← Back to Vulnerability Reports

Vulnerability Priority Report – Week 1 of June 2026

📅 June 1 – 7🟢 Live · updated 2026-06-0616 CVEs tracked this week

Analyst Guidance

This week saw five verified CVEs with active exploitation or proof-of-concept code released. SolarWinds Serv-U (CVE-2026-28318), Cisco Unified CM (CVE-2026-20230), and Cisco Catalyst SD-WAN Manager (CVE-2026-20245) all show active or imminent exploitation risk. WordPress plugin vulnerability CVE-2026-3300 is under active exploitation with arbitrary code execution capability. Linux kernel CVE-2022-0492 has also been added to the CISA Known Exploited Vulnerabilities catalog, indicating confirmed active attacks in the wild.

CVE Details & Remediation

How to read this report
Verified facts — NVD & CISA KEV Partially verified — awaiting NVD enrichment AI analysis — synthesis, verify before acting
Actionable · Verified facts
NVD-published · CISA KEV cross-checked

🛡️CVE-2026-45247 – Mirasvit Full Page Cache Warmer ✓ NVD

CVSS9.8 NVD 3.1
StatusActive Exploit
Exploitation In the wild In CISA KEV ↻ Ongoing ★ Added to KEV this week
EPSS6% · P91
ActionPatch immediately

Remediation Steps

  1. Contact the vendor for patch availability and deployment instructions
  2. Review CISA Known Exploited Vulnerabilities catalog entry for product-specific mitigations
  3. Assess exposure of affected systems in your environment
  4. Plan deployment within security change management procedures

References:

🛡️CVE-2026-48172 – Litespeedtech Litespeed Cpanel Plugin ✓ NVD

CVSS9.8 NVD 3.1
StatusActive Exploit
Exploitation In the wild In CISA KEV ↻ Ongoing
EPSS8% · P92
ActionPatch immediately

Remediation Steps

  1. Apply the latest security patch from LiteSpeed for the cPanel Plugin immediately
  2. Verify that only authorized cPanel users have access to affected systems
  3. Review system logs for evidence of exploitation or unauthorized script execution
  4. Restrict cPanel administrative access to trusted networks where feasible

References:

🛡️CVE-2026-9082 – Drupal Drupal ✓ NVD

CVSS9.8 NVD 3.1
StatusActive Exploit
Exploitation In the wild In CISA KEV ↻ Ongoing
EPSS8% · P92
ActionPatch immediately

Remediation Steps

  1. Update all supported Drupal Core versions to the latest patched release immediately
  2. Review database query logs for evidence of SQL injection attempts
  3. Ensure database user accounts are restricted to minimum required privileges
  4. Monitor for malicious activity on systems running affected Drupal versions

References:

🛡️CVE-2026-0257 – Paloaltonetworks Pan-Os ✓ NVD

CVSS9.1 NVD 3.1
StatusActive Exploit
Exploitation In the wild In CISA KEV ● New this week
EPSS48% · P98
ActionPatch immediately
AffectedGovernment Technology Finance Transportation

Remediation Steps

  1. Apply the vendor security update for Paloaltonetworks Pan-Os as a priority.
  2. Restrict network exposure of the affected service to trusted sources until patched.
  3. Review logs and detections for indicators of exploitation.
  4. Confirm fixed versions against the official vendor advisory before deploying.

References:

🛡️CVE-2025-8088 – Rarlab Winrar ✓ NVD

CVSS8.8 NVD 3.1
StatusActive Exploit
Exploitation In the wild In CISA KEV ● New this week
EPSS11% · P93
ActionPatch immediately
AffectedTechnology Government

Remediation Steps

  1. Apply the vendor security update for Rarlab Winrar as a priority.
  2. Restrict network exposure of the affected service to trusted sources until patched.
  3. Review logs and detections for indicators of exploitation.
  4. Confirm fixed versions against the official vendor advisory before deploying.

References:

🛡️CVE-2025-48595 – Google Android ✓ NVD

CVSS8.4 NVD 3.1
StatusActive Exploit
Exploitation In the wild In CISA KEV ● New this week ★ Added to KEV this week
EPSS0% · P61
ActionPatch immediately
AffectedTechnology Government

Remediation Steps

  1. Apply the vendor security update for Google Android as a priority.
  2. Restrict network exposure of the affected service to trusted sources until patched.
  3. Review logs and detections for indicators of exploitation.
  4. Confirm fixed versions against the official vendor advisory before deploying.

References:

🛡️CVE-2022-0492 – Netapp H300s Firmware ✓ NVD

CVSS7.8 NVD 3.1
StatusActive Exploit
Exploitation In the wild In CISA KEV ★ Added to KEV this week
EPSS29% · P97
ActionPatch immediately
AffectedTechnology Government

Remediation Steps

  1. Update Linux kernel to a patched version as provided by your distribution
  2. Schedule a maintenance window for kernel patching and system reboot
  3. Verify successful kernel update via 'uname -r' command
  4. Monitor kernel logs for suspicious cgroup namespace activity

References:

🛡️CVE-2026-28318 – Solarwinds Serv-U ✓ NVD

CVSS7.5 NVD 3.1
StatusActive Exploit
Exploitation In the wild In CISA KEV ★ Added to KEV this week
EPSS0% · P20
ActionPatch immediately
AffectedTechnology

Remediation Steps

  1. Apply the SolarWinds Serv-U security patch immediately
  2. Verify successful patch installation before resuming service
  3. Monitor system logs for signs of exploitation attempts
  4. Review SolarWinds official security advisory for version-specific guidance

References:

🛡️CVE-2024-21182 – Oracle Weblogic Server ✓ NVD

CVSS7.5 NVD 3.1
StatusActive Exploit
Exploitation In the wild In CISA KEV ● New this week ★ Added to KEV this week
EPSS90% · P100
ActionPatch immediately
AffectedTechnology Government

Remediation Steps

  1. Apply the vendor security update for Oracle Weblogic Server as a priority.
  2. Restrict network exposure of the affected service to trusted sources until patched.
  3. Review logs and detections for indicators of exploitation.
  4. Confirm fixed versions against the official vendor advisory before deploying.

References:

🛡️CVE-2026-3300 – Everest Forms Pro WordPress Plugin ✓ NVD

CVSS9.8 NVD 3.1
StatusActive Exploit
ExploitationNo exploitation reported ● New this week
EPSS0% · P55
ActionPatch within 48 hours
AffectedTechnology

Remediation Steps

  1. Update Everest Forms Pro to version 1.9.13 or later immediately
  2. If unable to patch immediately, disable the plugin
  3. Audit site logs for unauthorized file uploads or code execution
  4. Scan site for backdoors or web shells left by attackers

References:

🛡️CVE-2026-8206 – WordPress Kirki Plugin ✓ NVD

CVSS9.8 NVD 3.1
StatusUnder Review
ExploitationNo exploitation reported ● New this week
EPSS0% · P30
ActionPatch within 48 hours
AffectedTechnology Government

Remediation Steps

  1. Apply the vendor security update for WordPress Kirki Plugin as a priority.
  2. Restrict network exposure of the affected service to trusted sources until patched.
  3. Review logs and detections for indicators of exploitation.
  4. Confirm fixed versions against the official vendor advisory before deploying.

References:

🛡️CVE-2026-8732 – WP Maps Pro (WordPress plugin) ✓ NVD

CVSS9.8 NVD 3.1
StatusUnder Review
ExploitationNo exploitation reported ● New this week
EPSS0% · P27
ActionPatch within 48 hours
AffectedTechnology Government

Remediation Steps

  1. Apply the vendor security update for WP Maps Pro (WordPress plugin) as a priority.
  2. Restrict network exposure of the affected service to trusted sources until patched.
  3. Review logs and detections for indicators of exploitation.
  4. Confirm fixed versions against the official vendor advisory before deploying.

References:

🛡️CVE-2026-41089 – Microsoft Windows Server 2012 ✓ NVD

CVSS9.8 NVD 3.1
StatusUnder Review
ExploitationNo exploitation reported ● New this week
EPSS0% · P26
ActionPatch within 48 hours
AffectedTechnology Government

Remediation Steps

  1. Apply the vendor security update for Microsoft Windows Server 2012 as a priority.
  2. Restrict network exposure of the affected service to trusted sources until patched.
  3. Review logs and detections for indicators of exploitation.
  4. Confirm fixed versions against the official vendor advisory before deploying.

References:

🛡️CVE-2026-20230 – Cisco Unified Communications Manager ✓ NVD

CVSS8.6 NVD 3.1
StatusPoC Available
Exploitation PoC published ● New this week
EPSS0% · P5
ActionPatch within 48 hours
AffectedTechnology Government

Remediation Steps

  1. Apply Cisco Unified CM security patch when available
  2. Restrict network access to the Unified CM management interface to trusted administrative networks only
  3. Monitor logs for suspicious SSRF requests or file write operations

References:

🛡️CVE-2026-23479 – Redis ✓ NVD

CVSS8.8 NVD 3.1
StatusUnder Review
ExploitationNo exploitation reported ● New this week
EPSS0% · P28
ActionPatch this week
AffectedTechnology Energy Government

Remediation Steps

  1. Apply the vendor security update for Redis as a priority.
  2. Restrict network exposure of the affected service to trusted sources until patched.
  3. Review logs and detections for indicators of exploitation.
  4. Confirm fixed versions against the official vendor advisory before deploying.

References:

🛡️CVE-2026-20245 – Cisco Catalyst SD-WAN Manager ✓ NVD

CVSS7.8 NVD 3.1
StatusActive Exploit
ExploitationNo exploitation reported
EPSS0% · P24
ActionPatch this week
AffectedTechnology Government

Remediation Steps

  1. Check Cisco PSIRT for available security updates immediately upon release
  2. Apply the patch as soon as vendor makes it available
  3. Restrict network access to the SD-WAN Manager to trusted administrative networks
  4. Monitor for unauthorized privilege escalation attempts in logs

References:

🤖 This vulnerability report was compiled by defend.network using AI-powered analysis of vulnerability databases, vendor advisories, and threat intelligence feeds. Always verify remediation steps through official vendor channels before implementing changes in production environments.

Get Vulnerability Priority Updates

Subscribe free and stay on top of critical patches.