Vulnerability Intelligence Report — June 9, 2026

nick

Vulnerability Intelligence Report — June 9, 2026

by

Vulnerability Intelligence Report — June 9, 2026
Coverage: June 8–9, 2026 | New CISA KEV additions: 2 | New items: 2 | KEV deadlines today: 0 | KEV deadlines this week: 4
Previous reports: June 8, 2026 | June 7, 2026

Today — June 9, 2026 — the OpenSSL security update arrives. CISA added two new entries to the Known Exploited Vulnerabilities catalog: Check Point Security Gateway (CVE-2026-50751) with a tight June 11 deadline — an IKEv1 authentication bypass enabling unauthorised VPN access — and BerriAI LiteLLM (CVE-2026-42271) with a June 22 deadline. Nx Console and TanStack KEV deadlines arrive tomorrow (June 10).

Quick Reference — Most Important Items Today

OpenSSL Security Update: Released today — apply immediately after verifying advisory severity

Check Point Security Gateway: CVE-2026-50751 (NEW CISA KEV, IKEv1 VPN auth bypass, due June 11 — 2 days)

BerriAI LiteLLM: CVE-2026-42271 (NEW CISA KEV, authenticated command injection, due June 22)

KEV DEADLINE TOMORROW: Nx Console CVE-2026-48027 / TanStack CVE-2026-45321

OpenSSL Security Update — Released Today (June 9)

The OpenSSL security update pre-announced last week has been released. Apply immediately:

  • Check openssl.org/news/ for the published advisory and severity classification
  • Update via your distribution’s package manager: apt update && apt upgrade openssl (Debian/Ubuntu), dnf update openssl (RHEL/Fedora), or equivalent
  • For container images: rebuild base images to pull in the updated OpenSSL package
  • For statically linked applications: recompile against the updated OpenSSL and redeploy
  • Restart all services linked against OpenSSL after updating — HTTPS servers, VPN endpoints, email servers, database servers, and any TLS-terminating services
  • Verify the updated OpenSSL version: openssl version

The pre-announcement mechanism — used sparingly by the OpenSSL project since Heartbleed — signals that this update warrants prompt attention. Organisations that completed their OpenSSL inventory yesterday should be able to deploy the update within hours.

Check Point Security Gateway — CVE-2026-50751 (NEW CISA KEV, IKEv1 VPN Authentication Bypass, Deadline June 11)

Software affected: Check Point Security Gateway — the firewall and VPN appliance deployed at the network perimeter of thousands of organisations globally for site-to-site and remote access VPN.

CVE: CVE-2026-50751 | Added to CISA KEV June 8, 2026 — federal agency deadline June 11, 2026 (2 days) | Improper authentication in IKEv1 key exchange allows unauthenticated remote attackers to bypass user authentication and establish a remote access VPN connection without valid credentials

Fixable: Yes. Check Point has released a security update. Apply immediately.

Business impact: An authentication bypass in the IKEv1 (Internet Key Exchange version 1) key exchange mechanism allows an unauthenticated remote attacker to establish a VPN connection to the internal network without any valid user credentials. This is the same class of vulnerability as the PAN-OS GlobalProtect auth bypass (CVE-2026-0257) — perimeter VPN gateway authentication bypass. Check Point firewalls are among the most widely deployed enterprise firewall and VPN platforms globally, alongside Palo Alto, Fortinet, and Cisco. An attacker who exploits this vulnerability gains network-level access to the internal network — they are inside the perimeter, able to reach internal systems, and positioned for lateral movement. The CISA KEV deadline of June 11 — just three days from the KEV addition — signals extreme urgency.

How to fix: Apply the Check Point security update immediately. Verify the installed version after updating. If IKEv1 is not operationally required, disable it in favour of IKEv2 — this eliminates the attack surface for this vulnerability even prior to patching. After patching, audit VPN connection logs for IKEv1 sessions established from unrecognised IP addresses or without corresponding valid user authentication records.

Recommended action: Critical — patch today. Perimeter VPN authentication bypass with a 72-hour CISA KEV deadline is an emergency-patch scenario. This follows the PAN-OS CVE-2026-0257 pattern closely — do not assume your organisation is too small to be targeted. VPN gateways are high-value targets for both ransomware operators and nation-state actors.

Official source: Check Point Security Advisory | CISA KEV Catalog

BerriAI LiteLLM — CVE-2026-42271 (NEW CISA KEV, Command Injection, Deadline June 22)

Software affected: BerriAI LiteLLM — an open-source library for calling LLM APIs using a unified interface, widely used in AI/ML application stacks.

CVE: CVE-2026-42271 | Added to CISA KEV June 8, 2026 — federal agency deadline June 22, 2026 | Command injection allowing any authenticated user, including holders of low-privilege internal-user keys, to run arbitrary commands on the host

Fixable: Yes. Update LiteLLM to the latest patched version.

Business impact: A command injection vulnerability that allows any authenticated user — even those with low-privilege internal API keys — to execute arbitrary operating system commands on the host running LiteLLM. In AI/ML infrastructure, LiteLLM often runs on servers with access to model endpoints, API keys for commercial LLM providers, and cloud credentials. A compromised LiteLLM instance provides a pivot point into both the AI infrastructure and the cloud environment. The CISA KEV deadline of June 22 gives two weeks to patch.

Recommended action: Update LiteLLM. While not as urgent as the Check Point deadline, the KEV addition signals active exploitation concern. Update within your normal patching cycle but do not defer beyond June 22.

Official source: CISA KEV Catalog

KEV Deadline Watch

Today (June 9): OpenSSL security update — apply immediately.

Tomorrow (June 10): Nx Console CVE-2026-48027 and TanStack CVE-2026-45321 — audit npm dependencies. May 28 report.

June 11 (2 days): Check Point Security Gateway CVE-2026-50751 (NEW — critical).

June 19: SolarWinds Serv-U CVE-2026-28318 (actively exploited).

June 22: BerriAI LiteLLM CVE-2026-42271 (NEW).

Updates on Items from Previous Reports

Everest Forms Pro CVE-2026-3300: Actively exploited — most urgent WP threat. Dedicated advisory.

Windows MiniPlasma CVE-2026-33825: Still no patch. Dedicated advisory.

Hugging Face Transformers CVE-2026-4372, Cisco SD-WAN CVE-2026-20245, X.Org/Xwayland, Ansible Galaxy, Comodo Firewall, all WP plugin CVEs: Covered in dedicated advisories.

PAN-OS CVE-2026-0257: Deadline passed June 1 — now 8 days past. If still unpatched, you are operating at direct, confirmed risk of exploitation.

Drupal, Citrix NetScaler, Windows Netlogon, Acer routers, FortiClient, Ghost CMS, SonicWall, ChromaDB, Oracle, Cisco UC Manager, authentik, BIRD BGP, MLflow, React Router, LibreChat, MISP: Covered in dedicated advisories and previous reports.

This report is compiled from official vendor advisories, the CISA Known Exploited Vulnerabilities catalog, the National Vulnerability Database, and primary security research sources.

Threat Modeling and Security by Design

Threat modeling and Security by Design methods, tools, and approaches to help secure your business and IT landscape.

Terms of Service | Privacy Policy

AI chatbot & help center by 99helpers.com

Threat Modeling
Threat Modeling Tool
Threat Modeling Tool Explainer
What is Threat Modeling?
STRIDE Threat Modeling
PASTA Threat Modeling
Automated Threat Modeling
Threat Modeling Framework
CISO Security Mind Map 2026
CIS Controls
OWASP Top 10

© Threat-Modeling.com

Connect with me

Enter your Email address if you want to connect and receive threat modeling updates (I won’t spam you or share your contact details).

AND / OR

Try my threat modeling tool, it's completely free to use.

Thanks for signing up!