSS score of 9.1, which is Critical severity. CVE-2026-35300 has a CVSS score of 9.8, which is Critical severity.

The update also covers CVE-2026-35258 with a CVSS score of 8.7, CVE-2026-35259 with a CVSS score of 8.8, CVE-2026-35299 with a CVSS score of 8.8, CVE-2026-35302 with a CVSS score of 8.3, CVE-2026-35303 with a CVSS score of 8.8, CVE-2026-35311 with a CVSS score of 8.8, and CVE-2026-46848 with a CVSS score of 7.9, all of which are High severity.

 

Critical or Zero Day – Immediate DeploymentpgAdmin 4

“When an administration tool becomes the attack path, the database is no longer the only asset at risk.”

pgAdmin 4 has been updated to address four significant vulnerabilities, including three Critical severity issues and one High severity issue. CVE-2026-12045 has a CVSS score of 9.0, which is Critical severity. This vulnerability allows prompt injection against the AI Assistant to bypass read-only transaction protections and execute unauthorized SQL. In environments where the connected database role has elevated privileges, the issue can extend to remote code execution on the database server host. CVE-2026-12046 has a CVSS score of 9.0, which is Critical severity and affects unauthenticated access to state-changing endpoints that can contribute to remote code execution when combined with additional compromise conditions. CVE-2026-12048 has a CVSS score of 9.3, which is Critical severity and addresses stored cross-site scripting that could allow attackers to inject malicious content into the pgAdmin interface.

The update also addresses CVE-2026-12044, which has a CVSS score of 8.8, which is High severity. This vulnerability involves SQL injection in multiple administrative templates and dialogs. The patch introduces stronger validation, authentication enforcement, output sanitization, and query handling controls across the platform. No verified exploitation information was provided for these vulnerabilities.

 

Critical or Zero Day – Immediate DeploymentCisco Unified Communications Manager

“An exposed communications platform can become the first step toward full system compromise.”

Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition have been updated to address CVE-2026-20230. This vulnerability has a CVSS score of 8.6, which is High severity. The issue is caused by improper input validation that can allow an unauthenticated remote attacker to perform server-side request forgery (SSRF) attacks against an affected system.

A successful attack could allow an attacker to write files to the underlying operating system, creating a path for later privilege escalation to root. Public proof-of-concept code has been reported for this vulnerability. Cisco assigned the issue a Critical Security Impact Rating because successful exploitation can ultimately lead to root-level compromise. The vulnerability is only exploitable when the WebDialer service is enabled, which is disabled by default.

 

Critical or Zero Day – Immediate DeploymentLantronix EDS5000 / UniFi OS Server

“When critical vulnerabilities are actively exploited, every unpatched system becomes a potential target.”

Security updates address four critical vulnerabilities affecting Lantronix EDS5000 and UniFi OS Server. CVE-2025-67038 has a CVSS score of 9.8, which is Critical severity. It allows command injection through the HTTP RPC authentication process, enabling arbitrary operating system commands to execute with root privileges. CVE-2026-34908 has a CVSS score of 10.0, which is Critical severity and addresses an improper access control vulnerability that could allow unauthorized changes to UniFi OS systems. CVE-2026-34909 has a CVSS score of 10.0, which is Critical severity and addresses a path traversal vulnerability that could expose and manipulate sensitive system files. CVE-2026-34910 has a CVSS score of 10.0, which is Critical severity and addresses an improper input validation vulnerability that can result in command injection.

These vulnerabilities are reported as being under active exploitation, significantly increasing the operational risk to exposed devices. Organizations should prioritize deployment of the available security updates to reduce the risk of system compromise and unauthorized administrative access.

 

Critical or Zero Day – Immediate DeploymentPTC Windchill PDMLink

“A deserialization bug in a product lifecycle platform can quickly become a full enterprise compromise.”

PTC Windchill PDMLink has been updated to address CVE-2026-12569. This vulnerability has a CVSS score of 9.3, which is Critical severity. The issue stems from the deserialization of untrusted data and can allow remote code execution on affected systems. The vulnerability impacts Windchill PDMLink, PTC FlexPLM, all CPS versions, and Windchill and FlexPLM releases prior to version 11.0 M030.

This vulnerability is reported as being under active exploitation, making it a high-priority security issue. Organizations should prioritize deployment of the available security update to reduce the risk of remote system compromise and unauthorized code execution.

 

Low – Environmental DeploymentCVE-2026-45585 – Windows BitLocker Security Feature Bypass Vulnerability

“When a security feature designed to protect data can be bypassed, stolen devices can become exposed devices. Strong encryption only works when its protections remain intact.”

Microsoft has published CVE-2026-45585, a Windows BitLocker Security Feature Bypass Vulnerability publicly referred to as YellowKey. Microsoft states that a proof-of-concept (PoC) for this vulnerability has been publicly disclosed before a security update became available. The company issued this CVE to provide mitigation guidance until security updates are installed. Systems using TPM+PIN are not vulnerable to exploitation according to Microsoft.

CVSS Score: 6.8

SEVERITY: MEDIUM

THREAT:

This vulnerability allows an attacker to bypass a Windows security feature designed to protect encrypted data. Successful exploitation could weaken BitLocker protections on vulnerable systems, particularly if a device is lost or stolen, potentially exposing sensitive information that organizations expect to remain encrypted.

EXPLOITS:

A public proof-of-concept (PoC) exploit exists. Microsoft specifically notes that the vulnerability became publicly known through the release of PoC code before coordinated disclosure was completed. The available data does not confirm active in-the-wild exploitation or a zero-day attack campaign.

TECHNICAL SUMMARY:

The vulnerability affects Microsoft BitLocker and is publicly known as YellowKey. Microsoft classifies it as a Security Feature Bypass vulnerability. The CVE record identifies the associated weakness as CWE-77: Improper Neutralization of Special Elements used in a Command (“Command Injection”). Microsoft has released mitigation guidance that can be implemented until the security update is applied. The advisory also confirms that devices configured to use TPM+PIN authentication are not exploitable by this vulnerability.

EXPLOITABILITY:

Affected products include:

  • Windows 11 Version 24h3 (x64) – versions 10.0.26100.0 through 10.0.26100.8654
  • Windows 11 Version 25h3 (x64) – versions 10.0.26200.0 through 10.0.26200.8654
  • Windows 11 Version 26H1 (x64) – versions 10.0.28000.0 through 10.0.28000.2268
  • Windows Server 2025 – versions 10.0.26100.0 through 10.0.26100.32994
  • Windows Server 2025 (Server Core installation) – versions 10.0.26100.0 through 10.0.26100.32994

Microsoft states that systems using TPM+PIN are not susceptible to exploitation.

BUSINESS IMPACT:

Organizations relying on BitLocker to protect sensitive information on laptops and other portable devices could face increased risk if vulnerable systems are lost or stolen. A successful security feature bypass may reduce confidence in device encryption protections and increase the potential for unauthorized access to sensitive business information.

WORKAROUND:

If the security update cannot be applied immediately, Microsoft recommends implementing its published temporary mitigations. These mitigations do not impact service availability or management operations, and they do not need to be removed after the security update is installed. Organizations using TPM+PIN are not affected by this vulnerability.

URGENCY:

Although the CVSS severity is MEDIUM, the vulnerability has a publicly available proof-of-concept, increasing the likelihood of attempted exploitation. Organizations with portable Windows devices protected by BitLocker should prioritize applying Microsoft’s mitigations and security updates to reduce the risk of unauthorized access to encrypted data.

 

Critical or Zero Day – Immediate DeploymentManageEngine (CVE-2026-11374) 9.0

ManageEngine Authentication Security Update

“A predictable authentication token can turn a trusted login into an easy target.”

This security update addresses CVE-2026-11374, a critical authentication vulnerability affecting ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus. The issue allows an unauthenticated attacker to predict SSO tickets generated during authentication, potentially leading to account takeover.

The CVSS score is 9.0, which is Critical severity. No verified real-world exploitation or public proof-of-concept has been confirmed. The update strengthens the generation of SSO authentication tickets to prevent prediction and reduce the risk of unauthorized access.

 

Critical or Zero Day – Immediate Deploymentlibssh3 Security Update 

“One unchecked packet is all it takes to turn a secure connection into a security risk.”

This security update addresses CVE-2026-55200, a high-severity memory corruption vulnerability in libssh3. The issue exists in ssh3_transport_read(), where insufficient validation of the packet_length field can lead to an out-of-bounds heap write. A remote attacker can send a specially crafted SSH packet to corrupt memory, potentially resulting in remote code execution. The CVSS score is 8.1, which is High severity.

The update corrects the packet length validation logic to enforce proper bounds checking and prevent heap corruption. A public proof-of-concept has been confirmed for this vulnerability. There is no verified evidence of active real-world exploitation.

 

Critical or Zero Day – Immediate DeploymentIBM Langflow OSS 

“When authentication fails and code isolation breaks, attackers can take complete control.”

This security update addresses CVE-2026-10561 and CVE-2026-7664, two critical vulnerabilities affecting IBM Langflow OSS. CVE-2026-10561 combines an authentication bypass with improper isolation of Python execution, allowing an unauthenticated attacker to execute arbitrary code on the host system and potentially achieve complete system compromise. The CVSS score is 10.0, which is Critical severity.

CVE-2026-7664 is an authorization vulnerability that allows unauthenticated attackers to access protected MCP project resources and perform MCP operations through the Streamable MCP transport endpoint. The CVSS score is 9.8, which is Critical severity.

The update strengthens authentication, enforces proper authorization on MCP endpoints, and improves isolation of Python execution to prevent unauthorized access and arbitrary code execution. There is no verified evidence of active real-world exploitation or a public proof-of-concept for either vulnerability.

 

 

Critical or Zero Day – Immediate DeploymentDell Wyse Management Suite 

“One vulnerable management platform can become the gateway to an entire device fleet.”

This security update addresses five vulnerabilities affecting Dell Wyse Management Suite (WMS). CVE-2026-41120 is a Critical vulnerability that could allow a low-privileged remote attacker to achieve remote code execution through improper handling of untrusted data. The CVSS score is 9.8, which is Critical severity.

The update also addresses four High severity vulnerabilities. CVE-2026-49506 (CVSS 7.2) is a path traversal vulnerability that could allow a high-privileged remote attacker to achieve remote code execution. CVE-2026-44271 (CVSS 8.1) and CVE-2026-44272 (CVSS 8.8) are SQL injection vulnerabilities that could allow unauthorized access. CVE-2026-44274 (CVSS 7.8) is an improper link resolution vulnerability that could allow unauthorized access through local exploitation.

The update strengthens input validation, enforces secure file path handling, mitigates SQL injection risks, and improves file access protections across affected components. There is no verified evidence of active real-world exploitation or a public proof-of-concept for any of these vulnerabilities.

 

Critical or Zero Day – Immediate DeploymentAutodesk Fusion 

“A trusted desktop application should never become a bridge for malicious websites.”

This security update addresses CVE-2026-10789, a critical vulnerability affecting Autodesk Fusion. A maliciously crafted webpage visited while Autodesk Fusion Desktop is running with the MCP extension enabled can trigger arbitrary code execution. Successful exploitation allows code to run with the privileges of the current user. The CVSS score is 9.6, which is Critical severity.

The update strengthens the security of the MCP extension to prevent malicious webpages from triggering arbitrary code execution. There is no verified evidence of active real-world exploitation or a public proof-of-concept for this vulnerability.

 

Critical or Zero Day – Immediate DeploymentProgress Software LoadMaster 

“An exposed management API should never become an attacker’s command line.”

This security update addresses CVE-2026-8037, a critical OS command injection vulnerability affecting Progress Software LoadMaster. The vulnerability exists in the product’s API, where insufficient input sanitization in multiple command endpoints allows an unauthenticated attacker to execute arbitrary operating system commands on a vulnerable LoadMaster appliance. The CVSS score is 9.6, which is Critical severity.

The update strengthens input validation and sanitization across the affected API endpoints to prevent command injection and unauthorized remote code execution. A public proof-of-concept has been confirmed for this vulnerability. There is no verified evidence of active real-world exploitation.

 

High or Medium – Important DeploymentApple Safari

“A single webpage should never be able to bring down a trusted browser.”

This update addresses 30 vulnerabilities affecting Apple Safari. CVE-2026-43715 has a CVSS score of 8.8, which is High severity, and resolves a use-after-free vulnerability that could lead to memory corruption when processing maliciously crafted web content. CVE-2026-43707 has a CVSS score of 7.5, which is High severity, and addresses a memory corruption issue that could result in an unexpected process crash.

The update also resolves CVE-2026-43716 and CVE-2026-43745, each with a CVSS score of 6.5, which is Medium severity. These vulnerabilities address memory handling and out-of-bounds write issues that could cause unexpected Safari crashes when processing malicious web content. The fixes improve memory management and input validation to strengthen browser stability and resilience against crafted content. There is no verified evidence of active real-world exploitation or a public proof-of-concept for any of these vulnerabilities.

 

High or Medium – Important DeploymentNetScaler ADC

“A secure gateway depends on every exposed service handling untrusted traffic safely.”

This update addresses six vulnerabilities affecting NetScaler ADC and NetScaler Gateway. CVE-2026-8451, CVE-2026-8452, CVE-2026-8655, CVE-2026-10816, and CVE-2026-13474 are High severity vulnerabilities with CVSS scores of 8.8, 8.8, 8.8, 7.1, and 8.7, respectively. CVE-2026-10817 has a CVSS score of 6.9, which is Medium severity.

The vulnerabilities include insufficient input validation, memory overread, memory overflow, arbitrary file read, and denial-of-service conditions. Depending on the deployment, affected systems configured as SAML Identity Providers, SSL VPN or AAA gateways, Oracle load balancers, DNS proxy or recursive resolvers, HTTP/2-enabled virtual servers, or management interfaces with enabled access may be vulnerable. The update strengthens input validation, memory handling, file access controls, and protocol processing to prevent unauthorized access, service disruption, and information disclosure. There is no verified evidence of active real-world exploitation or a public proof-of-concept for any of these vulnerabilities.

 

Critical or Zero Day – Immediate DeploymentLangflow

“An exposed API endpoint should never become an open door to your entire system.”

This update addresses CVE-2025-3248, a critical code injection vulnerability affecting Langflow versions prior to 1.3.0. The vulnerability exists in the /api/v1/validate/code endpoint, where a remote, unauthenticated attacker can send crafted HTTP requests to execute arbitrary code on the affected system. The CVSS score is 9.8, which is Critical severity.

The update removes the code injection weakness in the affected API endpoint, preventing unauthenticated attackers from executing arbitrary code. Active exploitation has been confirmed for this vulnerability. Organizations running affected Langflow versions should update to version 1.3.0 or later to mitigate the risk.

Webinar Recording: June 2026 Vulnerability Digest from Action1

See What You Can Do with Action1

 

Join our weekly LIVE demo “Patch Management That Just Works with Action1” to learn more

about Action1 features and use cases for your IT needs.

 

spiceworks logo
getapp logo review
software advice review
trustradius
g2 review
g2 review