[Security Vulnerability Alert] CISA adds 3 known vulnerabilities exploited by hackers to the KEV directory (2026/05/04-2026/05/10)

 
2026/5/15 ~ 2026/11/15
View Count:59

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202605-00000010

[Content Description]
【CVE-2026-0300】Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability (CVSS v3.1: 9.8)
【Exploited by Ransomware: Unknown】 Palo Alto Networks' PAN-OS has an out-of-bounds write vulnerability in its User-ID Authentication Portal service. An unauthenticated attacker could execute arbitrary code with root privileges on PA-Series and VM-Series firewalls by sending specially crafted packets.

【CVE-2026-6973】Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability (CVSS v3.1: 7.2)
【Ransomware Exploitation Status: Unknown】 Ivanti Endpoint Manager Mobile (EPMM) contains an improper input validation vulnerability. A remote, authenticated user with administrator privileges could exploit this vulnerability to achieve remote code execution.

【CVE-2026-42208】BerriAI LiteLLM SQL Injection Vulnerability (CVSS v3.1: 9.8)
【Ransomware Exploitation Status: Unknown】 BerriAI LiteLLM contains an SQL injection vulnerability. Attackers could exploit this vulnerability to read and potentially modify data from the proxy server's database, resulting in unauthorized access to the proxy server and its managed credentials.

[Affected Platforms]
【CVE-2026-0300】Please refer to the official list of affected versions: https://security.paloaltonetworks.com/CVE-2026-0300

【CVE-2026-6973】Please refer to the official list of affected versions:
https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-Multiple-CVEs

【CVE-2026-42208】Please refer to the official list of affected versions:
https://github.com/BerriAI/litellm/security/advisories/GHSA-r75f-5x8p-qvmc

[Recommended Actions]
【CVE-2026-0300】An official patch update has been released for this vulnerability. Please update to the relevant version.
https://security.paloaltonetworks.com/CVE-2026-0300

【CVE-2026-6973】An official patch update has been released for this vulnerability. Please update to the relevant version.
https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-Multiple-CVEs

【CVE-2026-42208】An official patch update has been released for this vulnerability. Please update to the relevant version.
https://github.com/BerriAI/litellm/security/advisories/GHSA-r75f-5x8p-qvmc

Files
None
【Back】
Top↑