CISA Adds Microsoft SharePoint RCE CVE-2026-45659 to KEV. CISA confirmed active exploitation of CVE-2026-45659, a deserialization flaw (CVSS 8.8) in Microsoft SharePoint Server that allows authenticated users with Site Member-level permissions to execute arbitrary code. Federal agencies faced a three-day patch deadline under BOD 26-04, and all organizations should treat this as an emergency patch given the low attack complexity.
CitrixBleed 2 Exploited Within 24 Hours of Disclosure. CVE-2026-8451, a critical out-of-bounds read in Citrix NetScaler ADC and Gateway, was weaponized by at least two threat actors less than 24 hours after Citrix released patches and watchTowr published technical details. Organizations running SAML IDP configurations should patch immediately or disable the feature and monitor for /saml/login traffic and anomalous NSC_TASS cookie values.
Bad Epoll Linux Kernel Flaw Enables Privilege Escalation to Root. CVE-2026-46242, a use-after-free bug dubbed "Bad Epoll," allows unprivileged users to escalate to root on Linux desktops, servers, and Android devices. Its exploitability from within Chrome's renderer sandbox amplifies the risk surface considerably for browser-facing workloads.
Cisco Confirms Active Exploitation of Unified CM SSRF Flaw. Cisco confirmed in-the-wild exploitation of CVE-2026-20230, a server-side request forgery flaw in Unified Communications Manager that allows unauthenticated remote file creation on devices with WebDialer enabled. Patches are available and upgrade is strongly recommended.
Key Takeaway
Treat CVE-2026-45659 (SharePoint) and CVE-2026-8451 (Citrix) as emergency patches this week; both are actively exploited with low barriers to entry. Learn more
