【Security Vulnerability Alert】CISA has added 2 known exploited vulnerabilities to the KEV catalog (2026/06/29-2026/07/05)

 
2026/7/9 ~ 2027/1/9
View Count:14

Forwarded Taiwan Computer Emergency Response Team / Coordination Center Security Advisory Alert TWCERTCC-200-202607-00000003

[Description]
【CVE-2026-48558】SimpleHelp Authentication Bypass Vulnerability (CVSS v3.1: 10.0)
【Whether exploited by ransomware: unknown】 There is an authentication bypass vulnerability in the OIDC authentication process of SimpleHelp. When OIDC authentication is enabled in the system, the login process does not properly verify the cryptographic signature of the identity token. Remote unauthenticated attackers can submit forged tokens to obtain an authenticated technician session; in some configurations, it may even bypass multi-factor authentication.

【CVE-2026-45659】Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability (CVSS v3.1: 8.8)
【Whether exploited by ransomware: unknown】 Microsoft SharePoint Server has a deserialization of untrusted data vulnerability, allowing authenticated attackers to execute arbitrary code over the network.

[Affected Platform]
【CVE-2026-48558】Please refer to the affected versions listed by the official https://simple-help.com/security/simplehelp-security-update-2026-05

【CVE-2026-45659】Please refer to the affected versions listed by the official https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659

[Recommendations]
【CVE-2026-48558】 The official has released fixes for the vulnerability. Please update to the relevant versions https://simple-help.com/security/simplehelp-security-update-2026-05

【CVE-2026-45659】 The official has released fixes for the vulnerability. Please update to the relevant versions https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659

Files
None
Top↑