Week 28, 2026 — Jul 6 – Jul 12, 2026
Everything the 24 aggregated CERT, PSIRT and vulnerability-database feeds published in this ISO week so far, condensed: what was added to the CISA KEV catalog, which advisories matter most and which products were hit. Daily detail lives in the daily briefings.
Added to the CISA KEV catalog
- criticalCVE-2026-56291added 2026-07-10 · CVSS 9.8
- criticalCVE-2026-48939added 2026-07-10 · public exploit code
- criticalCVE-2026-56290added 2026-07-07 · CVSS 9.8 · public exploit code
- criticalCVE-2026-55255added 2026-07-07 · public exploit code
- criticalCVE-2026-48282added 2026-07-07 · CVSS 10 · public exploit code
- criticalCVE-2026-48908added 2026-07-07 · public exploit code
Notable advisories
CVE-2026-56291: Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability
CVE-2026-48939: iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability
Adobe security advisory (AV26-647) – Update 2
CVE-2026-55255: Langflow Authorization Bypass Through User-Controlled Key Vulnerability
CVE-2026-48908: JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability
CVE-2026-48282: Adobe ColdFusion Path Traversal Vulnerability
CVE-2026-56290: Joomlack Page Builder Improper Access Control Vulnerability
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog
USN-8528-1: Linux kernel (Xilinx ZynqMP) vulnerabilities
Most-affected products
Volume by source
Other weeks
Don't wait a week. The daily briefing lands in your inbox every morning after 06:00 UTC — subscribe free, or watch specific products for instant advisory alerts.