During the week of 25 May to 31 May 2026, CERT‑FR identified several high‑severity security flaws. A 9.8 CVE‑2026‑48902 in Joomla! permits policy bypass through downgraded transport encryption. Veeam Service Provider Console is affected by CVE‑2026‑32998 (score 9.4), enabling remote code execution. Oracle Database Server’s CVE‑2026‑46833 (score 9) threatens confidentiality and integrity. Two Samba vulnerabilities, CVE‑2026‑4408 and CVE‑2026‑4480 (score 10), also allow remote code execution. Roundcube issued patches 1.6.16 and 1.7.1 on 24 May to fix multiple remote code execution and SQL‑injection issues. Additional alerts covered Litespeed, Disc‑Soft, Nx, SonicWALL, PaloAlto, Mediaarea, and more, all urging rapid patch deployment. The CERT‑FR urges all affected organizations to apply vendor‑issued patches immediately to mitigate potential exploitation.
Summary of content from
Made by AI. If you spot anything of concern write us at contact@cybach.com. We’ll promptly correct irregularities.