← Back to Vulnerability Reports

Vulnerability Priority Report – Week 3 of June 2026

📅 June 15 – 21🟢 Live · updated 2026-06-1516 CVEs tracked this week

Analyst Guidance

Organizations should prioritize patching these vulnerabilities immediately, particularly Oracle and Ivanti products which are actively being exploited in the wild. Additionally, multiple OT/IoT advisories covering Yarbo, Naxclow, Brickcom, and Schneider Electric infrastructure warrant urgent security review for internet-connected and operational technology environments.

CVE Details & Remediation

How to read this report
Verified facts — NVD & CISA KEV Partially verified — awaiting NVD enrichment AI analysis — synthesis, verify before acting
Actionable · Verified facts
NVD-published · CISA KEV cross-checked

🛡️CVE-2026-10520 – Ivanti Sentry ✓ NVD

CVSS10 NVD 3.1
Triage statusActive Exploit
Exploitation In the wild In CISA KEV
EPSS43% · P98
ActionPatch immediately

Remediation Steps

  1. Apply the latest Ivanti Sentry OS security patch
  2. Review command execution logs for unauthorized activity
  3. Restrict inbound access to Ivanti Sentry administration interfaces to trusted IP ranges

References:

🛡️CVE-2026-35273 – Oracle PeopleSoft Enterprise PeopleTools ✓ NVD

CVSS9.8 NVD 3.1
Triage statusActive Exploit
Exploitation In the wild In CISA KEV
EPSS20% · P96
ActionPatch immediately

Remediation Steps

  1. Apply the latest Oracle PeopleSoft Enterprise security patch
  2. Review access logs for signs of exploitation
  3. Restrict network access to PeopleSoft management interfaces to trusted networks only

References:

🛡️CVE-2026-45247 – Mirasvit Full Page Cache Warmer ✓ NVD

CVSS9.8 NVD 3.1
Triage statusActive Exploit
Exploitation In the wild In CISA KEV ↻ Ongoing
EPSS6% · P91
ActionPatch immediately

Remediation Steps

  1. Consult CISA Known Exploited Vulnerabilities catalog entry for full product and version details
  2. Apply vendor security patch
  3. Verify patch deployment across affected systems
  4. Review security logs for evidence of exploitation

References:

🛡️CVE-2026-48172 – LiteSpeed CPanel Plugin ✓ NVD

CVSS9.8 NVD 3.1
Triage statusActive Exploit
Exploitation In the wild In CISA KEV ↻ Ongoing
EPSS8% · P92
ActionPatch immediately

Remediation Steps

  1. Apply the latest security patch from LiteSpeed for the cPanel Plugin immediately
  2. Verify that only authorized cPanel users have access to affected systems
  3. Review system logs for evidence of exploitation or unauthorized script execution
  4. Restrict cPanel administrative access to trusted networks where feasible

References:

🛡️CVE-2026-9082 – Drupal Core ✓ NVD

CVSS9.8 NVD 3.1
Triage statusActive Exploit
Exploitation In the wild In CISA KEV ↻ Ongoing
EPSS13% · P94
ActionPatch immediately

Remediation Steps

  1. Update all supported Drupal Core versions to the latest patched release immediately
  2. Review database query logs for evidence of SQL injection attempts
  3. Ensure database user accounts are restricted to minimum required privileges
  4. Monitor for malicious activity on systems running affected Drupal versions

References:

🛡️CVE-2026-50751 – Check Point Security Gateway ✓ NVD

CVSS9.3 NVD 3.1
Triage statusActive Exploit
Exploitation In the wild In CISA KEV ↻ Ongoing
EPSS14% · P94
ActionPatch immediately
AffectedTechnology Finance Government Defense

Remediation Steps

  1. Apply the vendor security update for Check Point Remote Access VPN / Mobile Access as a priority.
  2. Restrict network exposure of the affected service to trusted sources until patched.
  3. Review logs and detections for indicators of exploitation.
  4. Confirm fixed versions against the official vendor advisory before deploying.

References:

🛡️CVE-2026-0257 – Palo Alto Networks PAN-OS ✓ NVD

CVSS9.1 NVD 3.1
Triage statusActive Exploit
Exploitation In the wild In CISA KEV ↻ Ongoing
EPSS60% · P98
ActionPatch immediately
AffectedGovernment Technology Finance Transportation

Remediation Steps

  1. Apply the vendor security update for Paloaltonetworks Pan-Os as a priority.
  2. Restrict network exposure of the affected service to trusted sources until patched.
  3. Review logs and detections for indicators of exploitation.
  4. Confirm fixed versions against the official vendor advisory before deploying.

References:

🛡️CVE-2026-42271 – BerriAI LiteLLM ✓ NVD

CVSS8.8 NVD 3.1
Triage statusActive Exploit
Exploitation In the wild In CISA KEV ↻ Ongoing
EPSS61% · P98
ActionPatch immediately

Remediation Steps

  1. Check CISA's Known Exploited Vulnerabilities catalog for product-specific guidance
  2. Contact vendor for available security patches
  3. Apply patch or implement recommended mitigations from vendor advisory
  4. Verify patch installation and monitor for indicators of active exploitation

References:

🛡️CVE-2026-11645 – Google Chromium V8 ✓ NVD

CVSS8.8 NVD 3.1
Triage statusActive Exploit
Exploitation In the wild In CISA KEV ↻ Ongoing
EPSS6% · P91
ActionPatch immediately

Remediation Steps

  1. Update Google Chrome to version 149.0.7827.103 or later
  2. Enable automatic updates to receive future security patches promptly
  3. Check for and remove any suspicious browser extensions
  4. Clear browser cache and temporary files after patching

References:

🛡️CVE-2025-48595 – Android Framework ✓ NVD

CVSS8.4 NVD 3.1
Triage statusActive Exploit
Exploitation In the wild In CISA KEV ↻ Ongoing
EPSS1% · P68
ActionPatch immediately
AffectedTechnology Government

Remediation Steps

  1. Apply the vendor security update for Google Android as a priority.
  2. Restrict network exposure of the affected service to trusted sources until patched.
  3. Review logs and detections for indicators of exploitation.
  4. Confirm fixed versions against the official vendor advisory before deploying.

References:

🛡️CVE-2026-20245 – Cisco Catalyst SD-WAN Manager ✓ NVD

CVSS7.8 NVD 3.1
Triage statusActive Exploit
Exploitation In the wild In CISA KEV ↻ Ongoing
EPSS<1% · P58
ActionPatch immediately
AffectedTechnology Defense

Remediation Steps

  1. Apply the vendor security update for Cisco as a priority.
  2. Restrict network exposure of the affected service to trusted sources until patched.
  3. Review logs and detections for indicators of exploitation.
  4. Confirm fixed versions against the official vendor advisory before deploying.

References:

🛡️CVE-2022-0492 – Linux Kernel ✓ NVD

CVSS7.8 NVD 3.1
Triage statusActive Exploit
Exploitation In the wild In CISA KEV ↻ Ongoing
EPSS27% · P97
ActionPatch immediately
AffectedTechnology Government Energy

Remediation Steps

  1. Identify Linux systems running vulnerable kernel versions
  2. Apply the latest stable kernel update from your distribution's repository
  3. Reboot systems to activate patched kernel
  4. Verify kernel version post-reboot using 'uname -r'
  5. Prioritize kernel patching for systems exposed to untrusted local users or containers

References:

🛡️CVE-2026-28318 – SolarWinds Serv-U ✓ NVD

CVSS7.5 NVD 3.1
Triage statusActive Exploit
Exploitation In the wild In CISA KEV ↻ Ongoing
EPSS6% · P91
ActionPatch immediately

Remediation Steps

  1. Check CISA's Known Exploited Vulnerabilities catalog for product-specific guidance
  2. Contact vendor for available security patches
  3. Apply patch or implement recommended mitigations from vendor advisory
  4. Verify patch installation and monitor for indicators of active exploitation

References:

🛡️CVE-2024-21182 – Oracle WebLogic Server ✓ NVD

CVSS7.5 NVD 3.1
Triage statusActive Exploit
Exploitation In the wild In CISA KEV ↻ Ongoing
EPSS90% · P100
ActionPatch immediately
AffectedTechnology Government

Remediation Steps

  1. Apply the vendor security update for Oracle Weblogic Server as a priority.
  2. Restrict network exposure of the affected service to trusted sources until patched.
  3. Review logs and detections for indicators of exploitation.
  4. Confirm fixed versions against the official vendor advisory before deploying.

References:

🛡️CVE-2026-7473 – Arista Extensible Operating System ✓ NVD

CVSS5.8 NVD 3.1
Triage statusActive Exploit
Exploitation In the wild In CISA KEV
EPSS27% · P97
ActionPatch immediately

Remediation Steps

  1. Apply the latest Arista EOS security update from the vendor
  2. Monitor network devices for suspicious configuration changes
  3. Restrict administrative access to Arista devices via SSH and API

References:

🛡️CVE-2026-20253 – Splunk Enterprise ✓ NVD

CVSS9.8 NVD 3.1
Triage statusNo Known Exploit
ExploitationNo exploitation reported ● New this week
EPSS<1% · P21
ActionPatch within 48 hours

Remediation Steps

  1. Upgrade Splunk Enterprise to version 10.2.4 or 10.0.7 or later
  2. Review Splunk audit logs for evidence of unauthenticated file operations
  3. Restrict network access to Splunk instances to trusted networks
  4. Disable internet-facing Splunk access where possible

References:

🤖 This vulnerability report was compiled by defend.network using AI-powered analysis of vulnerability databases, vendor advisories, and threat intelligence feeds. Always verify remediation steps through official vendor channels before implementing changes in production environments.

Get Vulnerability Priority Updates

Subscribe free and stay on top of critical patches.