Critical vulnerabilities, curated daily for security professionals
🎯 SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
📊
Today's Security Brief
Saturday's disclosures center on three CVSS 10.0 remote code execution flaws affecting SimpleHelp remote support software (CVE-2026-48558), the Aqara IAM/SSO smart-home gateway (CVE-2026-50086), and the vm2 JavaScript sandbox (CVE-2026-47131). Critical-severity vulnerabilities rose 50% to 18, while high-priority issues fell 49% to 31 across 49 total CVEs. Additional critical entries include CVE-2026-54133 (CVSS 9.8) in the jmespath.php library, CVE-2026-50084 (CVSS 9.6) in the Aqara Cloud Production API, and CVE-2026-11849 (CVSS 9.8) in IEI Integration's iRM remote management appliance. The disclosures skew toward sandbox escape, server-side RCE, and IoT/cloud gateway compromise, with several flaws reachable pre-authentication. No fixes were available at disclosure (0% patch availability), and seven CVEs across Ivanti Sentry, Check Point, Oracle PeopleSoft, and Cisco SD-WAN carry confirmed active exploitation.
Three CVSS 10.0 RCE flaws disclosed: SimpleHelp (CVE-2026-48558), Aqara IAM/SSO gateway (CVE-2026-50086), and the vm2 sandbox (CVE-2026-47131)
Critical CVEs rose 50% to 18, led by widely deployed remote support and smart-home cloud platforms
High-priority CVEs fell 49% to 31, with 49 vulnerabilities disclosed in total
Attack patterns are dominated by sandbox escape and unauthenticated RCE in jmespath.php (CVE-2026-54133) and IEI iRM remote management (CVE-2026-11849)
Patch availability stands at 0% at disclosure, leaving SimpleHelp, Aqara, and vm2 deployments exposed pending vendor fixes
Seven CVEs show active exploitation, including Ivanti Sentry (CVE-2026-10520) and Cisco Catalyst SD-WAN Manager (CVE-2026-20245)
Immediate action: Prioritize SimpleHelp remote support servers, Aqara IAM/SSO and cloud API gateways, and any applications bundling the vm2 sandbox or jmespath.php library, as these carry maximum-severity remote code execution risk. With no patches yet available, restrict network exposure of affected services and apply vendor mitigations as released; separately, expedite remediation of the seven actively exploited CVEs affecting Ivanti Sentry, Check Point, Oracle PeopleSoft, and Cisco SD-WAN.
💡 Tip: Swipe CVE cards left to ⭐ star, right to ❌ remove
Section Navigation
⚠️
CISA Known Exploited Vulnerabilities
⚠️ CISA KEVURGENT
CVE-2026-50751
9.5📝
Check PointSecurity Gateway
⏰ Federal Deadline:June 10, 2026(-2 days remaining)
Check Point Security Gateway is affected by an improper authentication vulnerability that is currently being exploited in the wild.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2026-10520
10📝
IvantiSentry
⏰ Federal Deadline:June 13, 2026(1 days remaining)
A critical OS command injection vulnerability in Ivanti Sentry allows remote unauthenticated users to achieve root-level remote code execution.
CVSS Base10
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2026-35273
9.8📝
OraclePeopleSoft Enterprise PeopleTools
⏰ Federal Deadline:June 14, 2026(2 days remaining)
An unauthenticated, easily exploitable vulnerability in the PeopleSoft Updates Environment Management component allows for complete system takeover via HTTP.
CVSS Base9.8
→
CRSSelect profile
⚠️ CISA KEV
CVE-2026-42271
9.5📝
LiteLLMLiteLLM
⏰ Federal Deadline:June 21, 2026(9 days remaining)
LiteLLM contains a command injection vulnerability in its MCP server test endpoints that, when chained with a host header bypass, enables unauthenticated remote code execution.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2026-11645
9.5📝
GoogleChrome
⏰ Federal Deadline:June 22, 2026(10 days remaining)
An out-of-bounds read and write vulnerability in the V8 JavaScript engine allows remote attackers to execute arbitrary code via a crafted HTML page.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2026-7473
9.5📝
AristaExtensible Operating System
⏰ Federal Deadline:June 22, 2026(10 days remaining)
Arista Extensible Operating System is affected by an incomplete comparison vulnerability, currently tracked in the CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2026-20245
9.5📝
CiscoCatalyst SD-WAN Manager
⏰ Federal Deadline:June 22, 2026(10 days remaining)
A command injection and privilege escalation vulnerability exists in the CLI of Cisco Catalyst SD-WAN Manager due to insufficient input validation.
CVSS Base9.5
→
CRSSelect profile
🚨
Critical Vulnerabilities
CVE-2026-54133
9.8📝
jmespathjmespath.php
The jmespath.php library fails to sanitize input when using the compiler runtime, allowing for remote code execution via crafted JMESPath expressions.
CVSS Base9.8
→
CRSSelect profile
CVE-2026-53787
9.8📝
AmastyOrder Attributes for Magento 2
Amasty Order Attributes for Magento 2 contains an unauthenticated arbitrary file upload vulnerability allowing remote code execution.
CVSS Base9.8
→
CRSSelect profile
CVE-2026-11849
9.8📝
IEI Integration CorpiRM-IEI Remote Management
IEI Integration Corp's iRM-IEI Remote Management system contains hardcoded credentials, allowing unauthenticated remote access to the database.
CVSS Base9.8
→
CRSSelect profile
CVE-2026-44990
9.3📝
ApostropheCMSsanitize-html
The sanitize-html library contains a sanitizer bypass vulnerability that can lead to stored XSS in applications rendering user-controlled content.
CVSS Base9.3
→
CRSSelect profile
CVE-2026-10557
9.8📝
YarboAndroid/iOS Mobile Application and Cloud MQTT
The Yarbo mobile application and cloud infrastructure contain hardcoded MQTT credentials, allowing unauthorized access to global robot telemetry and command functions.
CVSS Base9.8
→
CRSSelect profile
CVE-2026-48558
10📝
SimpleHelpSimpleHelp
SimpleHelp contains an authentication bypass in the OIDC flow, allowing unauthenticated attackers to forge tokens and gain full technician access without multi-factor authentication.
CVSS Base10
→
CRSSelect profile
CVE-2026-50086
10📝
AqaraIAM/SSO gateway
The Aqara IAM/SSO gateway contains a critical flaw that exposes cryptographic signing keys, allowing unauthenticated attackers to perform unauthorized operations.
CVSS Base10
→
CRSSelect profile
CVE-2026-50084
9.6📝
AqaraCloud Production API
The Aqara Cloud Production API suffers from a missing authorization vulnerability, allowing any valid developer token to access any user account.
CVSS Base9.6
→
CRSSelect profile
CVE-2026-6853
9.8📝
Başbelen GroupPause+ Mobile App
The Pause+ Mobile App contains an authentication bypass vulnerability due to improper restriction of excessive authentication attempts.
CVSS Base9.8
→
CRSSelect profile
CVE-2026-47131
10📝
vm2vm2
A sandbox escape vulnerability in vm2 allows unauthenticated attackers to execute arbitrary code on the host system via prototype mutation.
CVSS Base10
→
CRSSelect profile
CVE-2026-47137
10📝
vm2vm2
An improper security check implementation in vm2 allows unauthenticated attackers to bypass sandbox restrictions and achieve remote code execution.
CVSS Base10
→
CRSSelect profile
CVE-2026-47140
10📝
vm2vm2
An incomplete denylist of Node.js builtins in vm2 allows unauthenticated attackers to escape the sandbox and execute code in the host process.
CVSS Base10
→
CRSSelect profile
CVE-2026-47208
10📝
vm2vm2
A sandbox breakout vulnerability in vm2 allows unauthenticated attackers to execute arbitrary commands on the host system via promise manipulation.
CVSS Base10
→
CRSSelect profile
CVE-2026-46716
9.9📝
NezhaMonitoring
Nezha Monitoring contains a vulnerability where a low-privileged user can trigger arbitrary commands across all monitored servers, resulting in cross-tenant remote code execution.
CVSS Base9.9
→
CRSSelect profile
CVE-2026-47210
9.8📝
vm2vm2
The vm2 sandbox for Node.js is vulnerable to a sandbox escape that allows arbitrary code execution in the host process when using WebAssembly JSPI.
CVSS Base9.8
→
CRSSelect profile
CVE-2026-28742
9.8📝
NaxclowSmart Doorbell X3, X Smart Home, V720, and ix cam
Naxclow devices use a hard-coded, platform-wide salt for request signing, allowing unauthenticated attackers to forge requests and impersonate users across the platform.
CVSS Base9.8
→
CRSSelect profile
CVE-2026-53838
9.8📝
OpenClawMultiple Products
OpenClaw contains a state mutation vulnerability in node pairing that allows attackers to bypass approval restrictions and elevate node authority.
CVSS Base9.8
→
CRSSelect profile
CVE-2026-50090
9.3📝
AqaraCloud OAuth
A redirect bypass vulnerability in the Aqara Cloud OAuth endpoint allows attackers to perform credential theft and phishing by exploiting weak domain validation.
CVSS Base9.3
→
CRSSelect profile
⚠️
High Priority Updates
CVE-2026-12035
8.8📝
GoogleChrome
A use-after-free vulnerability in the Views component of Google Chrome on Windows allows for potential memory corruption and arbitrary code execution.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-12012
8.1📝
GoogleChrome
A use-after-free vulnerability in the Network component of Google Chrome allows for potential memory corruption and unauthorized code execution.
CVSS Base8.1
→
CRSSelect profile
CVE-2026-53608
8.7📝
ApostropheCMS@apostrophecms/seo package
The @apostrophecms/seo package fails to sanitize Google Analytics and Tag Manager IDs, leading to stored XSS via JavaScript template literal injection.
CVSS Base8.7
→
CRSSelect profile
CVE-2026-47342
8.8📝
ApacheOFBiz
A privilege escalation vulnerability in Apache OFBiz allows authenticated users to obtain higher privileges by bypassing authorization checks on specific API operations.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-12043
8.8📝
AWSaws-c-http
A double free memory corruption vulnerability in the AWS Common Runtime aws-c-http library may lead to arbitrary code execution when processing crafted HTTP/2 HEADERS frames.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-42947
8.8📝
NaxclowIoT Platform (Smart Doorbell X3, X Smart Home, V720, ix cam)
A flaw in the Naxclow IoT onboarding workflow allows attackers to replay binding sequences to silently hijack device ownership.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-50087
8.2📝
AqaraIAM/SSO Gateway
The Aqara IAM/SSO gateway contains an overly permissive Cross-Origin Resource Sharing (CORS) policy, allowing unauthorized cross-origin requests.
The iVEC-IEI Virtualization Edge Computer contains an arbitrary file deletion vulnerability that can be triggered by authenticated remote attackers.
CVSS Base8.1
→
CRSSelect profile
CVE-2026-47162
8.8📝
VimVim
A Vimscript code injection vulnerability exists in the netrw plugin, allowing arbitrary command execution via crafted directory names.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-7387
8.8📝
MattermostMattermost
Mattermost fails to enforce role-management authorization on group syncable link and patch endpoints, allowing for unauthorized privilege escalation.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-53821
8.8📝
OpenClawMultiple Products
A vulnerability in OpenClaw allows unauthorized users to obtain cached operator.admin authority on WebSocket connections to execute admin-gated Gateway RPCs.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-53822
8.8📝
OpenClawMultiple Products
A command injection vulnerability in OpenClaw allows attackers to manipulate command arguments post-approval, enabling the execution of unauthorized shell commands.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-53828
8.8📝
OpenClawMultiple Products
An authorization bypass in OpenClaw allows authenticated users to execute restricted, owner-only native commands by circumventing policy enforcement.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-53836
8.8📝
OpenClawMultiple Products
OpenClaw is vulnerable to an allowlist bypass in PowerShell command parsing, allowing remote authenticated operators to execute arbitrary commands using abbreviated flag aliases.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-46475
8.8📝
FlowiseFlowise
A mass-assignment vulnerability in Flowise allows authenticated users to move assistants between workspaces, resulting in cross-workspace takeover.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-45674
8.7📝
NettyNetty
Netty's DnsResolveContext fails to validate the origin of CNAME records, making applications using the framework vulnerable to DNS Cache Poisoning (Bailiwick Bypass).
CVSS Base8.7
→
CRSSelect profile
CVE-2026-47135
8.7📝
vm2vm2 (Node.js sandbox)
The vm2 library contains a sandbox escape vulnerability caused by incomplete overrides of the global Symbol.for function and flaws in proxy-based bridge write-trap handlers.
CVSS Base8.7
→
CRSSelect profile
CVE-2026-6211
8.7📝
Global IT Informatics Services IncWEOLL
The WEOLL platform contains an unrestricted file upload vulnerability and fails to properly constrain access to functionality via ACLs.
CVSS Base8.7
→
CRSSelect profile
CVE-2026-47691
8.7📝
NettyNetty
Netty's DnsResolveContext insufficiently validates NS record bailiwicks, enabling DNS Cache Poisoning attacks.
CVSS Base8.7
→
CRSSelect profile
CVE-2026-47139
8.6📝
vm2vm2 (Node.js sandbox)
A vulnerability in the vm2 library's NodeVM component allows attackers to bypass network exclusions and perform SSRF-style attacks via the wildcard '*' option.
CVSS Base8.6
→
CRSSelect profile
CVE-2026-47209
8.6📝
vm2vm2 (Node.js sandbox)
The vm2 library is susceptible to a sandbox escape due to a flaw in the BaseHandler.set method which incorrectly ignores the receiver parameter.
CVSS Base8.6
→
CRSSelect profile
CVE-2026-50085
8.6📝
AqaraBoard service (op-test)
The Aqara Board service (op-test) allows unauthenticated remote attackers to send arbitrary MQTT command payloads to the HiveMQ broker.
CVSS Base8.6
→
CRSSelect profile
CVE-2026-53831
8.3📝
OpenClawOpenClaw
A high-severity vulnerability exists in OpenClaw, details of which are currently limited.
CVSS Base8.3
→
CRSSelect profile
CVE-2026-50088
8.2📝
AqaraAqara Developer Portal
The Aqara Developer Portal exhibits a permissive cross-origin resource sharing (CORS) policy, allowing unauthorized cross-domain access.
CVSS Base8.2
→
CRSSelect profile
CVE-2026-47907
8.2📝
AdobeDreamweaver Desktop
Adobe Dreamweaver Desktop contains an improper access control vulnerability that allows for arbitrary file system read when opening a malicious file.
CVSS Base8.2
→
CRSSelect profile
CVE-2026-11816
8.1📝
KerasKeras
Keras versions prior to 3.14.0 are susceptible to a path traversal vulnerability during archive extraction, potentially allowing arbitrary file writes.
CVSS Base8.1
→
CRSSelect profile
CVE-2026-53777
8.1📝
PerryUnknown
A security vulnerability has been identified in Perry software products, requiring immediate investigation and remediation.
CVSS Base8.1
→
CRSSelect profile
CVE-2026-46489
8.1📝
SolidInvoiceSolidInvoice
An authenticated administrator in SolidInvoice can upload an SVG file containing embedded JavaScript, resulting in stored cross-site scripting (XSS).
CVSS Base8.1
→
CRSSelect profile
CVE-2026-46622
8.1📝
SolidInvoiceSolidInvoice
SolidInvoice stores API tokens in plaintext within the database, risking full credential compromise if the database is exposed or accessed by an unauthorized party.
CVSS Base8.1
→
CRSSelect profile
CVE-2026-44249
8.1📝
NettyNetty
A high-severity vulnerability has been reported in the Netty network application framework, which is used for developing protocol servers and clients.
CVSS Base8.1
→
CRSSelect profile
CVE-2026-48610
8.1📝
UbiquitiUniFi OS
Certain devices running UniFi OS contain an improper access control vulnerability that allows a network-adjacent attacker to perform unauthorized changes.