Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: rce (62 articles)Clear

Critical Cisco ISE flaws give attackers root and leak credentials

Cisco has patched serious flaws in Identity Services Engine (ISE), the platform many organizations use to control who and what connects to their network. The most severe is a critical remote-code-execution bug that can give an attacker root-level control of the appliance. A second flaw, CVE-2026-20190, is an unauthenticated information-disclosure issue caused by weak authorization checks, letting a remote attacker pull sensitive data, including hashed credentials, that could fuel follow-on attacks and lateral movement. All versions of ISE and ISE-PIC are affected, though which flaws apply varies by release. Cisco has not reported active exploitation, but ISE sits at the heart of network access control.

Check
Identify Cisco ISE and ISE-PIC deployments and their patch levels, restrict access to the management interface to trusted administrators, and review logs for unexpected requests or signs of credential access.
Affected
All versions of Cisco Identity Services Engine (ISE) and ISE-PIC, with applicable flaws varying by release; the unauthenticated information-disclosure bug is tracked as CVE-2026-20190, alongside a critical root-level code-execution flaw.
Fix
Upgrade to ISE 3.3 Patch 11 or 3.4 Patch 6 now; the 3.5 Patch 4 fix is expected in August. Limit management access to trusted networks until then.

Critical Joomla JCE editor flaw actively exploited to run PHP code

A critical flaw in the Joomla Content Editor (JCE), one of the most widely used editor extensions for the Joomla CMS, is being actively exploited to take over websites. The bug (CVE-2026-48907, rated a perfect 10) is an access-control failure that lets an unauthenticated attacker create editor profiles and then upload and run arbitrary PHP code, leading to full server compromise. CISA added it to its known-exploited list and ordered federal agencies to patch by June 19. Working exploit code is public and attacks are automated, so even sites with no public registration are at risk. Patching closes the hole but does not remove anything attackers already planted.

Check
Identify Joomla sites using the JCE extension and confirm the version, then audit for unfamiliar editor profiles, suspicious PHP files in upload directories, new admin accounts, and profile-import requests in logs.
Affected
Joomla websites running JCE versions 1.0.0 through 2.9.99.4 (CVE-2026-48907); public-facing sites are being hit by automated attacks regardless of whether public registration is enabled.
Fix
Update JCE to 2.9.99.5 or later now. Since the update does not clean an already-compromised site, also hunt for web shells and rogue accounts, and rotate site, database, and hosting passwords.

Attackers now exploiting three critical FortiSandbox flaws, one with AI-built exploit

Threat-intelligence firm Defused reports that attackers are now exploiting three critical flaws in Fortinet's FortiSandbox, the appliance other Fortinet products rely on to judge whether files are malicious. Two (CVE-2026-39813, a JRPC API path traversal that bypasses authentication, and CVE-2026-39808, an unauthenticated command-injection that runs code as root) were patched in April; the third (CVE-2026-25089) only last week. All are unauthenticated and rated critical. Compromising a sandbox is especially dangerous because attackers can make it wave real malware through as clean. Notably, the exploit for one flaw appears to have been generated with AI and is likely faulty, yet attackers are trying it anyway.

Check
Identify FortiSandbox, FortiSandbox Cloud, and PaaS instances and their versions, confirm whether the web and JRPC API interfaces are reachable from untrusted networks, and review logs for unauthenticated command execution.
Affected
FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS that are unpatched against CVE-2026-39813, CVE-2026-39808, or CVE-2026-25089, especially instances exposed to untrusted networks; all three need no authentication.
Fix
Upgrade FortiSandbox to the fixed releases for all three CVEs immediately, restrict management and API interfaces to trusted networks, and treat any unpatched appliance as potentially compromised pending review.

Google Vertex AI SDK flaw let attackers hijack model uploads across tenants

Palo Alto's Unit 42 disclosed a flaw, nicknamed Pickle in the Middle, in Google Cloud's Vertex AI SDK for Python that let an attacker with no access to a victim's project hijack their machine-learning model uploads and run code across tenant boundaries. When a model was uploaded without a custom staging bucket, the SDK generated a predictable storage bucket name from the project ID and region and failed to verify ownership, so an attacker could pre-create that bucket, receive the victim's model, and swap in a malicious one that executes on deployment. Google fully fixed it in SDK version 1.148.0 in April; Unit 42 saw no exploitation in the wild.

Check
Check the google-cloud-aiplatform SDK version everywhere it runs, including notebooks, CI jobs, and training pipelines, and confirm whether model uploads relied on default, auto-generated staging buckets.
Affected
Google Cloud Vertex AI users on google-cloud-aiplatform SDK versions before 1.148.0 who uploaded models without specifying their own staging bucket; no CVE was assigned and no exploitation was observed.
Fix
Update the Vertex AI SDK to 1.148.0 or later so bucket-ownership checks are active, and always set an explicit staging bucket pointing to Cloud Storage you control when uploading models.

Cisco patches exploited SD-WAN Manager flaw that gives root access

Cisco has patched a flaw in Catalyst SD-WAN Manager (formerly vManage), the console used to manage thousands of SD-WAN devices, that attackers were already exploiting as a zero-day to gain root. The bug (CVE-2026-20262) stems from weak validation of file uploads in the web interface, letting an authenticated low-privilege remote attacker create or overwrite any file on the system by sending crafted HTTP requests, and from there run commands as root. It affects every deployment type, including on-premises, Cisco-managed cloud, and the FedRAMP government edition, regardless of configuration. It is the latest in a run of exploited Cisco SD-WAN Manager zero-days this year.

Check
Identify Catalyst SD-WAN Manager instances and versions, and before upgrading run the request admin-tech command on each control component to preserve evidence, then review file-upload and web UI logs.
Affected
Cisco Catalyst SD-WAN Manager (formerly vManage) across all deployment types, including on-premises, Cloud-Pro, Cisco-managed cloud, and the FedRAMP government edition (CVE-2026-20262), regardless of device configuration.
Fix
Upgrade to the fixed Catalyst SD-WAN Manager release now, restrict management-interface access to trusted administrators and networks, and audit for unauthorized files or configuration changes pushed to edge devices.

Critical Splunk Enterprise flaw allows unauthenticated remote code execution

Splunk has patched a critical flaw in Splunk Enterprise that lets an unauthenticated attacker run code on the server, a serious risk given Splunk often sits at the heart of a company's security monitoring. The bug (CVE-2026-20253, rated 9.8) is in the PostgreSQL sidecar service added in Splunk 10, whose internal API has no authentication yet is reachable through the main web app's proxy. An attacker can write or overwrite files on the host and chain that into remote code execution. The sidecar is off by default on on-premises Windows but enabled out of the box on Splunk Enterprise running in AWS. Splunk Cloud is not affected.

Check
Check Splunk Enterprise versions and whether the PostgreSQL sidecar service is enabled, especially on AWS-hosted instances, and use watchTowr's detection tool to test for unauthenticated access to the API.
Affected
Splunk Enterprise 10 and later below versions 10.2.4 and 10.0.7 with the PostgreSQL sidecar service active (CVE-2026-20253); AWS-hosted instances are exposed by default. Splunk Cloud is unaffected.
Fix
Upgrade Splunk Enterprise to 10.2.4 or 10.0.7 or later immediately. Until patched, restrict network access to the web interface and sidecar endpoints, and disable the sidecar service if unused.

Decade-old phpBB auth bypass lets anyone become admin, then run code

A critical flaw in phpBB, the open-source forum software running on thousands of sites, lets an unauthenticated attacker obtain a valid login session as any user, including an administrator, with a single HTTP request. The bug (CVE-2026-48611, rated 9.4) works in the default configuration and traces back to code from 2014. An admin session gives full read, write, and delete access to the forum and, on the latest branch, opens a path to remote code execution and full server takeover. A second, lower-severity flaw affecting only OAuth-configured installs was also fixed. phpBB released version 3.3.17 to patch both.

Check
Identify phpBB installations and their versions, prioritizing internet-facing forums, and confirm whether any are running version 3.3.16 or earlier or the 4.0.0-a2 alpha.
Affected
phpBB forums version 3.3.16 and earlier and 4.0.0-a2 in the default database authentication mode (CVE-2026-48611); a second flaw (CVE-2026-48612) affects only OAuth-configured installs.
Fix
Upgrade to phpBB 3.3.17 immediately; there is no safe 4.x release yet, so 4.x users should move to the patched master branch. No configuration workaround fully closes the bypass.

LangGraph flaw chain exposes self-hosted AI agents to code execution

Check Point has disclosed three now-patched flaws in LangGraph, the popular LangChain framework for building AI agents, that can be chained for remote code execution on self-hosted servers. The chain combines an SQL injection (CVE-2025-67644) with an unsafe msgpack deserialization bug (CVE-2026-28277): an attacker who can reach the agent's stored-state endpoint plants a malicious checkpoint that runs code when loaded. A compromised LangGraph server exposes everything the agent can touch, including model API keys, customer data, and internal network access. It is only exploitable in self-hosted deployments using the SQLite or Redis checkpointer; LangChain's managed LangSmith platform is not affected.

Check
Identify self-hosted LangGraph deployments using the SQLite or Redis checkpointer, check whether the get_state_history endpoint is exposed without authentication, and confirm the framework version against the patched releases.
Affected
Self-hosted LangGraph servers using the SQLite or Redis checkpointer with user-controlled filter input (CVE-2025-67644, CVE-2026-28277, CVE-2026-27022). Managed LangSmith deployments are not affected.
Fix
Upgrade LangGraph to the patched versions, require authentication on self-hosted servers, avoid long-lived static secrets, segment the network, and treat AI agents as privileged identities with least-privilege access.

Oracle issues emergency PeopleSoft fix as exploited zero-day drives breaches

The ShinyHunters data-theft wave against Oracle PeopleSoft, covered yesterday, now has a confirmed root cause: a zero-day. Oracle has issued an out-of-band emergency mitigation for CVE-2026-35273, a critical flaw (rated 9.8) in PeopleSoft PeopleTools that lets an unauthenticated attacker run code on the server over HTTP, with no login required. Google's Mandiant says the bug was exploited from May 27 to June 9, before any advisory existed, and notified more than 100 affected organizations, 68 percent of them universities. The exposed component is the Environment Management Hub. Affected versions are PeopleTools 8.61 and 8.62; a full patch is still pending.

Check
Determine whether PeopleSoft PeopleTools 8.61 or 8.62 is in use and whether the Environment Management Hub is reachable externally, then review logs for the published attacker IPs and credential-spray activity.
Affected
Oracle PeopleSoft Enterprise PeopleTools 8.61 and 8.62 with the Environment Management Hub exposed to untrusted networks (CVE-2026-35273); PeopleSoft Enterprise Applications customers may also be affected.
Fix
Apply Oracle's emergency mitigations from the June out-of-band alert immediately and restrict access to the Environment Management Hub, then watch for the full patch and assume compromise where exposed.

Critical Ivanti Sentry flaw now exploited within a day of disclosure

The critical Ivanti Sentry flaw covered yesterday is now under active attack, with researchers reporting compromised gateways within about 24 hours of the patch and public patch analysis. CVE-2026-10520, rated a perfect 10, is an OS command injection in an internal configuration API that accepts commands from anyone who can reach it over the internet, granting remote code execution as root with no login. A second flaw, CVE-2026-10523, lets attackers create their own admin accounts. With exploitation confirmed and detection tooling public, the time to patch has effectively run out for internet-exposed appliances. Ivanti released fixes earlier this week.

Check
Treat any unpatched, internet-facing Ivanti Sentry as potentially compromised: review appliances for rogue administrator accounts, unexpected root commands, and connections from unfamiliar IPs before and after patching.
Affected
Internet-exposed Ivanti Sentry (formerly MobileIron Sentry) 10.5.1, 10.6.1, 10.7.0 and earlier, now actively exploited via CVE-2026-10520 (root RCE) and CVE-2026-10523 (admin auth bypass).
Fix
Patch to R10.5.2, R10.6.2, or R10.7.1 immediately if not already done, then perform incident response: rebuild compromised appliances, remove rogue accounts, and rotate connected credentials and secrets.