CISA Known Exploited Vulnerabilities

This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).

CVE-2026-42271

BerriAI LiteLLM Command Injection Vulnerability

Vendor: BerriAI

Product: LiteLLM

Added: 2026-06-08

Due Date: 2026-06-22

Description:

BerriAI LiteLLM contains a command injection vulnerability that could allow any authenticated user, including holders of low-privilege internal-user keys, to run arbitrary commands on the host.

Required Action:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-78 CWE-77

CVE-2026-50751

Ransomware

Check Point Security Gateway Improper Authentication Vulnerability

Vendor: Check Point

Product: Security Gateway

Added: 2026-06-08

Due Date: 2026-06-11

Description:

Check Point Security Gateway contains an improper authentication vulnerability in IKEv1 key exchange that could allow an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.

Required Action:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-287

CVE-2026-28318

SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability

Vendor: SolarWinds

Product: Serv-U

Added: 2026-06-05

Due Date: 2026-06-19

Description:

SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Serv-U service without authentication.

Required Action:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-400

CVE-2026-45247

Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability

Vendor: Mirasvit

Product: Mirasvit Full Page Cache Warmer

Added: 2026-06-03

Due Date: 2026-06-06

Description:

Mirasvit Full Page Cache Warmer contains a deserialization of untrusted data vulnerability that could allow unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie.

Required Action:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-502

CVE-2022-0492

Linux Kernel Improper Authentication Vulnerability

Vendor: Linux

Product: Kernel

Added: 2026-06-02

Due Date: 2026-06-05

Description:

Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups v1 release_agent feature.

Required Action:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-287 CWE-862

CVE-2025-48595

Android Framework Integer Overflow Vulnerability

Vendor: Android

Product: Framework

Added: 2026-06-02

Due Date: 2026-06-05

Description:

Android Framework contains an integer overflow vulnerability that allows for code execution that could allow for local privilege escalation.

Required Action:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-190

CVE-2024-21182

Oracle WebLogic Server Unspecified Vulnerability

Vendor: Oracle

Product: WebLogic Server

Added: 2026-06-01

Due Date: 2026-06-04

Description:

Oracle WebLogic contains an unspecified vulnerability that could allow an unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data.

Required Action:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2026-0257

Palo Alto Networks PAN-OS Authentication Bypass Vulnerability

Vendor: Palo Alto Networks

Product: PAN-OS

Added: 2026-05-29

Due Date: 2026-06-01

Description:

Palo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security restrictions and establish an unauthorized VPN connection.

Required Action:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-565

CVE-2026-48027

Ransomware

Nx Console Embedded Malicious Code Vulnerability

Vendor: Nx

Product: Nx Console

Added: 2026-05-27

Due Date: 2026-06-10

Description:

Nx Console contains an embedded malicious code vulnerability that allowed a malicious version of Nx Console to be published. The compromised extension fetched an obfuscated payload that could harvested credentials from multiple sources on disk and in memory.

Required Action:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-506

CVE-2026-45321

Ransomware

TanStack Unspecified Vulnerability

Vendor: TanStack

Product: TanStack

Added: 2026-05-27

Due Date: 2026-06-10

Description:

TanStack contains an unspecified vulnerability that allowed malicious versions of the product to be published to the npm registry to publish credential-stealing malware under a trusted identity.

Required Action:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2026-8398

Daemon Tools Lite Embedded Malicious Code Vulnerability

Vendor: Daemon

Product: Daemon Tools Lite

Added: 2026-05-27

Due Date: 2026-05-30

Description:

Daemon Tools contains an unspecified vulnerability that has a high impact on confidentiality, integrity, and availability.

Required Action:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-506

CVE-2026-48172

LiteSpeed cPanel Plugin Privilege Escalation Vulnerability

Vendor: LiteSpeed

Product: cPanel Plugin

Added: 2026-05-26

Due Date: 2026-05-29

Description:

LiteSpeed cPanel Plugin contains privilege escalation vulnerability that is exposed via the user-end cPanel plugin, which can be abused by any cPanel user account to execute arbitrary scripts with root privileges.

Required Action:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-266

CVE-2026-9082

Drupal Core SQL Injection Vulnerability

Vendor: Drupal

Product: Core

Added: 2026-05-22

Due Date: 2026-05-27

Description:

Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstraction API.

Required Action:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-89

CVE-2025-34291

Langflow Origin Validation Error Vulnerability

Vendor: Langflow

Product: Langflow

Added: 2026-05-21

Due Date: 2026-06-04

Description:

Langflow contains an origin validation error vulnerability in which an overly permissive CORS configuration combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. This could allow the attacker to execute arbitrary code and achieve full system compromise via obtained tokens that permit access to authenticated endpoints.

Required Action:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-346

CVE-2026-34926

Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability

Vendor: Trend Micro

Product: Apex One

Added: 2026-05-21

Due Date: 2026-06-04

Description:

Trend Micro Apex One (on-premise) contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations.

Required Action:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-23