In partnership with
PatchDayAlert Weekly: 2026-06-24
|
PatchDayAlert
|
| WEEKLY SECURITY BRIEFING |
ISSUE #46 · JUN 24, 2026 |
|
|
5
EXPLOITED
|
|
Patch now: five actively exploited flaws hit the KEV catalog this week
CISA added five actively exploited bugs across Splunk Enterprise, Ubiquiti UniFi OS, and Cisco Catalyst SD-WAN Manager. Ivanti Sentry (CVSS 10.0, unauthenticated root) is still being mass-exploited from last week. Prioritize internet-facing systems today.
|
|
|
From the editor
A quiet week for fresh advisories, and a loud one for exploitation. June's big rollups (Microsoft Patch Tuesday, Chrome's 33-CVE drop, Oracle, Atlassian, SAP) all landed the week before this one. What you have to action now comes from CISA's June 23 KEV update: Splunk Enterprise, the Ubiquiti UniFi OS trio, and Cisco Catalyst SD-WAN Manager are all confirmed under active attack, and Ivanti Sentry (the unauthenticated root bug we flagged last week) is still being mass-exploited. Patch internet-facing gear first. Everything below is ranked by what to do first. The PatchDayAlert team
|
| |
|
Headline · top CVEs this week |
The three to action before anything else.
|
Ivanti Standalone Sentry: unauthenticated root RCE
Unauthenticated XML to one endpoint runs commands as root on an internet-facing mobility gateway. Mass-exploited since last week. Upgrade to 10.5.2, 10.6.2, or 10.7.1 now; if you cannot, take it off the internet.
|
|
Splunk Enterprise: unauthenticated pre-auth RCE
An unauthenticated sidecar endpoint lets an attacker write files and chain to code execution as the Splunk service account. Your SIEM is a high-value target. Patch to 10.2.4 or 10.0.7; the federal KEV deadline was June 21.
|
|
Ubiquiti UniFi OS: unauthenticated command injection
Chains with CVE-2026-34908 and CVE-2026-34909 to unauthenticated root on UniFi gateways and consoles, many of them internet-facing. Update UniFi OS now and confirm your console build against Ubiquiti's advisory.
|
|
|
New entries in the CISA Known Exploited Vulnerabilities catalog. Federal due dates shown.
| CVE |
PRODUCT |
DUE |
| 2026-20253 |
Splunk Enterprise |
Jun 21 |
| 2026-34908 |
Ubiquiti UniFi OS |
Jun 26 |
| 2026-34909 |
Ubiquiti UniFi OS |
Jun 26 |
| 2026-34910 |
Ubiquiti UniFi OS |
Jun 26 |
| 2026-20262 |
Cisco Catalyst SD-WAN Mgr |
Jun 29 |
| 2025-67038 |
Lantronix EDS5000 (niche/OT) |
Jun 26 |
|
|
Highest-severity items this window, ranked by CVSS. Lower-severity and niche fixes in the overflow below.
| CVE |
CVSS |
PRODUCT |
STATUS |
| 2026-10520 |
10.0 |
Ivanti Sentry |
EXPLOITED |
| 2026-34910 |
10.0 |
Ubiquiti UniFi OS |
EXPLOITED |
| 2026-34909 |
10.0 |
Ubiquiti UniFi OS |
EXPLOITED |
| 2026-34908 |
10.0 |
Ubiquiti UniFi OS |
EXPLOITED |
| 2026-20253 |
9.8 |
Splunk Enterprise |
EXPLOITED |
| 2026-39808 |
9.8 |
Fortinet FortiSandbox |
EXPLOITED |
| 2026-39813 |
9.8 |
Fortinet FortiSandbox |
EXPLOITED |
| 2026-11807 |
9.6 |
Red Hat Ansible (EDA) |
FIX OUT |
| 2026-20266 |
9.1 |
Splunk AI Toolkit |
FIX OUT |
| 2026-20181 |
9.1 |
Cisco ISE |
FIX OUT |
| 2026-11645 |
8.8 |
Chrome V8 (KEV due 6/23) |
KEV |
| 2026-42530 |
8.1 |
F5 NGINX (HTTP/3) |
FIX OUT |
| 2026-42055 |
8.1 |
F5 NGINX (HTTP/2) |
FIX OUT |
| 2026-31431 |
7.8 |
Linux kernel (Copy Fail) |
KEV |
|
|
+ MORE THIS WINDOW · LOWER SEVERITY OR NICHE
2026-48907 Joomla JCE 9.8 · 2026-54420 LiteSpeed cPanel 8.5 · 2026-20190 Cisco ISE 7.5 · 2026-20220 Cisco Crosswork 6.3 · 2026-43284 Linux XFRM "Dirty Frag" · plus Debian chromium (33) and firefox-esr (29) rollups, Squid proxy, and the week's AI-tooling CVEs (Crawl4AI, Flowise, Langflow, vLLM). Full list at nvd.nist.gov.
|
|
|
What shipped June 17 to 24. June's big rollups landed the week before.
| VENDOR |
FIXES · FLAGGED |
| Ubiquiti UniFi OS |
3 · 3 exploited |
| F5 NGINX |
4 · 2 critical |
| Cisco (ISE, Crosswork) |
3 · 1 critical |
| Splunk |
2 · 1 exploited |
| Red Hat (kernel, Ansible) |
40+ · 1 critical |
|
|
Read the full weekly analysis →
|
|
What part of this weekly brief is most useful?
Keep up with tech in 5 minutes
TLDR is the free daily email with summaries of the most interesting stories in startups, tech, and programming. The stuff worth knowing, minus the doomscrolling.
Issues are curated by ex-Google and Anthropic engineers and land in your inbox before your morning coffee. A 5-minute read, and you walk into the day already knowing what your team is still catching up on.
Tech is just the start. We also cover AI, marketing, dev, and more. Pick the briefs that match your work.
Free, daily, and read by 7M+ subscribers. Subscribe and let the experts do the digging for the tech news that matters.
