Patch Gravity SMTP CVE-2026-4020 and CVE-2026-4162, rotate WordPress mail-service credentials, and review sending logs after active attack reports.
Update Caddy to 2.11.3 or later for CVE-2026-45135, then review PHP-FPM routing, upload paths, logs, and writable web directories.
Update Azure Local Disconnected Operations to ALDO 2604 or later for CVE-2026-42822, then verify backups, identity health, and privileged access.
Patch Kubernetes SMB CSI Driver CVE-2026-3865 to v1.20.1+, restrict PersistentVolume creation, review SMB exports, and verify backups.
Windows Secure Boot certificates from 2011 begin expiring in June 2026. Patch, reboot, verify, and stage server rollout safely.
Update VMware Fusion to 26H1 or newer for CVE-2026-41702, then back up important VMs, verify the version, and review Mac workstation access.
Patch ingress-nginx CVE-2026-4342, review Kubernetes Ingress permissions, protect Secrets, and plan migration away from retired ingress-nginx.
Patch Linux ksmbd for CVE-2026-31718 and CVE-2026-31717, verify SMB exposure, disable unused ksmbd, and reboot into fixed kernels.
Patch Citrix NetScaler ADC and Gateway for CVE-2026-3055 and CVE-2026-4368, verify SAML/Gateway/AAA exposure, and review authentication logs.
Update AI Engine to 3.5.0 or newer for CVE-2026-8719, then review MCP/OAuth connections, administrator users, content changes, and logs.
