Vulnerability Intelligence Report — June 8, 2026

nick

Vulnerability Intelligence Report — June 8, 2026

by

Vulnerability Intelligence Report — June 8, 2026
Coverage: June 7–8, 2026 | New CISA KEV additions: 0 | New items: 1 | KEV deadline tomorrow (OpenSSL): 1 | KEV deadline June 10: 2
Previous reports: June 7, 2026 | June 6, 2026

The threat landscape is relatively quiet today — no new CISA KEV entries, no new actively exploited vulnerabilities. Attention turns to tomorrow: the OpenSSL security update arrives June 9. Organisations should complete their OpenSSL inventory and prepare maintenance windows today. Nx Console and TanStack CISA KEV deadlines follow on June 10. The Everest Forms Pro actively exploited situation (CVE-2026-3300) remains the most urgent active threat.

Quick Reference — Most Important Items Today

OpenSSL Security Update: June 9, 2026 — prepare today (inventory, maintenance windows)

Nx Console: CVE-2026-48027 (CISA KEV, due June 10)

TanStack: CVE-2026-45321 (CISA KEV, due June 10)

Everest Forms Pro: CVE-2026-3300 (actively exploited, unauth RCE — still the most urgent active threat)

Windows MiniPlasma: CVE-2026-33825 (still no patch, PoC public)

OpenSSL Security Update — Arrives Tomorrow (June 9)

OpenSSL’s pre-announced security update will be released tomorrow. The OpenSSL project uses pre-announcements to give organisations advance notice — a practice established after Heartbleed (2014) — and they are typically reserved for updates rated HIGH or CRITICAL. Complete the following today:

  • Inventory all OpenSSL deployments. Identify every system, application, container image, and embedded device that links against OpenSSL. Include statically linked binaries that bundle their own OpenSSL copy — these must be individually rebuilt, not just updated through the OS package manager.
  • Identify network-facing services using OpenSSL: HTTPS servers (Apache, Nginx, IIS with OpenSSL), VPN endpoints, email servers (SMTP/IMAP/POP3 with STARTTLS), database servers with TLS, LDAP servers, and any custom application using OpenSSL for TLS.
  • Prepare maintenance windows for June 9. Schedule time to apply the update, restart services, and verify functionality. For critical internet-facing systems, plan to patch within hours of the advisory release.
  • Monitor openssl.org/news/ for the advisory publication tomorrow.

Comodo Internet Security — CVE-2026-49494 (CVSS 7.5, Firewall Driver Integer Underflow)

Software affected: Comodo Internet Security — the firewall driver Inspect.sys, specifically its IPv6 packet parser.

CVE: CVE-2026-49494 | CVSS 7.5 High | CWE-191 (Integer Underflow) | Published June 7, 2026

Fixable: Yes. Update Comodo Internet Security to the latest version.

Business impact: An integer underflow in the Inspect.sys firewall driver’s IPv6 packet parser allows a crafted IPv6 packet with a declared payload length smaller than the extension headers to trigger unexpected behaviour in the kernel-level firewall driver. Firewall drivers operate at ring 0 — vulnerabilities at this level can potentially lead to system compromise or bypass of firewall protections. A proof-of-concept named “ComoDoS” has been published.

Recommended action: Update Comodo Internet Security. While not an emergency-patch item, firewall driver vulnerabilities should not be deferred — a compromised firewall driver can disable all network-level security controls.

Official source: GitHub — ComoDoS PoC | NVD — CVE-2026-49494

KEV Deadline Watch

June 9: OpenSSL security update (not KEV, but pre-announced). Prepare today.

June 10: Nx Console CVE-2026-48027 and TanStack CVE-2026-45321 — audit npm dependencies. May 28 report.

June 19: SolarWinds Serv-U CVE-2026-28318 (actively exploited). June 6 report.

Updates on Items from Previous Reports

Everest Forms Pro CVE-2026-3300: Actively exploited — the most urgent active threat. Patch today if you haven’t. Dedicated advisory.

Windows MiniPlasma CVE-2026-33825: Still no patch. PoC public. Restrict local access. Dedicated advisory.

Hugging Face Transformers CVE-2026-4372: Update to 5.3.0. Dedicated advisory.

Cisco SD-WAN CVE-2026-20245: Actively exploited. Dedicated advisory.

X.Org/Xwayland, Ansible Galaxy, Hippoo WP, WP User Manager, Booking Package, MDJM: All covered in recent dedicated advisories.

Acer Wave 7, Acer M6E: Still no patches for router zero-days.

Drupal, PAN-OS, Citrix NetScaler, Windows Netlogon, FortiClient, Ghost CMS, SonicWall, ChromaDB, Oracle, Cisco UC Manager, authentik, BIRD BGP, MLflow, React Router, LibreChat, MISP: Covered in dedicated advisories and previous reports.

This report is compiled from official vendor advisories, the CISA Known Exploited Vulnerabilities catalog, the National Vulnerability Database, and primary security research sources.

Threat Modeling and Security by Design

Threat modeling and Security by Design methods, tools, and approaches to help secure your business and IT landscape.

Terms of Service | Privacy Policy

AI chatbot & help center by 99helpers.com

Threat Modeling
Threat Modeling Tool
Threat Modeling Tool Explainer
What is Threat Modeling?
STRIDE Threat Modeling
PASTA Threat Modeling
Automated Threat Modeling
Threat Modeling Framework
CISO Security Mind Map 2026
CIS Controls
OWASP Top 10

© Threat-Modeling.com

Connect with me

Enter your Email address if you want to connect and receive threat modeling updates (I won’t spam you or share your contact details).

AND / OR

Try my threat modeling tool, it's completely free to use.

Thanks for signing up!