MSP Threat Radar Weekly Briefing — Week of 2026-06-15

This week’s briefing tracks 12 recent watch items across 5 vendors, with emphasis on active service incidents and high-priority operational issues.

Full briefing

Markdown rendered

MSP Threat Radar Weekly Briefing — Week of 2026-06-15

This week’s briefing tracks 12 recent watch items across 5 vendors, with emphasis on active service incidents and high-priority operational issues.

Top items

catalyst sd-wan manager vulnerability (CVE-2026-20262)

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system. A successful exploit could allow the attacker to create or overwrite any file on the underlying operating system. This file could later be used to elevate to root. To exploit this vulnerability, the attacker must have valid credentials with at least a lower-privileged, single-task user account.

Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines. Review affected assets, prioritize patch validation, and map remediation against managed client inventory.

Splunk Enterprise Missing Authentication for Critical Function Vulnerability

Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.

Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines. Due date: 2026-06-21.

Widget Factory Joomla Content Editor Improper Access Control Vulnerability

Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users.

Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines. Due date: 2026-06-19.

LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability

LiteSpeed cPanel plugin contains a UNIX symbolic link (Symlink) following vulnerability that could allow a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.

Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines. Due date: 2026-06-18.

DBI versions before 1.648 for Perl saved errors in a limited-sized buffer (CVE-2026-9698)

Information published. Information published.

Customer action is required. Review the Security Update Guide entry, confirm affected Microsoft products, and prioritize patch validation or mitigation.

Briefing detail

About this briefing

Published

June 21, 2026

Read time

3 min read

Highlights

5 key items

This week's highlights

  • Cisco: catalyst sd-wan manager vulnerability (CVE-2026-20262)
  • Splunk: Splunk Enterprise Missing Authentication for Critical Function Vulnerability
  • Widget Factory: Widget Factory Joomla Content Editor Improper Access Control Vulnerability
  • Litespeed: LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability
  • Microsoft: DBI versions before 1.648 for Perl saved errors in a limited-sized buffer (CVE-2026-9698)