CISA added Lantronix EDS5000 CVE-2025-67038 to KEV. Patch affected serial device servers, restrict management access, and verify industrial network exposure.
CISA added three critical Ubiquiti UniFi OS CVEs to KEV. Patch UniFi OS, restrict management access, review admins and logs, and verify controller backups.
CISA added Joomla Content Editor CVE-2026-48907 to KEV. Update JCE Pro to 2.9.99.6 or later, apply the vendor patch package for older sites, and review Joomla for cleanup.
CISA added Cisco Catalyst SD-WAN Manager CVE-2026-20262 to KEV on June 15, 2026. Patch fixed software, restrict management access, and review admin activity.
Update phpBB forums to 3.3.17 after a critical authentication bypass report, then test login, OAuth, admin access, backups, and forum moderation workflows.
Update the Palo Alto Networks CommvaultSecurityIQ Marketplace integration for Cortex XSOAR and Cortex XSIAM to 1.2.0 or later for CVE-2026-0274.
CISA added Splunk Enterprise CVE-2026-20253 to KEV on June 18. Upgrade self-managed Enterprise to 10.2.4, 10.0.7, 10.4.0, or later and verify clusters.
CISA KEV now lists Oracle PeopleSoft CVE-2026-35273. Apply Oracle mitigation guidance, restrict HTTP exposure, review logs, and plan patch work.
Update Langflow after CVE-2026-5027, rebuild deployed containers, restrict exposed AI app servers, and review files, logs, secrets, and workflow access.
Patch Ivanti Sentry to R10.5.2, R10.6.2, or R10.7.1 after CISA KEV listing, then review exposed gateways, administrator accounts, logs, mobile traffic, and customer access.
