{"total":1706,"page":1,"count":50,"advisories":[{"id":"59254c00-9f5e-449c-8b42-ad31b07d14fe","num":222679,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/vulnerability-impacting-roundcube-webmail-cve-2025-49113","title":"AL25-007 - Vulnerability impacting Roundcube Webmail – CVE-2025-49113 – Update 1","summary":"Number: AL25-007 Date: June 11, 2025 Updated: July 10, 2026 Audience This Alert is intended for IT professionals and managers of notified organizations. Purpose An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The Canadian Centre for Cyber Security (\"Cyber Centre\") is also available to provide additional assistance regarding the content of this Alert to recipients as requested. Details On June 1, 2025, Roundcube released a security bulletin for a critical vulnerability affecting Webmail. The issue is described as a Post-Auth RCE via PHP Object Deserialization vulnerability (CVE-2025-49113) Footnote 1 . The versions of Roundcube products affected are Footnote 2 : Webmail – versions prior to 1.5.10 Webmail – versions prior to 1.6.11 In response to this vulnerability, the Cyber Centre released AV25-309 on June 2, 2025 Footnote 3 . While the Cyber Centre has not received any reports of exploitation, the existence of a proof of concept (POC) significantly raises the likeness of abuse by malicious actors. The existence of a published POC makes it imperative to take action to assess and mitigate this vulnerability. The Cyber Centre is aware that exploitation of CVE-2024-42009 has been used to obtain valid credentials, which could lead to exploitation of CVE-2025-49113. CISA added CVE-2024-42009 to their Known Exploited Vulnerabilities (KEV) catalog Footnote 4 Footnote 5 on June 9, 2025. Update 1 The Cyber Centre is aware of open-source reporting indicating ongoing exploitation Footnote 7 of CVE-2024-42009 Footnote 8 and CVE-2025-49113 Footnote 1 related to Roundcube Webmail. The Cyber Centre strongly recommends that organizations upgrade to the latest Roundcube Webmail versions as per AV26-657 Footnote 9 : Webmail – version 1.6.17 Webmail – version 1.7.2 On June 9, 2025, Cybersecurity and Infrastructure Security Agency (CISA) added CVE","link":"https://cyber.gc.ca/en/alerts-advisories/vulnerability-impacting-roundcube-webmail-cve-2025-49113","severity":"critical","cvss":null,"cves":["CVE-2025-49113","CVE-2024-42009","CVE-2025-42009"],"exploited":true,"has_exploit":true,"published_at":"2026-07-10T19:12:59+00:00"},{"id":"73d9d291-848b-404f-aee7-5debe9dfcfb5","num":222264,"source_id":"cisa","external_id":"/node/25143","title":"CISA Adds Two Known Exploited Vulnerabilities to Catalog","summary":"CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-48939 iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability CVE-2026-56291 Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk vulnerabilities. BOD 26-04 further establishes basic expectations for when agencies must check whether threat actors compromised the system before the patch was applied. While BOD 26-04 applies only to FCEB agencies, CISA encourages all organizations to adopt risk-based vulnerability management and prioritize remediation of KEV Catalog vulnerabilities . CISA will continue to add vulnerabilities to the catalog that meet the specified criteria . Aware of an exploited vulnerability not currently listed in the KEV Catalog? Submit it for potential addition through CISA’s KEV Nomination Form . Potential KEV additions must have a CVE ID, evidence of exploitation, and clear mitigation guidance.","link":"https://www.cisa.gov/news-events/alerts/2026/07/10/cisa-adds-two-known-exploited-vulnerabilities-catalog","severity":"high","cvss":null,"cves":["CVE-2026-48939","CVE-2026-56291"],"exploited":true,"has_exploit":true,"published_at":"2026-07-10T12:00:00+00:00"},{"id":"d9473d5a-13c2-42cd-9e39-e915e99967f5","num":214108,"source_id":"ubuntu","external_id":"https://ubuntu.com/security/notices/USN-8528-1","title":"USN-8528-1: Linux kernel (Xilinx ZynqMP) vulnerabilities","summary":"It was discovered that the Linux kernel algif_aead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-31431) It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-43284, CVE-2026-43500) It was discovered that a logic flaw existed in the XFRM ESP-in-TCP subsystem in the Linux kernel when handling socket buffer fragments. This flaw is known as Fragnesia. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-43503, CVE-2026-46300) Qualys discovered that a race condition existed in the ptrace subsystem of the Linux kernel when privileged processes are exiting. An unprivileged local attacker could use this issue to expose sensitive information. (CVE-2026-46333) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - RISC-V architecture; - Cryptographic API; - InfiniBand drivers; - IOMMU subsystem; - Ethernet bonding driver; - Network drivers; - STMicroelectronics network drivers; - NVME drivers; - x86 platform drivers; - SCSI subsystem; - SPI subsystem; - TCM subsystem; - USB over IP driver; - File systems infrastructure; - HFS+ file system; - Network file system (NFS) server daemon; - SMB network file system; - IPv6 networking; - Netfilter; - Tracing infrastructure; - io_uring subsystem; - Timer subsystem; - B.A.T.M.A.N. meshing protocol; - Bluetooth subsystem; - Ethernet bridge; - Ceph Core library; - IPv4 networking; - MAC80211 subsystem; - M","link":"https://ubuntu.com/security/notices/USN-8528-1","severity":"unknown","cvss":null,"cves":["CVE-2026-31431","CVE-2026-43284","CVE-2026-43500","CVE-2026-43503","CVE-2026-46300","CVE-2026-46333","CVE-2022-48816","CVE-2023-53673","CVE-2024-35862","CVE-2024-50060","CVE-2025-37778","CVE-2025-37822","CVE-2025-37924","CVE-2025-38201","CVE-2025-40082","CVE-2025-68214","CVE-2025-68263","CVE-2025-71089","CVE-2025-71220","CVE-2025-71222","CVE-2025-71224","CVE-2026-23176","CVE-2026-23180","CVE-2026-23182","CVE-2026-23190","CVE-2026-23193","CVE-2026-23198","CVE-2026-23202","CVE-2026-23206","CVE-2026-23216","CVE-2026-23256","CVE-2026-23257","CVE-2026-23258","CVE-2026-23262","CVE-2026-23272","CVE-2026-23274","CVE-2026-23278","CVE-2026-23351","CVE-2026-23428","CVE-2026-23450","CVE-2026-23455","CVE-2026-31402","CVE-2026-31418","CVE-2026-31419","CVE-2026-31478","CVE-2026-31504","CVE-2026-31533","CVE-2026-31607","CVE-2026-31637","CVE-2026-31649","CVE-2026-31657","CVE-2026-31659","CVE-2026-31668","CVE-2026-31669","CVE-2026-31682","CVE-2026-31685","CVE-2026-43011","CVE-2026-43033","CVE-2026-43037","CVE-2026-43038","CVE-2026-43071","CVE-2026-43077","CVE-2026-43078","CVE-2026-43114","CVE-2026-43117","CVE-2026-43186","CVE-2026-43304","CVE-2026-43341","CVE-2026-43383","CVE-2026-43406","CVE-2026-43407","CVE-2026-43414","CVE-2026-43493","CVE-2026-43494","CVE-2026-43501","CVE-2026-45988","CVE-2026-46028","CVE-2026-46043","CVE-2026-46119","CVE-2026-46135","CVE-2026-46195","CVE-2026-46243"],"exploited":true,"has_exploit":true,"published_at":"2026-07-10T09:52:32+00:00"},{"id":"6500fa48-fb72-42bb-b48d-43c18b140b11","num":218701,"source_id":"cisa-kev","external_id":"CVE-2026-56291","title":"CVE-2026-56291: Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability","summary":"Balbooa Forms contains an unrestricted upload of file with dangerous type vulnerability that allows an unauthenticated arbitrary file upload which could allow uploading of executable files leading to full RCE.","link":"https://nvd.nist.gov/vuln/detail/CVE-2026-56291","severity":"critical","cvss":null,"cves":["CVE-2026-56291"],"exploited":true,"has_exploit":false,"published_at":"2026-07-10T00:00:00+00:00"},{"id":"dcc64140-c176-4452-b0b9-c98ac539dd8b","num":218702,"source_id":"cisa-kev","external_id":"CVE-2026-48939","title":"CVE-2026-48939: iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability","summary":"iCagenda contains an unrestricted upload of file with dangerous type vulnerability that allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.","link":"https://nvd.nist.gov/vuln/detail/CVE-2026-48939","severity":"critical","cvss":null,"cves":["CVE-2026-48939"],"exploited":true,"has_exploit":true,"published_at":"2026-07-10T00:00:00+00:00"},{"id":"c3c4d962-be4c-4a26-b888-ba1164579aae","num":190595,"source_id":"nvd","external_id":"CVE-2026-56291","title":"CVE-2026-56291: The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.","summary":"The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.","link":"https://nvd.nist.gov/vuln/detail/CVE-2026-56291","severity":"critical","cvss":9.8,"cves":["CVE-2026-56291"],"exploited":true,"has_exploit":false,"published_at":"2026-07-09T11:16:40.99+00:00"},{"id":"be0c4692-6633-4ed4-869e-08afcd6ed2f6","num":156746,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/langflow-security-advisory-av26-670","title":"Langflow security advisory (AV26-670)","summary":"Serial number: AV26-670 Date: July 8, 2026 On July 7, 2026, Langflow updated a security advisory to address vulnerabilities in the following product: Langflow – versions prior to 1.9.1 On July 7, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-55255 to their Known Exploited Vulnerabilities (KEV) Database. The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates, when available. CVE-2026-55255: Langflow: IDOR Vulnerability in /api/v1/responses Endpoint Allows Authenticated Attackers to Access Another User's Flow CISA KEV: CVE-2026-55255","link":"https://cyber.gc.ca/en/alerts-advisories/langflow-security-advisory-av26-670","severity":"unknown","cvss":null,"cves":["CVE-2026-55255"],"exploited":true,"has_exploit":true,"published_at":"2026-07-08T13:05:23+00:00"},{"id":"d0eb1d34-14aa-49dd-a5cb-484203eb370f","num":19583,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/adobe-security-advisory-av26-647","title":"Adobe security advisory (AV26-647) – Update 2","summary":"Serial number: AV26–647 Date: July 2, 2026 Updated: July 7, 2026 On June 30, 2026, Adobe published security advisories to address critical vulnerabilities in the following products: Adobe ColdFusion 2025 – Update 9 and prior Adobe ColdFusion 2023 – Update 20 and prior Adobe Campaign Classic – version ACC v7: 7.4.3 build 9396 and prior Update 1 Open-source reporting indicates that CVE-2026-48282 is being exploited. Update 2 On July 7, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-48282 to their Known Exploited Vulnerabilities (KEV) Database. The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates. Security update available for Adobe ColdFusion | APSB26-68 Security updates available for Adobe Campaign Classic | APSB26-69 Adobe Security Advisories CISA KEV: CVE-2026-48282","link":"https://cyber.gc.ca/en/alerts-advisories/adobe-security-advisory-av26-647","severity":"critical","cvss":null,"cves":["CVE-2026-48282"],"exploited":true,"has_exploit":true,"published_at":"2026-07-07T19:49:45+00:00"},{"id":"c9909ff1-bf57-4d69-aad5-7a3aee9d624d","num":133986,"source_id":"cisa","external_id":"/node/25116","title":"CISA Adds Three Known Exploited Vulnerabilities to Catalog","summary":"CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-48908 JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability CVE-2026-55255 Langflow Authorization Bypass Through User-Controlled Key Vulnerability CVE-2026-56290 Joomlack Page Builder Improper Access Control Vulnerability These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk vulnerabilities. BOD 26-04 further establishes basic expectations for when agencies must check whether threat actors compromised the system before the patch was applied. While BOD 26-04 applies only to FCEB agencies, CISA encourages all organizations to adopt risk-based vulnerability management and prioritize remediation of KEV Catalog vulnerabilities . CISA will continue to add vulnerabilities to the catalog that meet the specified criteria . Aware of an exploited vulnerability not currently listed in the KEV Catalog? Submit it for potential addition through CISA’s KEV Nomination Form . Potential KEV additions must have a CVE ID, evidence of exploitation, and clear mitigation guidance.","link":"https://www.cisa.gov/news-events/alerts/2026/07/07/cisa-adds-three-known-exploited-vulnerabilities-catalog","severity":"high","cvss":null,"cves":["CVE-2026-48908","CVE-2026-55255","CVE-2026-56290"],"exploited":true,"has_exploit":true,"published_at":"2026-07-07T12:00:00+00:00"},{"id":"795dfb73-cd8e-4e63-8c89-dc2e690c1999","num":138736,"source_id":"cisa","external_id":"/node/25133","title":"CISA Adds One Known Exploited Vulnerability to Catalog","summary":"CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-48282 Adobe ColdFusion Path Traversal Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk vulnerabilities. BOD 26-04 further establishes basic expectations for when agencies must check whether threat actors compromised the system before the patch was applied. While BOD 26-04 applies only to FCEB agencies, CISA encourages all organizations to adopt risk-based vulnerability management and prioritize remediation of KEV Catalog vulnerabilities . CISA will continue to add vulnerabilities to the catalog that meet the specified criteria . Aware of an exploited vulnerability not currently listed in the KEV Catalog? Submit it for potential addition through CISA’s KEV Nomination Form . Potential KEV additions must have a CVE ID, evidence of exploitation, and clear mitigation guidance.","link":"https://www.cisa.gov/news-events/alerts/2026/07/07/cisa-adds-one-known-exploited-vulnerability-catalog","severity":"high","cvss":null,"cves":["CVE-2026-48282"],"exploited":true,"has_exploit":true,"published_at":"2026-07-07T12:00:00+00:00"},{"id":"33fa5e10-edf4-4749-8060-684f829dce41","num":130111,"source_id":"cisa-kev","external_id":"CVE-2026-55255","title":"CVE-2026-55255: Langflow Authorization Bypass Through User-Controlled Key Vulnerability","summary":"Langflow contains an authorization bypass through user-controlled key vulnerability which allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request.","link":"https://nvd.nist.gov/vuln/detail/CVE-2026-55255","severity":"critical","cvss":null,"cves":["CVE-2026-55255"],"exploited":true,"has_exploit":true,"published_at":"2026-07-07T00:00:00+00:00"},{"id":"8c639c4a-dbe6-42dc-83bc-2fb5dfcdf035","num":134841,"source_id":"cisa-kev","external_id":"CVE-2026-48282","title":"CVE-2026-48282: Adobe ColdFusion Path Traversal Vulnerability","summary":"Adobe ColdFusion contains a path traversal vulnerability that could lead to arbitrary code execution in the context of the current user.","link":"https://nvd.nist.gov/vuln/detail/CVE-2026-48282","severity":"critical","cvss":null,"cves":["CVE-2026-48282"],"exploited":true,"has_exploit":true,"published_at":"2026-07-07T00:00:00+00:00"},{"id":"c43747d5-690a-4102-a78a-5d16d2df61ec","num":130112,"source_id":"cisa-kev","external_id":"CVE-2026-56290","title":"CVE-2026-56290: Joomlack Page Builder Improper Access Control Vulnerability","summary":"Joomlack Page Builder contains an improper access control vulnerability that could allow for remote code execution via unauthenticated arbitrary file upload.","link":"https://nvd.nist.gov/vuln/detail/CVE-2026-56290","severity":"critical","cvss":null,"cves":["CVE-2026-56290"],"exploited":true,"has_exploit":true,"published_at":"2026-07-07T00:00:00+00:00"},{"id":"7a5cd1c5-b226-4cb3-a433-faa253d64916","num":130110,"source_id":"cisa-kev","external_id":"CVE-2026-48908","title":"CVE-2026-48908: JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability","summary":"JoomShaper SP Page Builder contains an unrestricted upload of file with dangerous type vulnerability that allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.","link":"https://nvd.nist.gov/vuln/detail/CVE-2026-48908","severity":"critical","cvss":null,"cves":["CVE-2026-48908"],"exploited":true,"has_exploit":true,"published_at":"2026-07-07T00:00:00+00:00"},{"id":"3345f319-15d7-4471-a4a6-aa86761aaea3","num":19588,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/al26-015-critical-vulnerability-impacting-microsoft-sharepoint-server-cve-2026-45659","title":"AL26-015 - Critical vulnerability impacting Microsoft SharePoint Server – CVE-2026-45659","summary":"Number: AL26-015 Date: July 2, 2026 Audience This Alert is intended for IT professionals and managers. Purpose An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The Canadian Centre for Cyber Security (\"Cyber Centre\") is also available to provide additional assistance regarding the content of this Alert to recipients as requested. Details The Canadian Centre for Cyber Security (Cyber Centre) is aware of active exploitation of a vulnerability affecting Microsoft SharePoint Server. In response to the Microsoft security advisory, released on May 21, 2026 Footnote 1 , the Cyber Centre issued AV26-456 Footnote 2 Update 1 on May 21, 2026. Tracked as CVE-2026-45659 Footnote 3 , this vulnerability is a critical Deserialization of Untrusted Data (CWE-502) Footnote 4 vulnerability affecting multiple versions of Microsoft SharePoint Server and could allow a low privileged remote attacker to execute remote code. This vulnerability was added to the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog Footnote 5 on July 1, 2026. Suggested actions The Cyber Centre recommends that organizations upgrade affected Microsoft SharePoint instances to a fixed version: Affected Product Affected Versions Fixed Versions Microsoft SharePoint Enterprise Server 2016 16.0.0 before 16.0.5552.1002 16.0.5552.1002 Microsoft SharePoint Server 2019 16.0.0 before 16.0.10417.20128 16.0.10417.20128 Microsoft SharePoint Server Subscription Edition 16.0.0 before 16.0.19725.20280 16.0.19725.20280 The Cyber Centre recommends organizations: Identify all on-premises SharePoint Server instances, particularly those exposed to the internet. Use or upgrade to supported versions of on-premises Microsoft SharePoint Server. Apply the latest security updates from Microsoft. Important note: Microsoft SharePoint Enterprise Server 2016","link":"https://cyber.gc.ca/en/alerts-advisories/al26-015-critical-vulnerability-impacting-microsoft-sharepoint-server-cve-2026-45659","severity":"critical","cvss":null,"cves":["CVE-2026-45659"],"exploited":true,"has_exploit":true,"published_at":"2026-07-02T14:37:55+00:00"},{"id":"e3601553-8ad4-4d2b-8c9c-9637f0ed7b87","num":1883,"source_id":"cert-bund","external_id":"https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1504","title":"[UPDATE] [high] Apache HTTP Server: Multiple vulnerabilities","summary":"A remote anonymous attacker can exploit multiple vulnerabilities in Apache HTTP Server to execute arbitrary code, cause a denial-of-service condition, bypass security measures, or disclose confidential information.","link":"https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1504","severity":"high","cvss":null,"cves":["CVE-2024-38475","CVE-2023-38709","CVE-2024-36387","CVE-2024-38472","CVE-2024-38473","CVE-2024-38474","CVE-2024-38476","CVE-2024-38477","CVE-2024-39573"],"exploited":true,"has_exploit":true,"published_at":"2026-07-02T09:21:50+00:00"},{"id":"10f18149-832e-48b5-8e01-9a87846e2667","num":2084,"source_id":"cisco-psirt","external_id":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW","title":"Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability","summary":"A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root . Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root . Note: To exploit this vulnerability, the WebDialer service must be enabled. WebDialer is disabled by default. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW Security Impact Rating: Critical CVE: CVE-2026-20230","link":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Unified%20Communications%20Manager%20Server-Side%20Request%20Forgery%20Vulnerability%26vs_k=1","severity":"critical","cvss":null,"cves":["CVE-2026-20230"],"exploited":true,"has_exploit":true,"published_at":"2026-07-01T15:10:08+00:00"},{"id":"33287946-ef9b-4dea-95e3-139bb8070493","num":226,"source_id":"cisa","external_id":"/node/25105","title":"CISA Adds One Known Exploited Vulnerability to Catalog","summary":"CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-45659 Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk vulnerabilities. BOD 26-04 further establishes basic expectations for when agencies must check whether threat actors compromised the system before the patch was applied. While BOD 26-04 applies only to FCEB agencies, CISA encourages all organizations to adopt risk-based vulnerability management and prioritize remediation of KEV Catalog vulnerabilities . CISA will continue to add vulnerabilities to the catalog that meet the specified criteria . Aware of an exploited vulnerability not currently listed in the KEV Catalog? Submit it for potential addition through CISA’s KEV Nomination Form . Potential KEV additions must have a CVE ID, evidence of exploitation, and clear mitigation guidance.","link":"https://www.cisa.gov/news-events/alerts/2026/07/01/cisa-adds-one-known-exploited-vulnerability-catalog","severity":"high","cvss":null,"cves":["CVE-2026-45659"],"exploited":true,"has_exploit":true,"published_at":"2026-07-01T12:00:00+00:00"},{"id":"6e2c84a0-e79c-4587-bc49-2b094b806061","num":1935,"source_id":"cisa-kev","external_id":"CVE-2026-45659","title":"CVE-2026-45659: Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability","summary":"Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network.","link":"https://nvd.nist.gov/vuln/detail/CVE-2026-45659","severity":"critical","cvss":null,"cves":["CVE-2026-45659"],"exploited":true,"has_exploit":true,"published_at":"2026-07-01T00:00:00+00:00"},{"id":"edaad5b6-180a-438c-ba77-1b063da83aca","num":19592,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/simplehelp-security-advisory-av26-642","title":"SimpleHelp security advisory (AV26-642)","summary":"Serial number: AV26-642 Date: June 30, 2026 On May 26, 2026, SimpleHelp published a security update to address vulnerabilities in the following product: SimpleHelp – versions 5.5.0 to versions prior to 5.5.16 SimpleHelp – versions 6.0 to versions prior to 6.0 RC2 On June 29, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-48558 to their Known Exploited Vulnerabilities (KEV) Database. The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary update. SimpleHelp 5.5 and 6.0 Security Fix SimpleHelp Release News CISA KEV: CVE-2026-48558","link":"https://cyber.gc.ca/en/alerts-advisories/simplehelp-security-advisory-av26-642","severity":"unknown","cvss":null,"cves":["CVE-2026-48558"],"exploited":true,"has_exploit":true,"published_at":"2026-06-30T12:28:47+00:00"},{"id":"8a75f0b3-bc08-4b72-b415-a03367615813","num":275,"source_id":"cisa","external_id":"/node/25087","title":"CISA Adds One Known Exploited Vulnerability to Catalog","summary":"CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-48558 SimpleHelp Authentication Bypass Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk vulnerabilities. BOD 26-04 further establishes basic expectations for when agencies must check whether threat actors compromised the system before the patch was applied. While BOD 26-04 applies only to FCEB agencies, CISA encourages all organizations to adopt risk-based vulnerability management and prioritize remediation of KEV Catalog vulnerabilities . CISA will continue to add vulnerabilities to the catalog that meet the specified criteria . Aware of an exploited vulnerability not currently listed in the KEV Catalog? Submit it for potential addition through CISA’s KEV Nomination Form . Potential KEV additions must have a CVE ID, evidence of exploitation, and clear mitigation guidance.","link":"https://www.cisa.gov/news-events/alerts/2026/06/29/cisa-adds-one-known-exploited-vulnerability-catalog","severity":"high","cvss":null,"cves":["CVE-2026-48558"],"exploited":true,"has_exploit":true,"published_at":"2026-06-29T12:00:00+00:00"},{"id":"bb0515b0-4513-4e52-998a-f77895f7e782","num":2580,"source_id":"cisa-kev","external_id":"CVE-2026-48558","title":"CVE-2026-48558: SimpleHelp Authentication Bypass Vulnerability","summary":"SimpleHelp contains an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication.","link":"https://nvd.nist.gov/vuln/detail/CVE-2026-48558","severity":"critical","cvss":null,"cves":["CVE-2026-48558"],"exploited":true,"has_exploit":true,"published_at":"2026-06-29T00:00:00+00:00"},{"id":"4ea687cb-5c5f-4c3c-80b5-277a6e933e9d","num":19602,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/cisco-security-advisory-av26-547","title":"Cisco security advisory (AV26-547) – Update 1","summary":"Serial number: AV26-547 Date: June 3, 2026 Updated: June 25, 2026 On June 3, 2026, Cisco published security advisories to address vulnerabilities in multiple products. Included was a critical update for the following: Cisco Unified Communications Manager (CM) Release 14 – versions prior to 14SU6 Cisco Unified Communications Manager (CM) Release 15 – versions prior to 15SU5 (Sep 2026) or COP Cisco Unified Communications Manager Session Management Edition (CM SME) release 14 – versions prior to 14SU6 Cisco Unified Communications Manager Session Management Edition (CM SME) release 15 – versions prior to 15SU5 (Sep 2026) or COP Cisco has indicated that a proof-of-concept exploit code is available for CVE-2026-20230. Update 1 On June 25, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-20230 to their Known Exploited Vulnerabilities (KEV) Database. The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates. Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability Cisco Security Advisories CISA KEV: CVE-2026-20230","link":"https://cyber.gc.ca/en/alerts-advisories/cisco-security-advisory-av26-547","severity":"critical","cvss":null,"cves":["CVE-2026-20230"],"exploited":true,"has_exploit":true,"published_at":"2026-06-25T19:37:20+00:00"},{"id":"37179985-3b6a-49be-8e13-42a3711163bb","num":847,"source_id":"cisa","external_id":"/node/25083","title":"CISA Adds Two Known Exploited Vulnerabilities to Catalog","summary":"CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-12569 PTC Windchill and FlexPLM Improper Input Validation Vulnerability CVE-2026-20230 Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk vulnerabilities. BOD 26-04 further establishes basic expectations for when agencies must check whether threat actors compromised the system before the patch was applied. While BOD 26-04 applies only to FCEB agencies, CISA encourages all organizations to adopt risk-based vulnerability management and prioritize remediation of KEV Catalog vulnerabilities . CISA will continue to add vulnerabilities to the catalog that meet the specified criteria . Aware of an exploited vulnerability not currently listed in the KEV Catalog? Submit it for potential addition through CISA’s KEV Nomination Form . Potential KEV additions must have a CVE ID, evidence of exploitation, and clear mitigation guidance.","link":"https://www.cisa.gov/news-events/alerts/2026/06/25/cisa-adds-two-known-exploited-vulnerabilities-catalog","severity":"high","cvss":null,"cves":["CVE-2026-12569","CVE-2026-20230"],"exploited":true,"has_exploit":true,"published_at":"2026-06-25T12:00:00+00:00"},{"id":"b1ce1326-fd0b-45d1-a7a6-121412a848d2","num":1135,"source_id":"cisa-kev","external_id":"CVE-2026-20230","title":"CVE-2026-20230: Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability","summary":"Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) contain a server-side request forgery (SSRF) Vulnerability that could allow an unauthenticated, remote attacker to write files to the underlying operating system that could be used later to elevate to root.","link":"https://nvd.nist.gov/vuln/detail/CVE-2026-20230","severity":"critical","cvss":null,"cves":["CVE-2026-20230"],"exploited":true,"has_exploit":true,"published_at":"2026-06-25T00:00:00+00:00"},{"id":"5157e66e-8c3d-4f9a-963f-edd8aabe160e","num":381,"source_id":"cisa-kev","external_id":"CVE-2026-12569","title":"CVE-2026-12569: PTC Windchill and FlexPLM Improper Input Validation Vulnerability","summary":"PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by sending a malicious request to the network.","link":"https://nvd.nist.gov/vuln/detail/CVE-2026-12569","severity":"critical","cvss":null,"cves":["CVE-2026-12569"],"exploited":true,"has_exploit":false,"published_at":"2026-06-25T00:00:00+00:00"},{"id":"56801fb3-818b-4e57-99f3-230f682c91f7","num":19611,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/control-systems-cisa-ics-security-advisories-av26-241","title":"[Control systems] CISA ICS security advisories (AV26–241) – Update 1","summary":"Serial number: AV26-241 Date: March 16, 2026 Updated: June 23, 2026 Between March 9 and 15, 2026, CISA published ICS advisories to address vulnerabilities in the following products: Apeman Cameras ID71 – all versions Ceragon Siklu MultiHaul and EtherHaul Series – multiple versions Honeywell IQ4x BMS Controller – multiple versions and models Inductive Automation Ignition Software – versions prior to 8.3.0 Lantronix EDS3000PS – version 3.1.0.0R2 Lantronix EDS5000 – version 2.1.0.0R3 Siemens Heliox EV Chargers – version Heliox Mobile DC 40 kW EV Charging Station Siemens Heliox EV Chargers – version Heliox Flex 180 kW EV Charging Station Siemens RUGGEDCOM APE1808 Devices – all versions Siemens SIDIS Prime – versions prior to V4.0.800 Siemens SIMATIC – multiple versions and models Trane Tracer Concierge – versions prior to v6.3.2310 Trane Tracer SC – versions prior to v4.4_SP7 Trane Tracer SC+ – versions prior to v6.3.2310 Update 1 On June 23, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-67038 affecting Lantronix EDS5000 to their Known Exploited Vulnerabilities (KEV) Database. The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available. CISA ICS Advisories CISA KEV: CVE-2025-67038","link":"https://cyber.gc.ca/en/alerts-advisories/control-systems-cisa-ics-security-advisories-av26-241","severity":"unknown","cvss":null,"cves":["CVE-2025-67038"],"exploited":true,"has_exploit":true,"published_at":"2026-06-23T20:23:46+00:00"},{"id":"f7a57ff8-7259-4065-a68f-fc33215b40cd","num":19612,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/ubiquiti-security-advisory-av26-498","title":"Ubiquiti security advisory (AV26-498) – Update 1","summary":"Serial number: AV26-498 Date: May 22, 2026 Updated: June 23, 2026 On May 21, 2026, Ubiquiti published a security advisory to address vulnerabilities in the following products. Included were critical updates for the following: Express - version 4.0.13 and prior UCG-Industrial - version 5.0.13 and prior UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, EFG, UDW, UDR, UDR7, Express 7, UNVR, UNVR-Pro, UNVR-Instant, ENVR, UCG-Ultra, UCG-Max and UCG-Fiber - version 5.0.16 and prior UDM-Beast, UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4 and UNAS-Pro-8 - version 5.1.8 and prior UDR-5G, ENVR-Core, UCKP, UCK and UCK-Enterprise - version 5.0.17 and prior UNVR-G2 and UNVR-G2-Pro - version 5.1.11 and prior UniFi OS Server - version 5.0.6 and prior Update 1 On June 23, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910 to their Known Exploited Vulnerabilities (KEV) Database. The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates. Ubiquiti UniFi - Security Advisory Bulletin 064 Ubiquiti UniFi Security Releases CISA KEV: CVE-2026-34908 CISA KEV: CVE-2026-34909 CISA KEV: CVE-2026-34910","link":"https://cyber.gc.ca/en/alerts-advisories/ubiquiti-security-advisory-av26-498","severity":"critical","cvss":null,"cves":["CVE-2026-34908","CVE-2026-34909","CVE-2026-34910"],"exploited":true,"has_exploit":true,"published_at":"2026-06-23T20:14:02+00:00"},{"id":"6e37fa25-93a5-42d6-b43d-89b45fac9ef5","num":1103,"source_id":"cisa","external_id":"/node/25067","title":"Impact of Linux Kernel vulnerabilities on B&R products","summary":"View CSAF Summary B&R is aware of publicly reported vulnerabilities affecting the Linux kernel versions shipped with the products listed as affected in the advisory. Successful local exploitation of these vulnerabilities could allow an attacker to escalate privileges on the affected system. Public proof-of-concept exploits are available for the vulnerabilities described herein. At the time of publication of this advisory, B&R had no evidence of active exploitation targeting B&R products. The following versions of Impact of Linux Kernel vulnerabilities on B&R products are affected: Linux for B&R &lt;=12 APROL &lt;APROL-AutoYaST-DVD- V4.4-010.10.260602 X20EDS410 /all CVSS Vendor Equipment Vulnerabilities v3 7.8 B&R Industrial Automation GmbH Impact of Linux Kernel vulnerabilities on B&R products Incorrect Resource Transfer Between Spheres, Write-what-where Condition, Improper Privilege Management, Out-of-bounds Write, Multiple Releases of Same Resource or Handle Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Switzerland Vulnerabilities Expand All + CVE-2026-31431 In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly. View CVE Details Affected Products Impact of Linux Kernel vulnerabilities on B&R products Vendor: B&R Industrial Automation GmbH Product Version: B&R Industrial Automation GmbH Linux for B&R &lt;=12, B&R Industrial Automation GmbH APROL &lt;APROL-AutoYaST-DVD- V4.4-010.10.260602, B&R Industrial Automation GmbH X20EDS410 /all Product Status: fixed, known_affected Remediations Vendor fix For affected products, softw","link":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-174-06","severity":"critical","cvss":null,"cves":["CVE-2026-31431","CVE-2026-43284","CVE-2026-46333","CVE-2026-46300","CVE-2026-43494"],"exploited":true,"has_exploit":true,"published_at":"2026-06-23T12:00:00+00:00"},{"id":"42f9c426-18d0-484e-b6c9-6f600091e389","num":410,"source_id":"cisa","external_id":"/node/25060","title":"CISA Adds Four Known Exploited Vulnerabilities to Catalog","summary":"CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-67038 Lantronix EDS5000 Code Injection Vulnerability CVE-2026-34908 Ubiquiti UniFi OS Improper Access Control Vulnerability CVE-2026-34909 Ubiquiti UniFi OS Path Traversal Vulnerability CVE-2026-34910 Ubiquiti UniFi OS Improper Input Validation Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk vulnerabilities. BOD 26-04 further establishes basic expectations for when agencies must check whether threat actors compromised the system before the patch was applied. While BOD 26-04 applies only to FCEB agencies, CISA encourages all organizations to adopt risk-based vulnerability management and prioritize remediation of KEV Catalog vulnerabilities . CISA will continue to add vulnerabilities to the catalog that meet the specified criteria . Aware of an exploited vulnerability not currently listed in the KEV Catalog? Submit it for potential addition through CISA’s KEV Nomination Form . Potential KEV additions must have a CVE ID, evidence of exploitation, and clear mitigation guidance.","link":"https://www.cisa.gov/news-events/alerts/2026/06/23/cisa-adds-four-known-exploited-vulnerabilities-catalog","severity":"high","cvss":null,"cves":["CVE-2025-67038","CVE-2026-34908","CVE-2026-34909","CVE-2026-34910"],"exploited":true,"has_exploit":true,"published_at":"2026-06-23T12:00:00+00:00"},{"id":"20ce7156-b2d4-43bd-a1f5-b4447bb9722f","num":2140,"source_id":"cisa-kev","external_id":"CVE-2025-67038","title":"CVE-2025-67038: Lantronix EDS5000 Code Injection Vulnerability","summary":"Lantronix EDS5000 contains a code injection vulnerability that could allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.","link":"https://nvd.nist.gov/vuln/detail/CVE-2025-67038","severity":"critical","cvss":null,"cves":["CVE-2025-67038"],"exploited":true,"has_exploit":true,"published_at":"2026-06-23T00:00:00+00:00"},{"id":"4e816a84-e8b3-4e49-a7c6-f220e42c7d6e","num":1136,"source_id":"cisa-kev","external_id":"CVE-2026-34910","title":"CVE-2026-34910: Ubiquiti UniFi OS Improper Input Validation Vulnerability","summary":"Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injection.","link":"https://nvd.nist.gov/vuln/detail/CVE-2026-34910","severity":"critical","cvss":null,"cves":["CVE-2026-34910"],"exploited":true,"has_exploit":true,"published_at":"2026-06-23T00:00:00+00:00"},{"id":"00dcbdc4-7558-4b1d-9177-75d3d8f47f87","num":1101,"source_id":"cisa-kev","external_id":"CVE-2026-34908","title":"CVE-2026-34908: Ubiquiti UniFi OS Improper Access Control Vulnerability","summary":"Ubiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to the network to make unauthorized changes to the system.","link":"https://nvd.nist.gov/vuln/detail/CVE-2026-34908","severity":"critical","cvss":null,"cves":["CVE-2026-34908"],"exploited":true,"has_exploit":true,"published_at":"2026-06-23T00:00:00+00:00"},{"id":"ad60ad3b-58b8-4499-a71f-a37282f44e1f","num":2145,"source_id":"cisa-kev","external_id":"CVE-2026-34909","title":"CVE-2026-34909: Ubiquiti UniFi OS Path Traversal Vulnerability","summary":"Ubiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that could be manipulated to access an underlying account.","link":"https://nvd.nist.gov/vuln/detail/CVE-2026-34909","severity":"critical","cvss":null,"cves":["CVE-2026-34909"],"exploited":true,"has_exploit":false,"published_at":"2026-06-23T00:00:00+00:00"},{"id":"4ac5f64b-3202-4bde-95cd-defa87504605","num":142981,"source_id":"ghsa","external_id":"GHSA-qrpv-q767-xqq2","title":"GHSA-qrpv-q767-xqq2: Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's Flow","summary":"Summary\n\nInsecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request.\n\nDetails\n\nThe vulnerability exists in the get_flow_by_id_or_endpoint_name helper function in src/backend/base/langflow/helpers/flow.py (lines 399-414).\n\nWhen a flow is accessed via UUID (flow_id), the function queries the database directly without verifying if the authenticated user owns that flow:\n\nsrc/backend/base/langflow/helpers/flow.py:399-414\nasync def get_flow_by_id_or_endpoint_name(flow_id_or_name: str, user_id: str | UUID | None = None) -> FlowRead:\nasync with session_scope() as session:\ntry:\nflow_id = UUID(flow_id_or_name)\nWhen using UUID, query directly WITHOUT checking user_id\nflow = await session.get(Flow, flow_id) # ❌ No user_id check!\nexcept ValueError:\nendpoint_name = flow_id_or_name\nstmt = select(Flow).where(Flow.endpoint_name == endpoint_name)\nOnly when using endpoint_name is user_id checked\nif user_id:\nstmt = stmt.where(Flow.user_id == uuid_user_id)\n\nThis function is used by the /api/v1/responses endpoint (defined in src/backend/base/langflow/api/v1/openai_responses.py:589).\n\nPoC (Proof of Concept)\n\nAttacker (user A) with API_KEY_A tries to execute victim (user B)'s flow\ncurl -X POST \"http://localhost:7860/api/v1/responses\" \\\n-H \"x-api-key: sk-ATTACKER_API_KEY\" \\\n-H \"Content-Type: application/json\" \\\n-d '{\n\"model\": \"VICTIM_FLOW_ID\",\n\"input_value\": \"test\",\n\"stream\": false\n}'\nReturns 200 and executes the victim's flow\n\nImpact\n\nAny authenticated user can:\n1. Execute any flow in the system by knowing its flow ID\n2. Access potentially sensitive data processed by victim's flows\n3. Consume victim's resources\n\nFixes\n\nFixed in PR #12832 (fix(security): close IDOR in get_flow_by_id_or_endpoint_name), merged 2026-04-22, released in Langflow 1.9.1.\n\nThe helper normalizes user_id once and enforces ownership on both lookup branches (UUID","link":"https://github.com/advisories/GHSA-qrpv-q767-xqq2","severity":"high","cvss":8.4,"cves":["CVE-2026-55255"],"exploited":true,"has_exploit":true,"published_at":"2026-06-19T21:16:46+00:00"},{"id":"5ef3902b-94ba-4690-a44d-caff30f9ee92","num":2025,"source_id":"ncsc-nl","external_id":"NCSC-2026-0198 [1.01]","title":"NCSC-2026-0198 [1.01] [M/H] Vulnerabilities fixed in Splunk Enterprise and Splunk Cloud Platform","summary":"Splunk has fixed multiple vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. The vulnerabilities affect various components of Splunk Enterprise and Splunk Cloud Platform. Splunk has assessed the vulnerability with CVE-2026-20253 in the PostgreSQL sidecar service endpoint as critical, allowing unauthenticated users to create or delete arbitrary files due to the lack of authentication controls. Another vulnerability with CVE-2026-20251 concerns Remote Code Execution (RCE) via unsafe deserialization of KV Store data with the 'jsonpickle' Python library, allowing low-privileged users without admin or power roles to execute code remotely. Furthermore, multiple vulnerabilities have been identified that allow sensitive data to be exfiltrated via SSRF, CSS injection, and XSS attacks. Due to insufficient validation of URLs, domains, and user input, attackers can bypass security controls, access internal systems, and exfiltrate data. Update: The Splunk Product Security Incident Response Team (PSIRT) reports that limited and targeted exploitation of the vulnerability with CVE-2026-20253 has been observed. The vulnerability allows a malicious actor to create or delete files, disrupting the operation of the system. As far as known, code execution is not possible.","link":"https://advisories.ncsc.nl/advisory?id=NCSC-2026-0198","severity":"unknown","cvss":null,"cves":["CVE-2026-20253","CVE-2026-20251"],"exploited":true,"has_exploit":true,"published_at":"2026-06-19T12:42:32+00:00"},{"id":"2b8f03eb-cf21-41bb-b77d-75db2b020316","num":19624,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/splunk-security-advisory-av26-586","title":"Splunk security advisory (AV26-586) – Update 1","summary":"Serial number: AV26-586 Date: June 10, 2026 Update: June 18, 2026 On June 10, 2026, Splunk published security advisories to address vulnerabilities in the following products: Splunk SOAR – versions prior to 8.5.0 Splunk Enterprise – multiple versions and platforms Splunk Cloud Platform – multiple versions and platforms Update 1 On June 18, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-20253 to their Known Exploited Vulnerabilities (KEV) Database. The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates. Splunk Security Advisories CISA KEV: CVE-2026-20253","link":"https://cyber.gc.ca/en/alerts-advisories/splunk-security-advisory-av26-586","severity":"unknown","cvss":null,"cves":["CVE-2026-20253"],"exploited":true,"has_exploit":true,"published_at":"2026-06-18T17:15:42+00:00"},{"id":"2e25ea57-28ea-47b8-a568-10e747152784","num":19625,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/al26-014-fortibleed-leak-thousands-compromised-credentials-impacting-fortinet-devices","title":"AL26-014 – FortiBleed leak of thousands of compromised credentials impacting Fortinet devices","summary":"Number: AL26-014 Date: June 18, 2026 Audience This Alert is intended for IT professionals and managers. Purpose An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The Canadian Centre for Cyber Security (\"Cyber Centre\") is also available to provide additional assistance regarding the content of this Alert to recipients as requested. Details On June 17, 2026, the Canadian Centre for Cyber Security (Cyber Centre) became aware of open-source reporting Footnote 1 Footnote 2 Footnote 3 Footnote 4 describing a widespread malicious campaign, known as “FortiBleed,” involving exposed credentials affecting Fortinet firewalls and VPN gateways. Exploitation of these credentials could allow malicious actors to gain remote access to affected devices and connected networks, as well as modify various system settings, including critical security controls. Suggested actions The Cyber Centre strongly recommends that organizations : Inventory all accounts on Fortinet devices, identify unauthorized or suspicious accounts (e.g., forticloud-sync , forticloud-tech ) and disable/remove suspected or unneeded accounts. Restrict access to management interfaces to trusted networks and hosts only. Terminate all active SSL VPN and administrative sessions. Reset passwords for all Fortinet VPN and administrative accounts. Enforce Multi-Factor Authentication (MFA) across all external gateways and admin interfaces. Ensure all Fortinet devices are running the latest firmware. Specifically, check for patches related to CVE-2024-55591 (obtain high privileges) Footnote 5 and, CVE-2025-59718 Footnote 6 and CVE-2025-59719 Footnote 7 (authentication bypass) Footnote 8 . In addition, the Cyber Centre strongly recommends that organizations review and implement the Cyber Centre’s Top 10 IT Security Actions with an emphasis on the following topics Footnote 9 . Consolidate, mon","link":"https://cyber.gc.ca/en/alerts-advisories/al26-014-fortibleed-leak-thousands-compromised-credentials-impacting-fortinet-devices","severity":"critical","cvss":null,"cves":["CVE-2024-55591","CVE-2025-59718","CVE-2025-59719"],"exploited":true,"has_exploit":true,"published_at":"2026-06-18T13:52:14+00:00"},{"id":"6914c904-a624-4e77-afab-45827fc26892","num":1102,"source_id":"cisa-kev","external_id":"CVE-2026-20253","title":"CVE-2026-20253: Splunk Enterprise Missing Authentication for Critical Function Vulnerability","summary":"Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.","link":"https://nvd.nist.gov/vuln/detail/CVE-2026-20253","severity":"critical","cvss":null,"cves":["CVE-2026-20253"],"exploited":true,"has_exploit":true,"published_at":"2026-06-18T00:00:00+00:00"},{"id":"deace2ec-cafa-41b2-828c-1a4c1632dbe2","num":2139,"source_id":"cisco-psirt","external_id":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk","title":"Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability","summary":"A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non -root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk Security Impact Rating: Critical CVE: CVE-2026-20127","link":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Catalyst%20SD-WAN%20Controller%20Authentication%20Bypass%20Vulnerability%26vs_k=1","severity":"critical","cvss":null,"cves":["CVE-2026-20127"],"exploited":true,"has_exploit":true,"published_at":"2026-06-16T17:39:47+00:00"},{"id":"8086ea5a-64e0-4cbb-af60-5a53b9801f48","num":2149,"source_id":"cisco-psirt","external_id":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW","title":"Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability","summary":"May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The Indicators of Compromise section of this advisory includes Show Control Connections guidance to help with system checks. A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to the affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non- root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Important: To preserve possible indicators of compromise, customers should issue the request admin-tech command from each of the control components in the SD-WAN deployment before upgrading. After the admin-tech file has been collected, software should be upgraded at the earliest opportunity. Before upgrading an SD-WAN deployment to a fixed release, retain relevant logs. After upgrading, verify that the system has not been compromised by checking the logs for the indicators of compromise as documented in this advisory. If the logs show indic","link":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Catalyst%20SD-WAN%20Controller%20Authentication%20Bypass%20Vulnerability%26vs_k=1","severity":"high","cvss":null,"cves":["CVE-2026-20182"],"exploited":true,"has_exploit":true,"published_at":"2026-06-16T17:39:46+00:00"},{"id":"52577d43-35cd-4397-bb7f-94a6ed0db747","num":2059,"source_id":"ncsc-nl","external_id":"NCSC-2026-0179 [1.01]","title":"NCSC-2026-0179 [1.01] [H/H] Vulnerabilities fixed in Check Point Remote and Mobile Access VPN products","summary":"Check Point has fixed vulnerabilities in Remote and Mobile Access VPN products, specifically for implementations using the IKEv1 key exchange protocol. Two vulnerabilities have been identified in Check Point Security Gateways and Remote Access VPN environments using the outdated IKEv1 protocol. The vulnerabilities CVE-2026-50751 and CVE-2026-50752 affect VPN authentication and certificate validation. These vulnerabilities allow attackers to gain access to VPN environments without valid authentication. The vulnerability CVE-2026-50751 has been exploited as a zero-day. According to Check Point, ransomware was also deployed in one case following this exploitation. The first detected exploitation dates back to May 7. The IKEv1 protocol is an outdated protocol still used in such implementations. The NCSC-NL expects large-scale exploitation to occur in the near term and urges organizations to follow Check Point's advisory. The NCSC-NL also calls on organizations to check Check Point's IoCs if relevant products using IKEv1 are in use within the organization. UPDATE: Publicly available Proof-of-Concept (PoC) code is now available, increasing the likelihood of exploitation. IOCs 45.77.149[.]152 209.182.225[.]136 38.60.157[.]139 162.33.177[.]101 45.76.26[.]42 144.208.127[.]155 38.54.88[.]201 38.54.107[.]167 66.42.99[.]200 52fda5c1b9704544f32ee98d9060e689 51d39aa39478beeac94f2d12f682ecce","link":"https://advisories.ncsc.nl/advisory?id=NCSC-2026-0179","severity":"unknown","cvss":null,"cves":["CVE-2026-50751","CVE-2026-50752"],"exploited":true,"has_exploit":true,"published_at":"2026-06-16T13:13:03+00:00"},{"id":"9bf8b2fb-ebee-44fb-85e6-0b0d89a252a6","num":1137,"source_id":"cisa-kev","external_id":"CVE-2026-48907","title":"CVE-2026-48907: Widget Factory Joomla Content Editor Improper Access Control Vulnerability","summary":"Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users.","link":"https://nvd.nist.gov/vuln/detail/CVE-2026-48907","severity":"critical","cvss":null,"cves":["CVE-2026-48907"],"exploited":true,"has_exploit":true,"published_at":"2026-06-16T00:00:00+00:00"},{"id":"434d2b1a-0832-4611-8d7d-74d51d832b09","num":1033,"source_id":"cisco-psirt","external_id":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfw-c2rZvQ","title":"Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability","summary":"A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system. A successful exploit could allow the attacker to create or overwrite any file on the underlying operating system. This file could later be used to elevate to root . To exploit this vulnerability, the attacker must have valid credentials with at least write access. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfw-c2rZvQ Security Impact Rating: Medium CVE: CVE-2026-20262","link":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfw-c2rZvQ?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Catalyst%20SD-WAN%20Manager%20Arbitrary%20File%20Write%20Vulnerability%26vs_k=1","severity":"medium","cvss":null,"cves":["CVE-2026-20262"],"exploited":true,"has_exploit":true,"published_at":"2026-06-15T22:00:51+00:00"},{"id":"35c9839f-0665-42b8-844b-731db62ecfd3","num":1146,"source_id":"cisa-kev","external_id":"CVE-2026-54420","title":"CVE-2026-54420: LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability","summary":"LiteSpeed cPanel plugin contains a UNIX symbolic link (Symlink) following vulnerability that could allow a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.","link":"https://nvd.nist.gov/vuln/detail/CVE-2026-54420","severity":"critical","cvss":null,"cves":["CVE-2026-54420"],"exploited":true,"has_exploit":true,"published_at":"2026-06-15T00:00:00+00:00"},{"id":"85d9721d-49bc-49dd-ab88-db2164228349","num":1147,"source_id":"cisa-kev","external_id":"CVE-2026-20262","title":"CVE-2026-20262: Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability","summary":"Cisco Catalyst SD-WAN Manager contains a directory or path traversal vulnerability that could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system.","link":"https://nvd.nist.gov/vuln/detail/CVE-2026-20262","severity":"critical","cvss":null,"cves":["CVE-2026-20262"],"exploited":true,"has_exploit":true,"published_at":"2026-06-15T00:00:00+00:00"},{"id":"ba2f921a-4d39-437d-8e89-7ac5b6382bfb","num":2154,"source_id":"cisco-psirt","external_id":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-4uxFrdzx","title":"Cisco Catalyst SD-WAN Controller, Catalyst SD-WAN Manager, and Catalyst SD-WAN Validator Authenticated Privilege Escalation Vulnerability","summary":"A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator , formerly SD-WAN vBond, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by uploading a crafted file to the affected system. A successful exploit could allow the attacker to perform command injection attacks on an affected system and elevate their privileges as the root user. To exploit this vulnerability, the attacker must have netadmin privileges on the affected system. This would require valid credentials or exploitation of CVE-2026-20182 or CVE-2026-20127 . Cisco is not aware of successful exploitation by other methods. Cisco has observed limited cases where the exploitation of this bug resulted in a configuration change pushed to edge devices. Cisco recommends that customers upgrade to the fixed software that is documented in the Catalyst SD-WAN Security Advisory that was published on May 14, 2026, and verify the configuration of the edge devices. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Important: To preserve possible indicators of compromise, customers should issue the request admin-tech command from each of the control components in the SD-WAN deployment before upgrading. After the admin-tech file has been collected, software should be upgraded at the earliest opportunity. Before upgrading an SD-WAN deployment to a fixed release, retain relevant logs. After upgrading, verify that the system has not been compromised by checking the logs for the indicators of compromise as documented in this advisory. If the logs show indicators of compromise and the system is confirmed to be compromised, apply","link":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-4uxFrdzx?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Catalyst%20SD-WAN%20Controller,%20Catalyst%20SD-WAN%20Manager,%20and%20Catalyst%20SD-WAN%20Validator%20Authenticated%20Privilege%20Escalation%20Vulnerability%26vs_k=1","severity":"unknown","cvss":null,"cves":["CVE-2026-20182","CVE-2026-20127","CVE-2026-20245"],"exploited":true,"has_exploit":true,"published_at":"2026-06-12T20:36:49+00:00"},{"id":"4ef0fce1-016a-4b67-a533-8f289a389811","num":1830,"source_id":"ncsc-nl","external_id":"NCSC-2026-0195 [1.00]","title":"NCSC-2026-0195 [1.00] [M/H] Vulnerability fixed in Oracle PeopleSoft Enterprise PeopleTools","summary":"Oracle has fixed a vulnerability in Oracle PeopleSoft Enterprise PeopleTools versions 8.61 and 8.62. The vulnerability allows unauthenticated attackers to exploit the system remotely via HTTP. This can lead to remote code execution, potentially resulting in full system takeover. The vulnerability affects Oracle PeopleSoft Enterprise PeopleTools and is particularly exploitable when the PeopleSoft Environment Management Hub (PSEMHUB) is accessible from the internet. It is common to make such management components accessible only through internal networks or a VPN. Google CTI reports that this vulnerability has been exploited as a zero-day since at least May 27.","link":"https://advisories.ncsc.nl/advisory?id=NCSC-2026-0195","severity":"unknown","cvss":null,"cves":["CVE-2026-35273"],"exploited":true,"has_exploit":true,"published_at":"2026-06-12T07:25:07+00:00"},{"id":"e6f84de6-9403-465a-8618-73fda66b54b4","num":1152,"source_id":"cisa-kev","external_id":"CVE-2026-35273","title":"CVE-2026-35273: Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability","summary":"Oracle PeopleSoft Enterprise PeopleTools contains a missing authentication for critical function vulnerability which could allow an unauthenticated attacker to obtain takeover of PeopleSoft Enterprise PeopleTools.","link":"https://nvd.nist.gov/vuln/detail/CVE-2026-35273","severity":"critical","cvss":null,"cves":["CVE-2026-35273"],"exploited":true,"has_exploit":true,"published_at":"2026-06-12T00:00:00+00:00"},{"id":"94254d48-34ce-47a0-a882-91e97f16298f","num":239,"source_id":"cisa-kev","external_id":"CVE-2026-10520","title":"CVE-2026-10520: Ivanti Sentry OS Command Injection Vulnerability","summary":"Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution. This vulnerability can be successfully exploited in cases where the Sentry appliance is in an unmanaged state with its endpoints externally reachable. The use of mTLS with EPMM or restricted HTTPS access through Neurons for MDM makes interfaces inaccessible to external actors.","link":"https://nvd.nist.gov/vuln/detail/CVE-2026-10520","severity":"critical","cvss":null,"cves":["CVE-2026-10520"],"exploited":true,"has_exploit":true,"published_at":"2026-06-11T00:00:00+00:00"}]}