MSP Threat Radar Weekly Briefing — Week of 2026-06-08

This week’s briefing tracks 12 recent watch items across 8 vendors, with emphasis on active service incidents and high-priority operational issues.

Top items

Ivanti Sentry vulnerability (CVE-2026-10520)

• Vendor: Ivanti
• Published: 2026-06-09
• Status: active
• Source: nvd
• Official advisory: https://nvd.nist.gov/vuln/detail/CVE-2026-10520

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution

Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines. Review affected assets, prioritize patch validation, and map remediation against managed client inventory.

chrome vulnerability (CVE-2026-11645)

• Vendor: Google
• Published: 2026-06-09
• Status: active
• Source: nvd
• Official advisory: https://nvd.nist.gov/vuln/detail/CVE-2026-11645

Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Review affected assets, prioritize patch validation, and map remediation against managed client inventory.

Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability

• Vendor: Cisco
• Published: 2026-06-09
• Status: active
• Source: cisa-kev
• Official advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-4uxFrdzx

Cisco Catalyst SD-WAN Manager formerly SD-WAN vManage contains an improper encoding or escaping of output vulnerability. This vulnerability could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system.

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-06-23.

gaia os vulnerability (CVE-2026-50751)

• Vendor: Checkpoint
• Published: 2026-06-08
• Status: active
• Source: nvd
• Official advisory: https://nvd.nist.gov/vuln/detail/CVE-2026-50751

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Review affected assets, prioritize patch validation, and map remediation against managed client inventory.

BerriAI LiteLLM Command Injection Vulnerability

• Vendor: Berriai
• Published: 2026-06-08
• Status: active
• Source: cisa-kev
• Official advisory: https://github.com/BerriAI/litellm/security/advisories/GHSA-v4p8-mg3p-g94g

BerriAI LiteLLM contains a command injection vulnerability that could allow any authenticated user, including holders of low-privilege internal-user keys, to run arbitrary commands on the host.

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-06-22.