CISA added LiteLLM CVE-2026-42271 to KEV on June 8, 2026. Patch AI gateways, restrict exposed proxy access, rotate keys where needed, and verify routes.
CISA added Check Point Security Gateway CVE-2026-50751 to KEV on June 8, 2026. Patch affected VPN gateways, review IKEv1 exposure, audit logs, and verify remote access.
Patch WooCommerce Custom Product Addons Pro CVE-2026-4001, verify product options, review WooCommerce orders, and inspect the site after a critical plugin update.
CIFSwitch CVE-2026-46243 is a high-severity Linux local privilege escalation affecting CIFS client configurations. Patch kernels, reboot hosts, and review TrueNAS and hosting exposure.
CISA added SolarWinds Serv-U CVE-2026-28318 to KEV on June 5, 2026. Update to Serv-U 15.5.4 Hotfix 1 or the current fixed SolarWinds build.
Patch CVE-2026-48837 by updating Unlimited Elements for Elementor to 2.0.9 or newer. WordPress.org currently lists version 2.0.10.
CISA added Mirasvit Full Page Cache Warmer CVE-2026-45247 to KEV. Magento 2 stores should update to 1.11.12 or newer, or disable the module until patched.
CISA added Oracle WebLogic Server CVE-2024-21182 to KEV on June 1, 2026. Patch affected WebLogic 12.2.1.4.0 and 14.1.1.0.0 systems and restrict T3/IIOP exposure.
CISA added Android Framework CVE-2025-48595 to KEV after Google flagged limited targeted exploitation. Check June 2026 Android patch levels on business and admin devices.
CISA added Linux kernel CVE-2022-0492 to KEV on June 2, 2026. Patch and reboot container hosts, shared hosting nodes, CI runners, and Linux servers that run untrusted workloads.
