Cisco SD-WAN Zero-Day Exploited Months Before Patching. Mandiant confirmed that CVE-2026-20245, a command injection flaw in Cisco Catalyst SD-WAN Manager, was actively exploited by an unknown threat actor at least two months before Cisco published patches in June 2026. Attackers uploaded a malicious CSV file (evil_tenant.csv) to escalate privileges to root, and likely chained the attack with previously disclosed authentication bypass flaws CVE-2026-20127 and CVE-2026-20182 for initial access. Learn more
CISA Adds PTC Windchill RCE and Cisco CUCM to KEV, Sets June 28 Deadline. CISA added CVE-2026-12569 (PTC Windchill/FlexPLM RCE, CVSS 9.3) and CVE-2026-20230 (Cisco Unified Communications Manager SSRF) to its Known Exploited Vulnerabilities catalog, mandating federal remediation by June 28. The Windchill flaw marks the first-ever KEV addition for a PTC product and is particularly concerning given Windchill's footprint in manufacturing and defense supply chains. Learn more
Two Linux Kernel Local Privilege Escalation Flaws Drop Public Exploits. CVE-2026-46331 (pedit COW) and CVE-2026-43503 (DirtyClone) both allow unprivileged local users to gain root by corrupting cached binaries in memory. Public working exploits were available within 24 hours of CVE assignment for pedit COW; both affect major distributions including RHEL 8/9/10, Debian 11-13, and Ubuntu 18.04 through 26.04.
macOS XPC Flaw Allowed Standard Users to Disable CrowdStrike and Kandji. XM Cyber discovered a vulnerability in macOS XPC inter-process communication that let unprivileged users hijack trusted applications via CDHash cache and NIB injection, then disable EDR tools including CrowdStrike Falcon Sensor and Kandji MDM Agent. Both vendors have patched the issue, and XM Cyber released an open-source detection tool, XPC Hunter, to help identify exploitation attempts.
Key Takeaway
Prioritize patching CVE-2026-20245, CVE-2026-12569, and the two Linux kernel LPE CVEs immediately; audit unprivileged user namespace settings on Linux hosts and validate macOS EDR agent integrity.
