CVE Brief - June 3, 2026

Wednesday, June 3, 2026 Archive

Archived Security Snapshot

Critical vulnerabilities, curated daily for security professionals

🎯 SSCV Profile

See how vulnerabilities affect your specific environment

CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework

Select your system profile:

Risk scores will be adjusted based on your selected environment

Archived Security Brief

Progress Sitefinity led Wednesday's disclosures with two critical vulnerabilities, including CVE-2026-7312 at the maximum CVSS 10 and CVE-2026-7198 at 9.8, placing content-management deployments at the front of remediation queues. The day brought 7 critical CVEs, down 22% from the prior day's 9, and 17 high-priority CVEs, down 63% from 46. Beyond Sitefinity, critical issues affected identity and healthcare systems, including CVE-2026-49448 (9.8) in authentik, CVE-2026-0611 (9.8) in Spacelabs Healthcare Sentinel, and CVE-2026-47117 (9.8) in OpenMed. Remote code execution and authentication bypass dominated the critical set, spanning web platforms, WordPress/LMS plugins, and medical devices. No patches were available at disclosure for the reported critical issues, so teams should prioritize compensating controls and monitor vendor advisories closely; 7 CVEs carry confirmed active exploitation, including Palo Alto Networks PAN-OS and Oracle WebLogic Server.

Progress Sitefinity carried two critical flaws, CVE-2026-7312 (CVSS 10) and CVE-2026-7198 (CVSS 9.8), making it the most exposed platform of the day
Critical CVEs totaled 7, a 22% decrease from the prior day's 9
High-priority CVEs totaled 17, a 63% decrease from the prior day's 46
Remote code execution and authentication bypass were the dominant attack patterns, affecting web CMS, identity (authentik), and LMS/WordPress plugins
Patch availability stood at 0% for the disclosed critical issues, leaving compensating controls and monitoring as the primary near-term defense
7 CVEs have confirmed active exploitation, including Palo Alto Networks PAN-OS (CVE-2026-0257) and Oracle WebLogic Server (CVE-2024-21182)

Immediate action: Prioritize Progress Sitefinity, authentik, and internet-facing healthcare systems (Spacelabs Sentinel, OpenMed) for immediate review, and apply restrictions or isolation where fixes are not yet published. With patch availability at 0% for the disclosed critical issues, track vendor advisories continuously and apply mitigations as soon as they are released; separately, ensure actively exploited products such as Palo Alto Networks PAN-OS and Oracle WebLogic Server are remediated on an accelerated timeline.

💡 Tip: Swipe CVE cards left to ⭐ star, right to ❌ remove

CISA Known Exploited Vulnerabilities

⚠️ CISA KEV URGENT

CVE-2026-8398

9.5 📝

AVB Disc Soft DAEMON Tools Lite May 26, 2026

⏰ Federal Deadline: May 29, 2026 (-4 days remaining)

A supply chain compromise of DAEMON Tools Lite resulted in the distribution of trojanized binaries signed with a legitimate certificate.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV URGENT

CVE-2026-0257

9.5 📝

Palo Alto Networks PAN-OS May 28, 2026

⏰ Federal Deadline: May 31, 2026 (-2 days remaining)

An authentication bypass vulnerability exists in Palo Alto Networks PAN-OS GlobalProtect, allowing unauthenticated attackers to forge authentication cookies and establish unauthorized VPN connections.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV URGENT

CVE-2024-21182

9.5 📝 📜 Late Disclosure

Oracle WebLogic Server May 31, 2026

⏰ Federal Deadline: June 3, 2026 (1 days remaining)

Oracle WebLogic Server contains an unspecified vulnerability that is currently being exploited in the wild.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV URGENT

CVE-2022-0492

9.5 📝 📜 Late Disclosure

Linux Kernel June 1, 2026

⏰ Federal Deadline: June 4, 2026 (2 days remaining)

A privilege escalation vulnerability in the Linux Kernel cgroup_release_agent_write function allows unprivileged users to escape container environments and gain elevated host privileges.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV URGENT

CVE-2025-48595

9.5 📝

Android Framework June 1, 2026

⏰ Federal Deadline: June 4, 2026 (2 days remaining)

An integer overflow vulnerability in the Android Framework allows for potential unauthorized system access and is currently tracked in the CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV URGENT

CVE-2026-48027

9.5 📝

Nx Nx Console May 26, 2026

⏰ Federal Deadline: June 9, 2026 (7 days remaining)

A critical supply chain attack involving embedded malicious code in the Nx Console VS Code extension has been identified and is being actively exploited.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV URGENT

CVE-2026-45321

9.5 📝

GitHub Actions OIDC May 26, 2026

⏰ Federal Deadline: June 9, 2026 (7 days remaining)

GitHub Actions OIDC was exploited to publish malicious npm packages by chaining multiple vulnerabilities, including cache poisoning and token extraction.

CVSS Base 9.5

→

CRS Select profile

Critical Vulnerabilities

CVE-2026-5076

9.8 📝

ARMember ARMember Premium Plugin Jun 2, 2026

The ARMember Premium plugin for WordPress stores plaintext password reset keys, allowing unauthenticated attackers to reset user passwords and hijack accounts.

CVSS Base 9.8

→

CRS Select profile

CVE-2026-0611

9.8 📝

Spacelabs Healthcare Sentinel Jun 2, 2026

Spacelabs Healthcare Sentinel contains an unauthenticated RCE vulnerability via a deprecated .NET Remoting HTTP channel, allowing attackers to write webshells and execute arbitrary code.

CVSS Base 9.8

→

CRS Select profile

CVE-2026-7312

10 📝

Progress Sitefinity Jun 2, 2026

Progress Sitefinity web services contain a vulnerability that allows unauthenticated remote attackers to retrieve plain-text credentials for the Sitefinity Insight service.

CVSS Base 10

→

CRS Select profile

CVE-2026-7198

9.8 📝

Progress Sitefinity Jun 2, 2026

Improper access control in Progress Sitefinity web services allows unauthenticated attackers to access restricted content and fully compromise the installation.

CVSS Base 9.8

→

CRS Select profile

CVE-2026-47117

9.8 📝

OpenMed Multiple Products Jun 2, 2026

OpenMed contains a remote code execution vulnerability in its PII privacy-filter model loading path, allowing unauthenticated attackers to execute arbitrary code.

CVSS Base 9.8

→

CRS Select profile

CVE-2025-53209

9.8 📝

Themeisle Masteriyo LMS PRO Jun 2, 2026

Themeisle Masteriyo LMS PRO contains an incorrect privilege assignment vulnerability, allowing unauthenticated attackers to escalate their privileges to administrator.

CVSS Base 9.8

→

CRS Select profile

CVE-2026-49448

9.8 📝

authentik authentik Jun 2, 2026

An authentication bypass vulnerability in the authentik Source stage allows unauthenticated attackers to bypass security checks by sending an empty POST request.

CVSS Base 9.8

→

CRS Select profile

High Priority Updates

CVE-2026-5883

8.8 📝

Google Chrome June 3, 2026

A use-after-free vulnerability in the Media component of Google Chrome allows remote attackers to execute arbitrary code via a crafted HTML page.

CVSS Base 8.8

→

CRS Select profile

CVE-2026-1829

8.8 📝

WordPress Content Visibility for Divi Builder June 3, 2026

The Content Visibility for Divi Builder plugin for WordPress contains a vulnerability that allows for remote code execution.

CVSS Base 8.8

→

CRS Select profile

CVE-2026-42359

8.8 📝

Apache Airflow June 3, 2026

A deserialization vulnerability in the Apache Airflow XCom PATCH endpoint allows authenticated users to achieve remote code execution by bypassing key validation.

CVSS Base 8.8

→

CRS Select profile

CVE-2026-49298

8.8 📝

Apache Airflow June 3, 2026

A bug in Apache Airflow's KubernetesExecutor causes sensitive JWT tokens to be exposed as command-line arguments in pod specifications.

CVSS Base 8.8

→

CRS Select profile

CVE-2025-53345

8.8 📝

ThimPress Thim Core June 3, 2026

A missing authorization vulnerability in ThimPress Thim Core allows for arbitrary code execution after installing a malicious plugin.

CVSS Base 8.8

→

CRS Select profile

CVE-2026-42096

8.8 📝

Sparx Systems Pro Cloud Server June 3, 2026

Sparx Pro Cloud Server contains a broken access control vulnerability that allows low-privileged users to execute arbitrary SQL queries.

CVSS Base 8.8

→

CRS Select profile

CVE-2026-7195

8.8 📝

Progress Sitefinity June 3, 2026

Improper input validation in web services within Progress Sitefinity 14 may lead to security vulnerabilities.

CVSS Base 8.8

→

CRS Select profile

CVE-2026-7201

8.8 📝

Progress Sitefinity June 3, 2026

An authorization bypass vulnerability via user-controlled keys in web services affects Progress Sitefinity 15.

CVSS Base 8.8

→

CRS Select profile

CVE-2016-9365

8.8 📝 📜 Late Disclosure

Moxa NPort June 3, 2026

A stack-based buffer overflow in Moxa NPort 5110 allows remote attackers to execute arbitrary code or cause a denial-of-service.

CVSS Base 8.8

→

CRS Select profile

CVE-2026-23230

8.8 📝

Linux Kernel June 3, 2026

A race condition in the Linux kernel SMB client handling of bitfields in `struct cached_fid` can lead to memory corruption or denial of service due to shared-byte read-modify-write operations.

CVSS Base 8.8

→

CRS Select profile

CVE-2026-1784

8.8 📝

Red Hat OpenShift Container Platform June 3, 2026

A vulnerability in the OpenShift Route resource allows low-privileged users to inject malicious HAProxy configurations, potentially leading to cross-tenant traffic hijacking.

CVSS Base 8.8

→

CRS Select profile

CVE-2026-10591

8.8 📝

Amazon Kiro IDE June 3, 2026

Amazon Kiro IDE contains an access control flaw in its file write tool that can be exploited by remote attackers to execute arbitrary code.

CVSS Base 8.8

→

CRS Select profile

CVE-2026-49143

8.8 📝

BrowserStack Runner June 3, 2026

BrowserStack Runner contains a remote code execution vulnerability in its HTTP handler that can be exploited by unauthenticated, network-adjacent attackers.

CVSS Base 8.8

→

CRS Select profile

CVE-2026-49443

8.8 📝

authentik authentik June 3, 2026

A security vulnerability has been identified in authentik, an open-source identity provider, requiring immediate attention from security administrators.

CVSS Base 8.8

→

CRS Select profile

CVE-2021-21974

8.8 📝 📜 Late Disclosure

VMware ESXi June 3, 2026

A heap-overflow vulnerability in the OpenSLP service of VMware ESXi allows remote code execution for attackers on the same network segment.

CVSS Base 8.8

→

CRS Select profile

CVE-2021-25667

8.8 📝 📜 Late Disclosure

Siemens RUGGEDCOM and SCALANCE series June 3, 2026

A stack-based buffer overflow in STP BPDU frame handling in Siemens industrial networking devices may allow remote code execution or denial-of-service.

CVSS Base 8.8

→

CRS Select profile

CVE-2026-42097

8.8 📝

Sparx Systems Pro Cloud Server June 3, 2026

An authentication bypass vulnerability in Sparx Pro Cloud Server allows unauthorized access depending on the requested URL.

CVSS Base 8.8

→

CRS Select profile

CVE Brief Security Intelligence

Archived Security Snapshot

🎯 SSCV Profile

Archived Security Brief

CISA Known Exploited Vulnerabilities

CVE-2026-8398

CVE-2026-0257

CVE-2024-21182

CVE-2022-0492

CVE-2025-48595

CVE-2026-48027

CVE-2026-45321

Critical Vulnerabilities

CVE-2026-5076

CVE-2026-0611

CVE-2026-7312

CVE-2026-7198

CVE-2026-47117

CVE-2025-53209

CVE-2026-49448

High Priority Updates

CVE-2026-5883

CVE-2026-1829

CVE-2026-42359

CVE-2026-49298

CVE-2025-53345

CVE-2026-42096

CVE-2026-7195

CVE-2026-7201

CVE-2016-9365

CVE-2026-23230

CVE-2026-1784

CVE-2026-10591

CVE-2026-49143

CVE-2026-49443

CVE-2021-21974

CVE-2021-25667

CVE-2026-42097

⭐ Starred CVEs

Archived Security Snapshot

🎯 SSCV Profile

📊 Archived Security Brief

Section Navigation

⚠️ CISA Known Exploited Vulnerabilities

🚨 Critical Vulnerabilities

⚠️ High Priority Updates

⭐ Starred CVEs

Archived Security Brief

CISA Known Exploited Vulnerabilities

Critical Vulnerabilities

High Priority Updates