What is this article about?

11 new CISA KEV vulnerabilities this week. Highest CVSS: 9.8. Review the latest threats added to the Known Exploited Vulnerabilities catalog.

Why is This Week in Threats important for cybersecurity?

Understanding this week in threats is critical for cybersecurity professionals to stay ahead of emerging threats and protect their organizations. This article provides actionable insights and analysis.

How can I stay updated on cybersecurity threats?

Follow FixTheVuln for weekly threat roundups, vulnerability breakdowns, and security certification guides. Subscribe to CISA alerts and monitor the Known Exploited Vulnerabilities (KEV) catalog for the latest actively exploited vulnerabilities.

This Week in Threats: May 26–Jun 09, 2026

By FixTheVuln Team Peer-reviewed security content Sources: CISA Known Exploited Vulnerabilities Catalog, NVD

Weekly Threat Summary

11 vulnerabilities were added to the CISA Known Exploited Vulnerabilities (KEV) catalog this period. The highest CVSS score is 9.8.

This week includes 6 critical-severity vulnerabilities (CVSS 9.0+) that require immediate attention.

This Week's Vulnerabilities

CVE-2026-45247 — Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability

CVSS Score: 9.8 (CRITICAL)
Date Added: 2026-06-03
Description: Mirasvit Full Page Cache Warmer contains a deserialization of untrusted data vulnerability that could allow...
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2026-48172 — LiteSpeed cPanel Plugin Privilege Escalation Vulnerability

CVSS Score: 9.8 (CRITICAL)
Date Added: 2026-05-26
Description: LiteSpeed cPanel Plugin contains privilege escalation vulnerability that is exposed via the user-end cPanel plugin,...
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2026-8398 — Daemon Tools Lite Embedded Malicious Code Vulnerability

CVSS Score: 9.8 (CRITICAL)
Date Added: 2026-05-27
Description: Daemon Tools contains an unspecified vulnerability that has a high impact on confidentiality, integrity, and...
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2026-45321 — TanStack Unspecified Vulnerability

CVSS Score: 9.6 (CRITICAL)
Date Added: 2026-05-27
Description: TanStack contains an unspecified vulnerability that allowed malicious versions of the product to be published to the...
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2026-48027 — Nx Console Embedded Malicious Code Vulnerability

CVSS Score: 9.3 (CRITICAL)
Date Added: 2026-05-27
Description: Nx Console contains an embedded malicious code vulnerability that allowed a malicious version of Nx Console to be...
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2026-0257 — Palo Alto Networks PAN-OS Authentication Bypass Vulnerability

CVSS Score: 9.1 (CRITICAL)
Date Added: 2026-05-29
Description: Palo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security...
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2010-0249 — Microsoft Internet Explorer Use-After-Free Vulnerability

CVSS Score: 8.8 (HIGH)
Date Added: 2026-06-03
Description: Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute...
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2025-48595 — Android Framework Integer Overflow Vulnerability

CVSS Score: 8.4 (HIGH)
Date Added: 2026-06-02
Description: Android Framework contains an integer overflow vulnerability that allows for code execution that could allow for...
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2022-0492 — Linux Kernel Improper Authentication Vulnerability

CVSS Score: 7.8 (HIGH)
Date Added: 2026-06-02
Description: Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the...
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2026-28318 — SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability

CVSS Score: 7.5 (HIGH)
Date Added: 2026-06-05
Description: SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST...
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2024-21182 — Oracle WebLogic Server Unspecified Vulnerability

CVSS Score: 7.5 (HIGH)
Date Added: 2026-06-01
Description: Oracle WebLogic contains an unspecified vulnerability that could allow an unauthenticated attacker with network...
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

What This Means for You

If you run any of the affected products, patch immediately. Critical-severity vulnerabilities are actively exploited in the wild — CISA adds them to the KEV catalog specifically because they represent real, current threats.

Use the CVSS Calculator to assess how these scores apply to your specific environment.

Cert Study Angles

These CVEs map directly to certification exam objectives. Use them as real-world case studies:

CompTIA Security+

CVE-2026-45247 → D2 Threats & Vulnerabilities
CVE-2026-48172 → D2 Threats & Vulnerabilities
CVE-2026-0257 → D2 Threats & Vulnerabilities
CVE-2022-0492 → D2 Threats & Vulnerabilities
CVE-2026-28318 → D2 Threats & Vulnerabilities
CVE-2024-21182 → D4 Security Operations

ISC2 CISSP

CVE-2026-45247 → D6 Security Assessment
CVE-2026-48172 → D6 Security Assessment
CVE-2026-8398 → D6 Security Assessment
CVE-2026-45321 → D6 Security Assessment
CVE-2026-48027 → D6 Security Assessment
CVE-2026-0257 → D4 Communication & Network, D5 IAM, D6 Security Assessment
CVE-2010-0249 → D6 Security Assessment
CVE-2025-48595 → D3 Security Architecture, D6 Security Assessment
CVE-2022-0492 → D5 IAM, D6 Security Assessment
CVE-2026-28318 → D6 Security Assessment
CVE-2024-21182 → D4 Communication & Network, D6 Security Assessment

Cisco CCNA

CVE-2024-21182 → D5 Security Fundamentals

See all CVEs mapped to your cert: Exploit Tracker

Tools to Help

CVSS Calculator — Score these vulnerabilities for your specific environment
Exploit Tracker — Filter KEV vulnerabilities by certification relevance
Study Tracker — Track your exam objective completion
Security+ Practice Quiz — Test your knowledge of vulnerability types and mitigations

Stay Updated

This roundup is published every Tuesday. Bookmark the FixTheVuln Blog to stay on top of the latest threats — or subscribe via RSS.

Explore More

Free Security Tools Practice Quizzes Cert Comparisons

FixTheVuln Store

CISSP Exam Prep? Get the Study Planner

Comprehensive planner for (ISC)2 certifications. Domain-mapped study schedules, practice tracking, and more.

Shop CISSP Planner

Also available: SSCP, CCSP

CyberFolio

Building cybersecurity skills? Track them in one place.

Build a shareable cybersecurity portfolio that highlights your certifications, projects, and skills — free.

Build Your Portfolio →

← Back to Home ← All Blog Posts