Vulnerability Intelligence Report — June 24, 2026
Coverage: June 1–24, 2026 | Total CISA KEV additions (period): 20 | New KEVs: 4 (3x Ubiquiti UniFi OS, Lantronix EDS5000) | KEV deadlines: June 26 (4 new, BOD 26-04 3-day mandate) | Triple deadline yesterday: PASSED | Total overdue KEVs: 15
Previous reports: June 23, 2026 | June 22, 2026
Wednesday, June 24, 2026 — yesterday’s triple CISA KEV deadline has passed, and attention now shifts to four new KEV additions published June 23: three Ubiquiti UniFi OS vulnerabilities — all carrying a maximum CVSS 10.0 severity — and a Lantronix EDS5000 code injection flaw. Under CISA’s BOD 26-04 accelerated 3-day mandate, all four carry a June 26 deadline — just two days from today. This is the most concentrated single-vendor KEV addition of the period: Ubiquiti UniFi OS now has three simultaneously catalogued vulnerabilities covering command injection, path traversal, and access control bypass — together enabling full device compromise by any network-adjacent attacker. Separately, Flowise AI’s MCP Server has a critical OS command injection (CVSS 9.9), the ML security tool picklescan has five new bypass vulnerabilities enabling arbitrary code execution through previously undetected pickle vectors, and ManageEngine SSO tokens have been found to be insufficiently random (CVSS 9.0) across four product lines. The Capgo mobile app delivery platform disclosed four separate authorization and information disclosure vulnerabilities patched in version 12.128.2.
Quick Reference — Most Important Items Today
Ubiquiti UniFi OS — TRIPLE CISA KEV (CVSS 10.0 each): CVE-2026-34910 (command injection) + CVE-2026-34909 (path traversal) + CVE-2026-34908 (access control bypass) — all 3 deadline June 26 under BOD 26-04
Lantronix EDS5000: CVE-2025-67038 (NEW CISA KEV, code injection, deadline June 26)
Flowise AI: CVE-2026-56274 (CVSS 9.9, OS command injection in Custom MCP Server, all roles affected)
picklescan: 5 new bypass CVEs — CVE-2026-56315 (7 stdlib modules, CVSS 9.8) plus 4 additional (all CVSS 8.1) — ML supply chain vector
ManageEngine: CVE-2026-11374 (CVSS 9.0, predictable SSO tokens across 4 product lines — ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, ADAudit Plus)
expr-eval: CVE-2026-12866 (CVSS 9.8, arbitrary JavaScript execution via toJSFunction(), all versions affected)
Mojolicious OAuth2: CVE-2026-9733 (CVSS 9.1, insecure default state parameter, predictable epoch-time hash)
Capgo: 4 CVEs — authorization bypass + hashed key bypass + information disclosure + DoS — patched in 12.128.2
Triple KEV deadline (June 23): Chromium V8, Arista EOS, Cisco SD-WAN — all now overdue (+1)
Next KEV deadline after June 26: Cisco SD-WAN CVE-2026-20262 (June 29, actively exploited)
Ubiquiti UniFi OS — Triple CISA KEV, All CVSS 10.0, Deadline June 26
Software affected: Ubiquiti UniFi OS — the operating system powering UniFi Cloud Gateways, Network Controllers, Protect NVRs, Access Hubs, and Talk devices. The CVEs affect all UniFi OS devices accessible over the network.
CVE: CVE-2026-34910 (Improper Input Validation → Command Injection) | CVE-2026-34909 (Path Traversal → File Access/Manipulation) | CVE-2026-34908 (Improper Access Control → Unauthorized System Changes) | All three: CVSS 10.0 | CISA KEV added June 23 — deadline June 26, 2026 under BOD 26-04 3-day mandate | Network-adjacent attack vector — no authentication required.
Status: This is the most concentrated single-vendor CISA KEV addition this period. Three vulnerabilities, each independently carrying the maximum possible CVSS score, have been added simultaneously. Together they provide a complete device takeover chain: CVE-2026-34908 bypasses access controls, CVE-2026-34909 enables arbitrary file access through path traversal, and CVE-2026-34910 achieves command injection for code execution on the underlying OS. Any network-adjacent attacker — on the same network segment as a UniFi device — can exploit this chain without credentials. Ubiquiti has published Security Advisory Bulletin 064 with patched firmware. Given the massive install base of UniFi equipment across enterprises, managed service providers, and small businesses, this represents an extremely broad attack surface.
Recommended action: Apply Ubiquiti’s patched firmware per Security Advisory Bulletin 064 immediately. Network segmentation for UniFi management interfaces as a compensating control. Audit UniFi device access logs for unauthorized configuration changes. BOD 26-04 deadline is June 26 — two days from today.
Official source: Ubiquiti Security Advisory Bulletin 064 | CISA KEV Catalog
Lantronix EDS5000 — CVE-2025-67038 (NEW CISA KEV, Code Injection, Deadline June 26)
Software affected: Lantronix EDS5000 device server — used for connecting serial-based industrial and networking equipment to IP networks.
CVE: CVE-2025-67038 | CISA KEV added June 23 — deadline June 26, 2026 | Code injection vulnerability | Network-exploitable.
Status: Lantronix EDS5000 device servers bridge legacy serial equipment to modern IP networks — they sit in the critical path between industrial control systems, networking hardware, and the enterprise network. A code injection vulnerability in this positioning means an attacker can pivot from the device server into OT and ICS environments. Combined with the Ubiquiti UniFi OS CVEs, this makes four new KEV entries all carrying the same June 26 deadline under BOD 26-04.
Recommended action: Patch Lantronix EDS5000 devices immediately. Isolate device servers from untrusted network segments as a compensating control. Audit OT/ICS network segmentation where EDS5000 devices are deployed.
Official source: CISA KEV Catalog | Lantronix Security Advisory
Flowise AI — CVE-2026-56274 (CVSS 9.9, OS Command Injection in MCP Server)
Software affected: Flowise versions prior to 3.1.2 — an open-source low-code platform for building LLM application flows and AI agents.
CVE: CVE-2026-56274 | CVSS 9.9 (CRITICAL) | CWE-78 OS Command Injection | Multiple injection points in the Custom MCP Server feature | Incomplete command-flag validation and regex bypass in local file access restrictions | Exploitable by any Flowise user regardless of role, or via API with view/update permissions.
Status: Flowise is a popular platform for building AI agent workflows — it integrates with LLM providers, vector databases, and external tools. The Custom MCP Server feature allows users to define their own tool servers, and the OS command injection vulnerability in this feature means any authenticated user — including low-privilege roles — can execute arbitrary operating system commands on the Flowise server. This is the fourth AI-related framework or tool vulnerability this period, following Mastra, LiteLLM, and Microsoft AutoGen Studio. The AI supply chain continues to be the most active vulnerability surface of this reporting period.
Recommended action: Upgrade Flowise to version 3.1.2 or later immediately. Review Flowise server access logs for unexpected command execution. Audit all AI framework and tool deployments — the pattern of four AI-related vulnerabilities in one reporting period demands a systematic review of AI infrastructure security.
Official source: Flowise Security Advisory GHSA-m99r-2hxc-cp3q
picklescan — 5 Bypass CVEs, ML Supply Chain Vector
Software affected: picklescan — a security tool used to scan Python pickle files for malicious code, widely used in ML model distribution and Hugging Face ecosystem. Versions prior to 1.0.4.
CVE: CVE-2026-56315 (CVSS 9.8, CWE-184) — fails to block 7 Python stdlib modules exposing 8 arbitrary command execution functions | CVE-2025-71376 (CVSS 8.1) — idlelib.autocomplete bypass | CVE-2025-71370 (CVSS 8.1) — torch.jit.unsupported_tensor_ops bypass | CVE-2025-71365 (CVSS 8.1) — numpy.f2py.crackfortran.myeval bypass | CVE-2025-71341 (CVSS 8.1) — profile.Profile.runctx bypass.
Status: picklescan is the de facto security scanner for Python pickle files — it is integrated into Hugging Face’s model security pipeline, ML model registries, and CI/CD security checks. These five bypass vulnerabilities mean that malicious pickle files — the primary vector for ML supply chain attacks — can pass picklescan undetected while still executing arbitrary code when deserialized. The CVSS 9.8 primary CVE (CVE-2026-56315) is particularly concerning: it reveals that seven common Python standard library modules (uuid, _osx_support, _aix_support, _pyrepl.pager, imaplib, and others) were never added to picklescan’s blocklist, providing attackers with well-documented code execution paths that the tool was supposed to catch. This is a significant ML supply chain security failure — any organization relying on picklescan as a safety gate for pickle files has been operating with a false sense of security.
Recommended action: Upgrade picklescan to version 1.0.4 or later immediately. Re-scan all previously scanned pickle files and ML models with the updated version. Review ML model ingestion pipelines — do not rely solely on picklescan for safety; implement defense-in-depth including sandboxed deserialization and model provenance verification.
Official source: picklescan Security Advisory GHSA-g38g-8gr9-h9xp
ManageEngine SSO Tokens, expr-eval, Mojolicious, and Capgo
ManageEngine CVE-2026-11374 (CVSS 9.0): SSO tickets generated by ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus are insufficiently random — predictable tokens enable session hijacking across four widely deployed enterprise identity and management products. Upgrade all four products to patched versions per ManageEngine advisories. This is a cross-product vulnerability: a weakness in the shared SSO token generation library affects the entire product line.
expr-eval CVE-2026-12866 (CVSS 9.8): All versions of the expr-eval JavaScript expression evaluation library are vulnerable to arbitrary code execution via the toJSFunction() API. User-controlled expressions are compiled directly into native code using new Function(), enabling full JavaScript execution in any application that exposes expr-eval to untrusted input. This library has over 2 million weekly npm downloads. No patch is yet available for all versions — consider migrating to a sandboxed expression evaluator.
Mojolicious OAuth2 CVE-2026-9733 (CVSS 9.1): The Perl Mojolicious::Plugin::Web::Auth::OAuth2 module (through version 0.17) uses an insecure default state parameter — a SHA-1 hash of predictable epoch time and low-entropy sources, with the epoch time leaked via the nonce. This enables OAuth2 authorization code interception attacks. All deployments using the default configuration are vulnerable. Upgrade to a patched version or explicitly configure a cryptographically secure state generator.
Capgo — 4 CVEs patched in 12.128.2: The Capgo mobile app delivery platform patched four vulnerabilities: authorization bypass in API key management where mode=all keys restricted to a single app could access all apps (CVE-2026-56225, CVSS 8.3), hashed API key enforcement bypass via the PostgREST/RLS plane (CVE-2026-56243, CVSS 8.1), unauthenticated information disclosure via the /updates endpoint (CVE-2026-56322, CVSS 7.5), and unauthenticated DoS (CVE-2026-56248, CVSS 7.5). Mobile app delivery platforms are high-value targets — compromise could inject malicious updates into customer applications. Upgrade to 12.128.2 or later.
KEV Deadline Watch
June 26 (2 days): QUADRUPLE — Ubiquiti UniFi OS CVE-2026-34908/34909/34910 + Lantronix EDS5000 CVE-2025-67038. All four: BOD 26-04 3-day mandate. NEW — added yesterday.
June 29 (5 days): Cisco SD-WAN CVE-2026-20262. Actively exploited. Dedicated advisory.
OVERDUE — June 23 (+1): TRIPLE — Chromium V8 CVE-2026-11645 + Arista EOS CVE-2026-7473 + Cisco SD-WAN CVE-2026-20245. The largest single-day deadline of the period has now passed. Verify compliance.
OVERDUE — June 22 (+2): LiteLLM CVE-2026-42271.
OVERDUE — June 21 (+3): Splunk CVE-2026-20253 (actively exploited).
OVERDUE — June 19 (+5): Joomla CE CVE-2026-48907 + SolarWinds CVE-2026-28318.
OVERDUE — June 18 (+6): LiteSpeed CVE-2026-54420.
OLDER OVERDUE: Oracle PS (+9), Ivanti (+10), Check Point (+13), Nx Console (+14), Mirasvit (+18), Android (+19), PAN-OS (+23).
After June 26: Only one remaining active KEV deadline this period — Cisco SD-WAN June 29. The pace of new KEV additions has defined this reporting period: 20 additions in 24 days under BOD 26-04’s accelerated timeline.
Updates on Items from Previous Reports
Triple KEV Deadline (June 23): All three deadlines have passed. Chromium V8, Arista EOS, and Cisco SD-WAN Manager now join the overdue list. Organisations should verify compliance and complete any outstanding patching.
Ubiquiti UniFi OS (NEW): Three CVSS 10.0 CVEs added to CISA KEV simultaneously — the most concentrated single-vendor addition this period. Deadline June 26 under BOD 26-04. Dedicated advisories pending.
Lantronix EDS5000 (NEW): Industrial device server KEV addition. OT/ICS operators should prioritise — device servers bridge critical infrastructure to IP networks.
AI Framework Vulnerabilities: Now four this period: North Korea Mastra supply chain, LiteLLM command injection, Microsoft AutoGen Studio code execution, Flowise AI OS command injection. This is a systemic pattern — AI frameworks and tools are the most active vulnerability surface of the reporting period. Organisations deploying AI infrastructure should implement a recurring audit cycle.
picklescan: ML supply chain security tool rendered ineffective by 5 bypass CVEs. Re-scan all previously validated pickle files. Defense-in-depth for ML model ingestion is essential — picklescan alone is insufficient.
Fortinet Threat Cluster: FortiSandbox exploitation → FortiBleed credential leak → custom FortiGate sniffer. Comprehensive Fortinet audit remains recommended. FortiBleed advisory.
Overdue KEVs: 15 total overdue. Splunk CVE-2026-20253 and Cisco SD-WAN CVE-2026-20262 are actively exploited — these should be the highest priority among overdue items. PAN-OS CVE-2026-0257 is now 23 days past deadline.
40+ dedicated advisories published this period. Cumulative Spring ecosystem CVEs: 35+. Cumulative GitLab CVEs: 12.
This report is compiled from official vendor advisories, the CISA KEV catalog, the NVD, and primary security research sources including vendor security advisories, NVD enrichment, and CISA KEV monitoring.
