Analyst Guidance
Three verified CVEs dominated this week's reporting: one actively exploited Linux kernel vulnerability (CVE-2022-0492) now in CISA's Known Exploited Vulnerabilities catalog, one proof-of-concept released for Cisco Unified Communications Manager (CVE-2026-20230), and. Organizations should prioritize patching the Cisco SSRF flaw immediately given public PoC availability, and apply kernel security updates to mitigate the Linux privilege escalation.
CVE Details & Remediation
How to read this report
🛡️Verified facts — NVD & CISA KEV
⏳Partially verified — awaiting NVD enrichment
🧠AI analysis — synthesis, verify before acting
🛡️Actionable · Verified facts
NVD-published · CISA KEV cross-checked🛡️CVE-2026-45247 – Mirasvit Full Page Cache Warmer ✓ NVD
CVSS9.8 NVD 3.1
StatusActive Exploit
Exploitation⚠️ In the wild 🔥 In CISA KEV
EPSS6% · P91
ActionPatch immediately
Remediation Steps
- Contact the vendor for patch availability and deployment instructions
- Review CISA Known Exploited Vulnerabilities catalog entry for product-specific mitigations
- Assess exposure of affected systems in your environment
- Plan deployment within security change management procedures
References:
🛡️CVE-2026-39987 – Marimo ✓ NVD
CVSS9.8 NVD 3.1
StatusActive Exploit
Exploitation⚠️ In the wild 🔥 In CISA KEV
EPSS81% · P99
ActionPatch immediately
AffectedTechnology
Remediation Steps
- Apply the vendor patch for Marimo immediately
- Audit internet-exposed Marimo notebook instances and restrict access to trusted networks
- Review access logs for unauthorized changes to notebooks or credential extraction
- Rotate all cloud credentials and API keys stored in or accessible via Marimo instances
- Implement network segmentation to isolate notebook environments from sensitive systems
References:
🛡️CVE-2026-48172 – Litespeedtech Litespeed Cpanel Plugin ✓ NVD
CVSS9.8 NVD 3.1
StatusActive Exploit
Exploitation⚠️ In the wild 🔥 In CISA KEV
EPSS8% · P92
ActionPatch immediately
Remediation Steps
- Apply the latest security patch from LiteSpeed for the cPanel Plugin immediately
- Verify that only authorized cPanel users have access to affected systems
- Review system logs for evidence of exploitation or unauthorized script execution
- Restrict cPanel administrative access to trusted networks where feasible
References:
🛡️CVE-2026-9082 – Drupal Drupal ✓ NVD
CVSS9.8 NVD 3.1
StatusActive Exploit
Exploitation⚠️ In the wild 🔥 In CISA KEV
EPSS8% · P92
ActionPatch immediately
Remediation Steps
- Update all supported Drupal Core versions to the latest patched release immediately
- Review database query logs for evidence of SQL injection attempts
- Ensure database user accounts are restricted to minimum required privileges
- Monitor for malicious activity on systems running affected Drupal versions
References:
🛡️CVE-2026-0257 – Paloaltonetworks Pan-Os ✓ NVD
CVSS9.1 NVD 3.1
StatusActive Exploit
Exploitation⚠️ In the wild 🔥 In CISA KEV
EPSS46% · P98
ActionPatch immediately
AffectedGovernment Technology Finance Transportation
Remediation Steps
- Apply the vendor security update for Paloaltonetworks Pan-Os as a priority.
- Restrict network exposure of the affected service to trusted sources until patched.
- Review logs and detections for indicators of exploitation.
- Confirm fixed versions against the official vendor advisory before deploying.
References:
🛡️CVE-2025-8088 – Rarlab Winrar ✓ NVD
CVSS8.8 NVD 3.1
StatusActive Exploit
Exploitation⚠️ In the wild 🔥 In CISA KEV
EPSS11% · P93
ActionPatch immediately
AffectedTechnology Government
Remediation Steps
- Apply the vendor security update for Rarlab Winrar as a priority.
- Restrict network exposure of the affected service to trusted sources until patched.
- Review logs and detections for indicators of exploitation.
- Confirm fixed versions against the official vendor advisory before deploying.
References:
🛡️CVE-2025-48595 – Google Android ✓ NVD
CVSS8.4 NVD 3.1
StatusActive Exploit
Exploitation⚠️ In the wild 🔥 In CISA KEV
EPSS0% · P61
ActionPatch immediately
AffectedTechnology Government
Remediation Steps
- Apply the vendor security update for Google Android as a priority.
- Restrict network exposure of the affected service to trusted sources until patched.
- Review logs and detections for indicators of exploitation.
- Confirm fixed versions against the official vendor advisory before deploying.
References:
🛡️CVE-2022-0492 – Linux Kernel ✓ NVD
CVSS7.8 NVD 3.1
StatusActive Exploit
Exploitation⚠️ In the wild 🔥 In CISA KEV
EPSS29% · P97
ActionPatch immediately
AffectedTechnology Government
Remediation Steps
- Apply the latest Linux kernel security updates from your distribution
- Prioritize systems exposed to untrusted local users
- Verify kernel version post-patch to confirm remediation
- Test in non-production environments before deploying to critical systems
References:
🛡️CVE-2024-21182 – Oracle Weblogic Server ✓ NVD
CVSS7.5 NVD 3.1
StatusActive Exploit
Exploitation⚠️ In the wild 🔥 In CISA KEV
EPSS90% · P100
ActionPatch immediately
AffectedTechnology Government
Remediation Steps
- Apply the vendor security update for Oracle Weblogic Server as a priority.
- Restrict network exposure of the affected service to trusted sources until patched.
- Review logs and detections for indicators of exploitation.
- Confirm fixed versions against the official vendor advisory before deploying.
References:
🛡️CVE-2026-8206 – WordPress Kirki Plugin ✓ NVD
CVSS9.8 NVD 3.1
StatusUnder Review
ExploitationNo exploitation reported
EPSS0% · P30
ActionPatch within 48 hours
AffectedTechnology Government
Remediation Steps
- Apply the vendor security update for WordPress Kirki Plugin as a priority.
- Restrict network exposure of the affected service to trusted sources until patched.
- Review logs and detections for indicators of exploitation.
- Confirm fixed versions against the official vendor advisory before deploying.
References:
🛡️CVE-2026-8732 – WP Maps Pro (WordPress plugin) ✓ NVD
CVSS9.8 NVD 3.1
StatusUnder Review
ExploitationNo exploitation reported
EPSS0% · P27
ActionPatch within 48 hours
AffectedTechnology Government
Remediation Steps
- Apply the vendor security update for WP Maps Pro (WordPress plugin) as a priority.
- Restrict network exposure of the affected service to trusted sources until patched.
- Review logs and detections for indicators of exploitation.
- Confirm fixed versions against the official vendor advisory before deploying.
References:
🛡️CVE-2026-41089 – Microsoft Windows Server 2012 ✓ NVD
CVSS9.8 NVD 3.1
StatusUnder Review
ExploitationNo exploitation reported
EPSS0% · P26
ActionPatch within 48 hours
AffectedTechnology Government
Remediation Steps
- Apply the vendor security update for Microsoft Windows Server 2012 as a priority.
- Restrict network exposure of the affected service to trusted sources until patched.
- Review logs and detections for indicators of exploitation.
- Confirm fixed versions against the official vendor advisory before deploying.
References:
🛡️CVE-2026-20230 – Cisco Unified Communications Manager ✓ NVD
CVSS8.6 NVD 3.1
StatusPoC Available
Exploitation🧪 PoC published
EPSS0% · P5
ActionPatch within 48 hours
AffectedTechnology
Remediation Steps
- Apply the vendor patch from Cisco PSIRT immediately
- Restrict network access to Unified Communications Manager to trusted internal networks only
- Monitor for authentication logs indicating unauthorized file write attempts
- Validate systems are running patched versions before re-enabling external access
References:
🛡️CVE-2026-23479 – Redis Redis ✓ NVD
CVSS8.8 NVD 3.1
StatusUnder Review
ExploitationNo exploitation reported
EPSS0% · P28
ActionPatch this week
AffectedTechnology Energy Government
Remediation Steps
- Apply the vendor security update for Redis as a priority.
- Restrict network exposure of the affected service to trusted sources until patched.
- Review logs and detections for indicators of exploitation.
- Confirm fixed versions against the official vendor advisory before deploying.
References:
🤖 This vulnerability report was compiled by defend.network using AI-powered analysis of vulnerability databases, vendor advisories, and threat intelligence feeds. Always verify remediation steps through official vendor channels before implementing changes in production environments.