Week 27, 2026 — Jun 29 – Jul 5, 2026
Everything the 24 aggregated CERT, PSIRT and vulnerability-database feeds published in this ISO week, condensed: what was added to the CISA KEV catalog, which advisories matter most and which products were hit. Daily detail lives in the daily briefings.
Added to the CISA KEV catalog
- criticalCVE-2026-45659added 2026-07-01 · public exploit code
- criticalCVE-2026-48558added 2026-06-29 · public exploit code
Notable advisories
Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability
CVE-2026-45659: Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability
CVE-2026-48558: SimpleHelp Authentication Bypass Vulnerability
[UPDATE] [high] Apache HTTP Server: Multiple vulnerabilities
CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog
SimpleHelp security advisory (AV26-642)
CVE-2026-57100: Microsoft Entra Provisioning Service Elevation of Privilege Vulnerability
CVE-2026-45499: Azure OpenAI Elevation of Privilege Vulnerability
CVE-2026-10536: HTTP/2 stream-dependency tree UAF
CVE-2026-38968: ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak time-seeded pseudo-randomness during session creation. As a result, fresh authenticated logins can receive deterministic or colliding session cookies under attacker-controlled timing.
Most-affected products
Volume by source
Other weeks
Don't wait a week. The daily briefing lands in your inbox every morning after 06:00 UTC — subscribe free, or watch specific products for instant advisory alerts.