Patch Priority: Top 10 Critical Vulnerabilities to Watch
1. CVE-2026-48558 | CVSS 10.0 | SimpleHelp RMM | Patched — CISA KEV Deadline July 2
Summary: A critical OIDC authentication bypass in SimpleHelp Remote Monitoring and Management software allows an unauthenticated attacker to forge an identity token and obtain a fully authenticated “Technician” session — bypassing MFA in some configurations. Active exploitation has been confirmed by Arctic Wolf and Horizon3.ai, with the TaskWeaver loader being deployed post-exploitation across managed endpoints.hivepro+1
Source: CISA KEV / Hive Pro — https://hivepro.com/threat-digests/cisa-known-exploited-vulnerability-catalog-june-2026
2. CVE-2026-48276 | CVSS 10.0 | Adobe ColdFusion 2025/2023 | Patched (Update 10/21)
Summary: An unrestricted file upload vulnerability in Adobe ColdFusion allows attackers to upload dangerous file types that are automatically processed, leading to arbitrary code execution on affected servers without authentication in low-complexity attacks. Adobe assigned Priority 1 and CVE-2026-48282 (a companion path traversal flaw) was observed under active exploitation within days of patch release.threatprotect.qualys+1
Source: Adobe Security Bulletin — https://helpx.adobe.com/uk/security/products/coldfusion/apsb26-68.html
3. CVE-2026-48286 | CVSS 10.0 | Adobe Campaign Classic v7.4.3 | Patched (Build 9397)
Summary: An incorrect authorization flaw in Adobe Campaign Classic (on-premise deployments) enables attackers to execute arbitrary code on affected systems. Adobe-hosted instances are already patched; organizations running on-premise or hybrid deployments require immediate manual update to build 9397.radar.offseq+1
Source: Adobe Security Bulletin — https://helpx.adobe.com/uk/security/products/coldfusion/apsb26-68.html
4. CVE-2026-45659 | CVSS 8.8 | Microsoft SharePoint Server | Patched (May 2026) — CISA KEV Deadline July 4
Summary: A deserialization of untrusted data vulnerability in Microsoft SharePoint Server allows any authenticated attacker with baseline Site Member permissions (the default role for most enterprise employees) to execute arbitrary code remotely — no elevated privileges or admin access required. CISA added this to the KEV catalog on July 1 despite Microsoft’s “Exploitation Less Likely” rating, confirming verified in-the-wild exploitation; patch was available since May 2026 but the advisory was delayed until May 21.thehackernews+2
Source: CISA KEV / The Hacker News — https://thehackernews.com/2026/07/sharepoint-rce-cve-2026-45659-added-to.html
5. CVE-2026-8037 | CVSS 9.8 (eSentire: 9.6) | Progress Kemp LoadMaster | Patched — Active Exploitation Attempts
Summary: An unauthenticated OS command injection RCE vulnerability in the Progress Kemp LoadMaster API (/accessv2 endpoint) allows attackers to execute arbitrary commands as root without any credentials, by exploiting a heap memory manipulation flaw in the escape_quotes() function. Active exploitation attempts began on June 29 following the release of a public PoC; affected versions are LoadMaster GA 7.2.63.1 and earlier, patched in GA 7.2.63.2.esentire+2
Source: eSentire / The Hacker News — https://thehackernews.com/2026/07/latest-progress-kemp-loadmaster-pre.html
6. CVE-2026-35616 | CVSS 9.1 | Fortinet FortiClient EMS | Patched — Actively Exploited
Summary: A critical vulnerability in Fortinet FortiClient Enterprise Management Server was observed this week being actively exploited to deploy the EKZ Stealer against an energy-sector organization, harvesting browser-stored credentials from Chromium and Firefox before exfiltrating data via PowerShell. This vulnerability provides a direct credential-theft pathway into endpoints managed through FortiClient EMS, with particular risk for critical infrastructure operators.cyberinfos
Source: CyberInfos / eSentire — https://www.cyberinfos.in/cybersecurity-weekly-report-june-29-july-5-2026/
7. CVE-2026-33825 (BlueHammer) | CVSS High (Formal Score Pending) | Windows Defender | Patched — Used in Ransomware Campaigns
Summary: CISA confirmed this week that a privilege escalation vulnerability in Microsoft’s Windows Defender antivirus engine — nicknamed “BlueHammer” — is being actively exploited in live ransomware intrusions, escalating attacker privileges to SYSTEM level by abusing the engine’s elevated runtime. The most significant operational impact is that the security control itself is compromised, resulting in reduced endpoint visibility at the moment defenders need it most.cyberinfos
Source: CyberInfos — https://www.cyberinfos.in/cybersecurity-weekly-report-june-29-july-5-2026/
8. CVE-2026-48282 | CVSS 10.0 | Adobe ColdFusion 2025/2023 | Patched — First Exploitation Attempt Observed
Summary: A path traversal vulnerability in Adobe ColdFusion allows arbitrary code execution via crafted file upload requests; this specific flaw was observed under active exploitation within hours of its patch release, with a single attempt logged from an IP geolocated to India. The patch introduces new disallowed file extensions (jspf, cfmail, war) and cfscript-level path traversal prevention — organizations should verify Update 10/21 is applied and check for webshell indicators immediately.thehackernews
Source: The Hacker News — https://thehackernews.com/2026/07/adobe-patches-7-cvss-100-flaws-in.html
9. CVE-2026-50548 & CVE-2026-50549 (DuneSlide) | CVSS N/A | Cursor AI IDE | Patched in Cursor 3.0
Summary: Cato Networks researchers disclosed two vulnerabilities in the Cursor AI coding assistant — dubbed DuneSlide — that allow prompt injection delivered through an MCP server or poisoned web content to escape the command execution sandbox and achieve full RCE with no user interaction. The flaws exploited a parameter enabling file operations outside the project directory and a symlink-resolution fallback bypassing path restrictions; both were patched in Cursor 3.0, though researchers warn similar isolation weaknesses likely exist across other AI-assisted development tools.aboutdfir
Source: About DFIR / Infosec News Nuggets — https://aboutdfir.com/infosec-news-nuggets-july-2-2026/
10. CVE-2025-5777 (Citrix Bleed 2) | CVSS High | Citrix NetScaler (ADC/Gateway) | Patched — Actively Exploited by Anubis RaaS
Summary: The Citrix Bleed 2 vulnerability continues to be exploited as a primary initial-access vector by the Anubis ransomware-as-a-service operation this week, enabling session token hijacking on NetScaler ADC and Gateway instances without authentication. Organizations that have not yet applied Citrix’s patch and rotated all active sessions should treat any NetScaler with internet exposure as potentially compromised, given the documented ransomware deployment chain following exploitation.commonwealthsentinel+1
Source: The Hacker News — https://thehackernews.com/2026/07/ransomware-groups-turn-to-citrix-bleed.html