Vulnerability Intelligence Report — July 4, 2026
New CISA KEV: 0 | KEV deadline TODAY: Microsoft SharePoint CVE-2026-45659 — THE LAST ACTIVE KEV | Bad Epoll 0-Day: Linux kernel root escalation (CVE-2026-46242) | Exchange Online + 365 Copilot: critical privilege escalation | FBI TeamPCP: developer tool supply chain attacks | AI Agent poisoning: new attack vector exploiting hidden HTML
Previous report: July 3, 2026
Friday, July 4, 2026 — the Microsoft SharePoint KEV deadline arrives today, and after it passes, the CISA KEV calendar clears for the third time in two weeks. But the security news cycle has no regard for holidays. The day’s biggest story is “Bad Epoll” CVE-2026-46242: a newly disclosed Linux kernel zero-day that allows an unprivileged local user to escalate to root via a race condition and use-after-free in the epoll subsystem. The vulnerability affects Linux servers, desktops, and — critically — Android devices, making this one of the broadest-reaching kernel privesc disclosures in recent memory. Microsoft disclosed two critical privilege escalation vulnerabilities in its cloud services: CVE-2026-54998 in Exchange Online (incorrect authorization) and CVE-2026-41106 in Microsoft 365 Copilot (open redirect → privilege escalation). Both are cloud-side patched — no customer action required — but the critical severity rating for privilege escalation in cloud services is unusual and notable. The FBI has issued a warning about “TeamPCP”, a threat actor group systematically compromising developer and security tools to steal cloud tokens, SSH keys, Kubernetes secrets, and corporate access in large-scale supply chain attacks. And a new AI adversary technique has emerged: attackers are using SEO poisoning and hidden HTML prompt injections to trick AI agents into trusting malicious pages and making fraudulent payments — a direct exploitation of the AI agent trust model.
Quick Reference — Most Important Items Today
Bad Epoll CVE-2026-46242: Linux kernel 0-Day → root — race condition + UAF in epoll — affects servers, desktops, AND Android devices
Exchange Online CVE-2026-54998 + 365 Copilot CVE-2026-41106: CRITICAL privilege escalation in cloud services — Microsoft patched server-side
KEV DEADLINE TODAY: Microsoft SharePoint CVE-2026-45659 — the LAST active KEV — after today, calendar clears for third time
FBI TeamPCP Warning: Threat actors compromising developer/security tools — supply chain attacks targeting cloud tokens, SSH keys, K8s secrets
AI Agent Poisoning: SEO + hidden HTML prompt injection — tricking AI agents into fraudulent payments — new threat vector class
FatFs: 7 CVEs in ubiquitous embedded filesystem — millions of IoT devices — SD cards, USB drives, microcontrollers
Medtronic: ShinyHunters breach affects 3.8 million pacemaker patients
“Bad Epoll” CVE-2026-46242 — Linux Kernel 0-Day, Root Access on Servers AND Android
Software affected: Linux kernel — epoll subsystem. Affects all Linux servers, desktops, and Android devices running vulnerable kernel versions. Android’s kernel is Linux-based, making this one of the broadest-reaching kernel vulnerabilities.
CVE: CVE-2026-46242 | Dubbed “Bad Epoll” | Local privilege escalation to root | Exploits a race condition and use-after-free (UAF) in the kernel’s epoll event notification subsystem. An unprivileged local user can trigger the race condition to corrupt kernel memory, escalate to root, and gain full control of the system.
Status: This is a textbook dangerous kernel vulnerability. Epoll is a core Linux subsystem used by virtually every application that handles concurrent I/O — web servers (nginx, Apache), database servers, application runtimes (Node.js, Python asyncio), and Android’s entire event loop infrastructure. A race condition UAF in epoll means the vulnerability is triggerable through normal, unprivileged application behavior — no special capabilities or weird syscalls required. The Android impact is particularly significant: Android devices run Linux kernels with the same epoll implementation, and local privilege escalation to root on Android means full device compromise including secure element access, credential storage, and bypass of all application sandboxing. Kernel patch status is pending — apply updates as distributions and Google release them. For Android: Google typically releases kernel patches through monthly Android Security Bulletins or out-of-band updates for critical kernel flaws.
Recommended action: Apply kernel updates as Linux distributions release patches — prioritise multi-tenant servers, container hosts, and any system where unprivileged users have shell access. For Android: apply monthly security updates — Bad Epoll will likely appear in an upcoming Android Security Bulletin. Monitor for public PoC/exploit code — kernel UAF exploits typically appear within days of disclosure.
Official source: CybersecurityNews Report | Linux kernel mailing list (lkml) | Android Security Bulletin (forthcoming)
Microsoft Exchange Online + 365 Copilot — Critical Privilege Escalation, Cloud-Side Patched
Software affected: Microsoft Exchange Online (cloud email) and Microsoft 365 Copilot (AI assistant integrated across the Microsoft 365 suite).
CVE: CVE-2026-54998 (Exchange Online) — Incorrect authorization enabling unauthenticated network-based privilege escalation | CVE-2026-41106 (365 Copilot) — Open redirect to untrusted site enabling network-based privilege escalation. Both rated CRITICAL by Microsoft — an unusual severity designation for privilege escalation vulnerabilities, reflecting the potential impact in cloud services where privilege boundaries separate tenant data.
Status: Microsoft has patched both vulnerabilities server-side — no customer action is required. The critical severity rating for what are traditionally “high” severity EoP flaws suggests Microsoft assessed that these vulnerabilities could enable cross-tenant access or administrative privilege escalation within the Microsoft 365 cloud environment. CVE-2026-54998 was reported by an external researcher; CVE-2026-41106 was found internally. Microsoft states no evidence of exploitation. These cloud-side fixes are notable because they demonstrate that even “nothing to do” vulnerabilities deserve attention — the fact that critical privilege escalation bugs exist in Exchange Online and Copilot reveals the attack surface that cloud service providers are continuously defending.
Official source: Security.nl Report | Microsoft Security Response Center
FBI TeamPCP Warning, AI Agent Poisoning, FatFs Embedded — Supply Chain and Emerging Threats
FBI TeamPCP — Developer Tool Supply Chain Attacks: The FBI has issued a formal warning about “TeamPCP,” a threat actor group systematically compromising trusted developer and security tools. The group targets the tools themselves — development environments, CI/CD pipelines, and security assessment software — to steal cloud tokens, SSH keys, Kubernetes secrets, and corporate access credentials. This is a sophisticated supply chain attack pattern: rather than targeting individual organisations, TeamPCP compromises the tools that organisations use to build and secure their infrastructure, gaining access to hundreds or thousands of downstream victims through a single tool compromise. The FBI recommends a minimum package age policy — do not adopt newly published packages or tools without a vetting period. Organisations should audit their development toolchain: verify the provenance of all build tools, IDE plugins, and security assessment software. Implement software bill of materials (SBOM) verification for development tools.
AI Agent Poisoning — SEO + Hidden HTML Prompt Injection: A new adversarial technique exploits the trust model of AI agents. Attackers create malicious websites that use SEO poisoning to rank highly in search results, then embed hidden HTML containing prompt injection instructions. When an AI agent (such as a coding assistant, research agent, or autonomous browser agent) visits the page, it reads the hidden instructions and follows them — potentially making fraudulent payments, disclosing information, or executing unintended actions. This represents a new class of threat: the victim is not a human user but an AI agent acting on their behalf. The attack exploits the agent’s inability to distinguish between visible content (intended for humans) and hidden content (intended to manipulate the agent). Organisations deploying AI agents should implement output verification gates — do not allow agents to execute financial transactions, modify production systems, or access sensitive data without human approval. Treat AI agent actions as untrusted until verified, just as you would treat content from an untrusted website.
FatFs — 7 CVEs in Ubiquitous Embedded Filesystem: Seven new CVEs have been disclosed in FatFs, the lightweight FAT/exFAT filesystem driver used across virtually every embedded and IoT ecosystem — SD cards, USB drives, microcontrollers, industrial controllers, and consumer electronics. Millions of devices are potentially affected. The vulnerabilities could enable denial of service and potentially code execution through maliciously crafted filesystem images. Embedded devices typically lack update mechanisms, making patching difficult or impossible. For systems you control: update FatFs implementations. For purchased devices: contact manufacturers. For secure environments: do not accept external storage media on critical systems.
KEV Deadline Watch — FINAL EDITION
TODAY (July 4): Microsoft SharePoint CVE-2026-45659 — deserialization RCE, patch May, actively exploited. BOD 26-04. THE LAST ACTIVE KEV DEADLINE.
AFTER TODAY: KEV calendar FULLY CLEARS — third time in two weeks. Zero active deadlines.
Overdue — July 4 (+0): SharePoint — passes today.
Overdue — July 2 (+2): SimpleHelp CVE-2026-48558.
Older overdue: 30 total.
Updates on Items from Previous Reports
SharePoint CVE-2026-45659: Deadline today — the final KEV. Advisory.
CitrixBleed CVE-2026-8451: Exploited within 24 hours. Advisory.
SimpleHelp: 2 days overdue. Advisory.
Adobe ColdFusion: Patch window expired. 6 CVSS 10.0 vulns.
Microsoft Defender: BlueHammer ransomware + RoguePlanet pending + disable-Defender campaign.
This report is compiled from official vendor advisories, the CISA KEV catalog, the NVD, and primary security research sources including Security.nl, CybersecurityNews.com, and vendor security bulletins.
