WaterISAC Navigation
  • About
  • Report Incident
  • Contact Us
  • Become a Member
  • NRWA Signup
  • WaterISAC Champions
  • About
  • Report Incident
  • Contact Us
  • Become a Member
  • NRWA Signup
  • WaterISAC Champions
Home Posts (TLP CLEAR) Weekly Vulnerabilities to Prioritize – July 2, 2026
Become a Member

Log in

  • Upcoming Events
  • Resource Center
  • Tools
  • Webcasts
  • Contaminant Databases
  • Community Partners
  • About
  • Log in

  • My Account

  • Logout

  • Report Incident
  • Contact Us
  • NRWA Signup
  • WaterISAC Champions
More Resources

(TLP CLEAR) Weekly Vulnerabilities to Prioritize – July 2, 2026

TLP:CLEAR

Author: Chase Snow

Created: Thursday, July 2, 2026 - 11:56

Categories: Cybersecurity, Security Preparedness

The below vulnerabilities have been identified by WaterISAC analysts as important for water and wastewater utilities to prioritize in their vulnerability management efforts. WaterISAC shares critical vulnerabilities that affect widely used products and may be under active exploitation. WaterISAC draws additional awareness in alerts and advisories when vulnerabilities are confirmed to be impacting, or have a high likelihood of impacting, water and wastewater utilities. Members are encouraged to regularly review these vulnerabilities, many of which are often included in CISA’s Known Exploited Vulnerabilities (KEV) Catalog.

Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability
CVSS v3.1:
8.8
CVE: CVE-2026-45659
Description: Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. CISA added this vulnerabilities to its Known Exploited Vulnerability Catalog.
Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659

SimpleHelp Authentication Bypass Vulnerability
CVSS 3.1: 
10.0
CVEs: 
CVE-2026-48558
Description: 
See WaterISAC’s advisory regarding this vulnerability. SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication. No user interaction is required. CISA added this vulnerability to its Known Exploited Vulnerabilities Catalog.
Original Source: https://simple-help.com/security/simplehelp-security-update-2026-05

Citrix NetScaler Insufficient input validation leading to memory overread
CVSS 3.1:
8.8CVEs: CVE-2026-8451Description: Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP.
Source: https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604
Additional Reading:

  • CitrixBleed To Infinity And Beyond (Citrix NetScaler Pre-Auth Memory Overread CVE-2026-8451)
  • CVE-2026-8451 Adds a New NetScaler Memory Overread to the CitrixBleed Pattern

Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability
CVSS 3.1:
8.6
CVEs: CVE-2026-20230
Description: A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root. Note: To exploit this vulnerability, the WebDialer service must be enabled. WebDialer is disabled by default. CISA added this vulnerabilities to its Known Exploited Vulnerability Catalog.
Original Source: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW

Joomla Extension – joomlack.fr – Unauthenticated file upload in Page Builder CK extension < 3.6.0
CVSS v3.1:
10.0
CVE: CVE-2026-56290
Description: The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
Source: https://www.cve.org/CVERecord?id=CVE-2026-56290

PTC Windchill and FlexPLM Improper Input Validation Vulnerability
CVSS 4.0:
9.3
CVEs: CVE-2026-12569
Description: A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data.  * This advisory also applies to all CPS versions * The identified vulnerability also impacts Windchill and FlexPLM releases prior to 11.0 M030. CISA added this vulnerabilities to its Known Exploited Vulnerability Catalog.
Original Source: https://www.ptc.com/en/support/article/CS473270

Related Resources

(TLP:CLEAR) SANS OUCH! Newsletter Encourages Safe and Thoughtful AI Use

Jul 2, 2026 in Cybersecurity, Security Preparedness
Members Only

(TLP:GREEN) Gate 15 Threat Awareness & Resilience Guidance Report: Third-Party Access Risks

Jul 2, 2026 in Cybersecurity, Security Preparedness
Members Only

(TLP:AMBER) DHS Shares FortiBleed Exploitation Indicators of Compromise

Jul 2, 2026 in Cybersecurity, Federal & State Resources, Security Preparedness

Become a Member
FAQs
About
Report Incident
Traffic Light Protocol (TLP)

Terms & Conditions
Privacy Policy
AI Policy
Contact Us

LinkedIn

1250 I Street NW, Suite 350
Washington, DC 20005
1-866-H2O-ISAC (1-866-426-4722)
© 2026 WaterISAC. All Rights Reserved.

Toggle the Widgetbar