← Back to Vulnerability Reports

Vulnerability Priority Report – Week 4 of June 2026

📅 June 22 – 28🟢 Live · updated 2026-06-2219 CVEs tracked this week

Analyst Guidance

This week's verified CVE coverage is limited to two vulnerabilities with explicit identifiers: and CVE-2026-4020 (Gravity SMTP WordPress plugin), a medium-severity information disclosure flaw currently under active exploitation by threat actors. OT/ICS advisories from CISA cover multiple vulnerabilities in AzeoTech DAQFactory, Apollo Pharmacy monitoring systems, Mitsubishi Electric MELSEC controllers, and Rockwell Automation products, but lack explicit CVE IDs in the available summaries. Security teams should prioritize patching Splunk immediately and address the Gravity SMTP vulnerability across WordPress deployments within 48 hours.

CVE Details & Remediation

How to read this report
Verified facts — NVD & CISA KEV Partially verified — awaiting NVD enrichment AI analysis — synthesis, verify before acting
Actionable · Verified facts
NVD-published · CISA KEV cross-checked

🛡️CVE-2026-10520 – Ivanti Sentry ✓ NVD

CVSS10 NVD 3.1
Triage statusActive Exploit
Exploitation In the wild In CISA KEV ↻ Ongoing
EPSS60% · P99
ActionPatch immediately

Remediation Steps

  1. Apply the vendor security update from Ivanti
  2. Verify successful patch deployment across all affected systems
  3. Review authentication logs for suspicious activity

References:

🛡️CVE-2026-20253 – Splunk Enterprise ✓ NVD

CVSS9.8 NVD 3.1
Triage statusActive Exploit
Exploitation In the wild In CISA KEV
EPSS10% · P95
ActionPatch immediately
AffectedGovernment

Remediation Steps

  1. Identify all Splunk instances in the environment
  2. Apply the vendor patch released by Splunk for this vulnerability
  3. Verify patch application across all Splunk deployments
  4. Monitor logs for indicators of exploitation attempts

References:

🛡️CVE-2026-35273 – Oracle PeopleSoft Enterprise PeopleTools ✓ NVD

CVSS9.8 NVD 3.1
Triage statusActive Exploit
Exploitation In the wild In CISA KEV ↻ Ongoing
EPSS8% · P94
ActionPatch immediately

Remediation Steps

  1. Apply Oracle PeopleSoft Enterprise security patch
  2. Review Oracle security advisories for affected version guidance
  3. Prioritize patching systems accessible from external networks

References:

🛡️CVE-2026-45247 – Mirasvit Full Page Cache Warmer ✓ NVD

CVSS9.8 NVD 3.1
Triage statusActive Exploit
Exploitation In the wild In CISA KEV ↻ Ongoing
EPSS2% · P71
ActionPatch immediately

Remediation Steps

  1. Consult CISA Known Exploited Vulnerabilities catalog entry for full product and version details
  2. Apply vendor security patch
  3. Verify patch deployment across affected systems
  4. Review security logs for evidence of exploitation

References:

🛡️CVE-2026-48172 – LiteSpeed CPanel Plugin ✓ NVD

CVSS9.8 NVD 3.1
Triage statusActive Exploit
Exploitation In the wild In CISA KEV ↻ Ongoing
EPSS1% · P65
ActionPatch immediately

Remediation Steps

  1. Apply the latest security patch from LiteSpeed for the cPanel Plugin immediately
  2. Verify that only authorized cPanel users have access to affected systems
  3. Review system logs for evidence of exploitation or unauthorized script execution
  4. Restrict cPanel administrative access to trusted networks where feasible

References:

🛡️CVE-2026-50751 – Check Point Security Gateway ✓ NVD

CVSS9.3 NVD 3.1
Triage statusActive Exploit
Exploitation In the wild In CISA KEV ↻ Ongoing
EPSS41% · P98
ActionPatch immediately
AffectedTechnology Finance Government Defense

Remediation Steps

  1. Apply the vendor security update for Check Point Remote Access VPN / Mobile Access as a priority.
  2. Restrict network exposure of the affected service to trusted sources until patched.
  3. Review logs and detections for indicators of exploitation.
  4. Confirm fixed versions against the official vendor advisory before deploying.

References:

🛡️CVE-2026-0257 – Palo Alto Networks PAN-OS ✓ NVD

CVSS9.1 NVD 3.1
Triage statusActive Exploit
Exploitation In the wild In CISA KEV ↻ Ongoing
EPSS19% · P97
ActionPatch immediately
AffectedGovernment Technology Finance Transportation

Remediation Steps

  1. Apply the vendor security update for Paloaltonetworks Pan-Os as a priority.
  2. Restrict network exposure of the affected service to trusted sources until patched.
  3. Review logs and detections for indicators of exploitation.
  4. Confirm fixed versions against the official vendor advisory before deploying.

References:

🛡️CVE-2026-42271 – BerriAI LiteLLM ✓ NVD

CVSS8.8 NVD 3.1
Triage statusActive Exploit
Exploitation In the wild In CISA KEV ↻ Ongoing
EPSS54% · P99
ActionPatch immediately

Remediation Steps

  1. Check CISA's Known Exploited Vulnerabilities catalog for product-specific guidance
  2. Contact vendor for available security patches
  3. Apply patch or implement recommended mitigations from vendor advisory
  4. Verify patch installation and monitor for indicators of active exploitation

References:

🛡️CVE-2026-11645 – Google Chromium V8 ✓ NVD

CVSS8.8 NVD 3.1
Triage statusActive Exploit
Exploitation In the wild In CISA KEV ↻ Ongoing
EPSS1% · P49
ActionPatch immediately

Remediation Steps

  1. Update Google Chrome to version 149.0.7827.103 or later
  2. Enable automatic updates to receive future security patches promptly
  3. Check for and remove any suspicious browser extensions
  4. Clear browser cache and temporary files after patching

References:

🛡️CVE-2026-54420 – LiteSpeed CPanel Plugin ✓ NVD

CVSS8.5 NVD 3.1
Triage statusActive Exploit
Exploitation In the wild In CISA KEV ↻ Ongoing
EPSS1% · P46
ActionPatch immediately

Remediation Steps

  1. Apply the patch for the LiteSpeed cPanel user-end plugin to all cPanel servers
  2. Test patched plugin functionality in a staging environment before production deployment
  3. Review server logs for evidence of exploitation attempts
  4. Notify hosting customers of patch deployment timeline

References:

🛡️CVE-2025-48595 – Android Framework ✓ NVD

CVSS8.4 NVD 3.1
Triage statusActive Exploit
Exploitation In the wild In CISA KEV ↻ Ongoing
EPSS<1% · P5
ActionPatch immediately
AffectedTechnology Government

Remediation Steps

  1. Apply the vendor security update for Google Android as a priority.
  2. Restrict network exposure of the affected service to trusted sources until patched.
  3. Review logs and detections for indicators of exploitation.
  4. Confirm fixed versions against the official vendor advisory before deploying.

References:

🛡️CVE-2026-20245 – Cisco Catalyst SD-WAN Manager ✓ NVD

CVSS7.8 NVD 3.1
Triage statusActive Exploit
Exploitation In the wild In CISA KEV ↻ Ongoing
EPSS1% · P57
ActionPatch immediately
AffectedTechnology Defense

Remediation Steps

  1. Apply the vendor security update for Cisco as a priority.
  2. Restrict network exposure of the affected service to trusted sources until patched.
  3. Review logs and detections for indicators of exploitation.
  4. Confirm fixed versions against the official vendor advisory before deploying.

References:

🛡️CVE-2022-0492 – Linux Kernel ✓ NVD

CVSS7.8 NVD 3.1
Triage statusActive Exploit
Exploitation In the wild In CISA KEV ↻ Ongoing
EPSS5% · P92
ActionPatch immediately
AffectedTechnology Government Energy

Remediation Steps

  1. Identify Linux systems running vulnerable kernel versions
  2. Apply the latest stable kernel update from your distribution's repository
  3. Reboot systems to activate patched kernel
  4. Verify kernel version post-reboot using 'uname -r'
  5. Prioritize kernel patching for systems exposed to untrusted local users or containers

References:

🛡️CVE-2026-28318 – SolarWinds Serv-U ✓ NVD

CVSS7.5 NVD 3.1
Triage statusActive Exploit
Exploitation In the wild In CISA KEV ↻ Ongoing
EPSS1% · P60
ActionPatch immediately

Remediation Steps

  1. Check CISA's Known Exploited Vulnerabilities catalog for product-specific guidance
  2. Contact vendor for available security patches
  3. Apply patch or implement recommended mitigations from vendor advisory
  4. Verify patch installation and monitor for indicators of active exploitation

References:

🛡️CVE-2024-21182 – Oracle WebLogic Server ✓ NVD

CVSS7.5 NVD 3.1
Triage statusActive Exploit
Exploitation In the wild In CISA KEV ↻ Ongoing
EPSS48% · P99
ActionPatch immediately
AffectedTechnology Government

Remediation Steps

  1. Apply the vendor security update for Oracle Weblogic Server as a priority.
  2. Restrict network exposure of the affected service to trusted sources until patched.
  3. Review logs and detections for indicators of exploitation.
  4. Confirm fixed versions against the official vendor advisory before deploying.

References:

🛡️CVE-2026-20262 – Cisco Catalyst SD-WAN Manager ✓ NVD

CVSS6.5 NVD 3.1
Triage statusActive Exploit
Exploitation In the wild In CISA KEV ↻ Ongoing
EPSS1% · P63
ActionPatch immediately
AffectedDefense Technology

Remediation Steps

  1. Apply the vendor security update for Cisco Catalyst SD-WAN Manager as a priority.
  2. Restrict network exposure of the affected service to trusted sources until patched.
  3. Review logs and detections for indicators of exploitation.
  4. Confirm fixed versions against the official vendor advisory before deploying.

References:

🛡️CVE-2026-7473 – Arista Extensible Operating System ✓ NVD

CVSS5.8 NVD 3.1
Triage statusActive Exploit
Exploitation In the wild In CISA KEV ↻ Ongoing
EPSS<1% · P29
ActionPatch immediately

Remediation Steps

  1. Apply the vendor security update from Arista
  2. Review network device access logs for unauthorized activity
  3. Restrict management access to network devices from trusted administrative networks

References:

🛡️CVE-2026-4020 – Gravity SMTP WordPress Plugin ✓ NVD

CVSS7.5 NVD 3.1
Triage statusNo Known Exploit
ExploitationNo exploitation reported ● New this week
EPSS3% · P86
ActionPatch this week

Remediation Steps

  1. Audit all WordPress installations for the presence of Gravity SMTP plugin
  2. Review plugin version to confirm if running an affected build
  3. Update Gravity SMTP to the patched version released by the vendor
  4. Search WordPress site logs for unauthorized access attempts or API key exposure indicators
  5. Rotate all exposed API keys, OAuth tokens, and configuration credentials

References:

Actionable · Partially verified
CVE in source articles · NVD enrichment pending

CVE-2026-48907 – Widget Factory Joomla Content Editor pending NVD

CVSSawaiting NVD
Triage statusActive Exploit
Exploitation In the wild In CISA KEV ↻ Ongoing
EPSS7% · P93
ActionPatch immediately

Remediation Steps

  1. Apply security patch from Widget Factory/Joomla vendor immediately
  2. Disable the JCE plugin if patch is not immediately available
  3. Review access logs for evidence of exploitation attempts

References:

These CVEs are real (IDs appear in source articles) but NVD has not yet finished enrichment. Canonical vendor/product/CVSS data will appear here automatically once NVD catches up — we re-check daily.
🤖 This vulnerability report was compiled by defend.network using AI-powered analysis of vulnerability databases, vendor advisories, and threat intelligence feeds. Always verify remediation steps through official vendor channels before implementing changes in production environments.

Get Vulnerability Priority Updates

Subscribe free and stay on top of critical patches.