Thursday, July 2, 2026 Archive

Archived Security Snapshot

Critical vulnerabilities, curated daily for security professionals

🎯 SSCV Profile

See how vulnerabilities affect your specific environment

CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework

Risk scores will be adjusted based on your selected environment

Archived Security Brief

Thursday's brief is led by a concentration of CVSS 9.8 flaws in Guardian's language-system (CVE-2026-34099 through CVE-2026-34105) and a critical Control Web Panel vulnerability (CVE-2026-57517), alongside a maximum-severity CVSS 10 issue in Hoppscotch (CVE-2026-50160). The set includes 28 critical CVEs, down 28% from the prior day's 39, and 78 high-priority CVEs, up 18% from 66. Additional critical exposure spans Hyland PACSgear PACS Scan (CVE-2026-58126, CVSS 9.8), extending risk into healthcare imaging infrastructure. Remote code execution and authentication bypass dominate the disclosed set, with web-facing management panels, developer tooling, and enterprise communications platforms among the affected products. No vendor patches were flagged as available at disclosure, so defenders should prioritize compensating controls and monitor vendor advisories for forthcoming fixes.

  • Guardian language-system accounts for seven CVSS 9.8 flaws (CVE-2026-34099–CVE-2026-34105), the largest single-product critical cluster in today's brief
  • 28 critical CVEs disclosed, down 28% from 39 the prior day
  • 78 high-priority CVEs disclosed, up 18% from 66 the prior day
  • Remote code execution and authentication bypass patterns affect Control Web Panel (CVE-2026-57517) and Hoppscotch (CVE-2026-50160, CVSS 10)
  • 0% of disclosed vulnerabilities had vendor patches available at time of disclosure, including Hyland PACSgear PACS Scan (CVE-2026-58126)
  • 4 CVEs carry confirmed active exploitation, spanning Cisco Unified CM, SimpleHelp, PTC Windchill, and Microsoft SharePoint

Immediate action: Prioritize the Guardian language-system, Control Web Panel, and Hoppscotch deployments given their maximum-severity ratings, and isolate internet-facing management interfaces and healthcare imaging systems such as Hyland PACSgear pending fixes. With no patches available at disclosure, apply network segmentation, access restrictions, and heightened monitoring while tracking vendor advisories; separately, expedite remediation on the actively exploited Cisco Unified CM, SimpleHelp, PTC Windchill, and SharePoint flaws.

💡 Tip: Swipe CVE cards left to ⭐ star, right to ❌ remove

Section Navigation