Multiple vulnerabilities in Stormshield Management Center (June 29, 2026)
Multiple vulnerabilities have been discovered in Stormshield Management Center. They allow an attacker to cause remote arbitrary code execution, data confidentiality breaches, and data integrity breaches.
CSIRTS triage
- What
- Multiple vulnerabilities can lead to remote code execution and breaches of data confidentiality and integrity.
- Who is affected
- Users of Stormshield Management Center, specifics not detailed in the advisory.
- Urgency
- Remediation is urgent due to the potential for remote code execution and data breaches.
- Action
- Update Stormshield Management Center to the latest version to address these vulnerabilities.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch Stormshield Management Center
Get an email when a new Stormshield Management Center advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0816/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-66370.38% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 30% of all scored CVEs.
- Low exploitation riskCVE-2026-64730.67% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 48% of all scored CVEs.
- Low exploitation riskCVE-2026-66380.18% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 8% of all scored CVEs.
- Low exploitation riskCVE-2026-64750.32% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 24% of all scored CVEs.
- Low exploitation riskCVE-2026-64770.46% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 37% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-6637 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-6473 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-6638 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-6475 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-6477 | coverage & exploitation status | NVD · CVE.org |
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- high[UPDATE] [high] PostgreSQL: Multiple vulnerabilitiescert-bund
More from CERT-FR Avis de sécurité
- unknownMultiple vulnerabilities in Red Hat Linux kernel (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Ubuntu Linux kernel (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Progress MOVEit Transfer (July 10, 2026)2026-07-10
- unknownVulnerability in NetApp ONTAP 9 (July 10, 2026)2026-07-10
- unknownVulnerability in CPython (July 10, 2026)2026-07-10