MSP Threat Radar Weekly Briefing — Week of 2026-06-01

This week’s briefing tracks 12 recent watch items across 6 vendors, with emphasis on active service incidents and high-priority operational issues.

Top items

Oracle WebLogic Server Unspecified Vulnerability

• Vendor: Oracle
• Published: 2026-06-01
• Status: active
• Source: cisa-kev
• Official advisory: https://www.oracle.com/security-alerts/cpujul2024.html

Oracle WebLogic contains an unspecified vulnerability that could allow an unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data.

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-06-04.

serv-u vulnerability (CVE-2026-28318)

• Vendor: SolarWinds
• Published: 2026-06-04
• Status: active
• Source: nvd
• Official advisory: https://nvd.nist.gov/vuln/detail/CVE-2026-28318

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Review affected assets, prioritize patch validation, and map remediation against managed client inventory.

android vulnerability (CVE-2025-48595)

• Vendor: Google
• Published: 2026-06-01
• Status: active
• Source: nvd
• Official advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-48595

In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Review affected assets, prioritize patch validation, and map remediation against managed client inventory.

Linux Kernel Improper Authentication Vulnerability

• Vendor: Linux Kernel
• Published: 2026-06-02
• Status: active
• Source: cisa-kev
• Official advisory: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af

Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups v1 release_agent feature.

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-06-05.

Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability

• Vendor: Mirasvit
• Published: 2026-06-03
• Status: active
• Source: cisa-kev
• Official advisory: https://mirasvit.com/package/changelog/?package=mirasvit/module-cache-warmer

Mirasvit Full Page Cache Warmer contains a deserialization of untrusted data vulnerability that could allow unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie.

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-06-06.