May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show Control Connections guidance to help with system checks.
A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.
This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to the affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.
Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlined in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available. Review affected assets, prioritize patch validation, and map remediation against managed client inventory.
May 14, 2026, 12:16 PM
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 77.3% EPSS.
Microsoft Internet Explorer Use-After-Free Vulnerability
critical
activeCISA KEVCVE-2010-0806
Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-06-03.
May 19, 2026, 7:00 PM
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 87.3% EPSS.
Microsoft Windows contains a buffer overflow vulnerability in the Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request that triggers an overflow during path canonicalization.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-06-03.
May 19, 2026, 7:00 PM
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 91.8% EPSS.
Microsoft Internet Explorer Use-After-Free Vulnerability
critical
activeCISA KEVCVE-2010-0249
Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-06-03.
May 19, 2026, 7:00 PM
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 88.8% EPSS.
cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Review affected assets, prioritize patch validation, and map remediation against managed client inventory.
Apr 29, 2026, 11:16 AM
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 78.3% EPSS.
Oracle WebLogic contains an unspecified vulnerability that could allow an unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-06-04.
May 31, 2026, 7:00 PM
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 89.7% EPSS.
May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show Control Connections guidance to help with system checks.
A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.
This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to the affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.
Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlined in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available. Review affected assets, prioritize patch validation, and map remediation against managed client inventory.
CRITICALCVE-2026-20182
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 77.3% EPSS.
Microsoft Internet Explorer Use-After-Free Vulnerability
Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-06-03.
criticalCVE-2010-0806
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 87.3% EPSS.
Microsoft Windows contains a buffer overflow vulnerability in the Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request that triggers an overflow during path canonicalization.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-06-03.
criticalCVE-2008-4250
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 91.8% EPSS.
Microsoft Internet Explorer Use-After-Free Vulnerability
Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-06-03.
criticalCVE-2010-0249
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 88.8% EPSS.
cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Review affected assets, prioritize patch validation, and map remediation against managed client inventory.
CRITICALCVE-2026-41940
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 78.3% EPSS.
Oracle WebLogic contains an unspecified vulnerability that could allow an unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-06-04.
criticalCVE-2024-21182
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 89.7% EPSS.
Quick answers to the questions we hear most often about Threat Radar.
What is the ITECS MSP Threat Radar?
It is a self-updating resource hub that combines official threat feeds, vendor advisories, and live service incidents into one operational watch page for Dallas-area business teams.
Which sources does Threat Radar track?
The feed is built from official sources including CISA Known Exploited Vulnerabilities, the National Vulnerability Database, Microsoft Security Update Guide, Cisco advisories, Fortinet PSIRT, Cloudflare Status, Vercel Status for Next.js hosting operations, and Google Workspace Status.
How should businesses use Threat Radar?
Use it to spot active issues faster, validate whether they affect Microsoft 365, Cisco, Fortinet, or core SaaS dependencies, and then move into assessment, remediation, or managed support planning.
Can ITECS help after an item appears on Threat Radar?
Yes. ITECS can help translate the alert into patch prioritization, compensating controls, vendor-specific action plans, and broader managed cybersecurity or managed IT follow-through.
