(TLP CLEAR) Weekly Vulnerabilities to Prioritize – July 2, 2026
Created: Thursday, July 2, 2026 - 11:56
Categories: Cybersecurity, Security Preparedness
The below vulnerabilities have been identified by WaterISAC analysts as important for water and wastewater utilities to prioritize in their vulnerability management efforts. WaterISAC shares critical vulnerabilities that affect widely used products and may be under active exploitation. WaterISAC draws additional awareness in alerts and advisories when vulnerabilities are confirmed to be impacting, or have a high likelihood of impacting, water and wastewater utilities. Members are encouraged to regularly review these vulnerabilities, many of which are often included in CISA’s Known Exploited Vulnerabilities (KEV) Catalog.
Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability
CVSS v3.1: 8.8
CVE: CVE-2026-45659
Description: Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. CISA added this vulnerabilities to its Known Exploited Vulnerability Catalog.
Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659
SimpleHelp Authentication Bypass Vulnerability
CVSS 3.1: 10.0
CVEs: CVE-2026-48558
Description: See WaterISAC’s advisory regarding this vulnerability. SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication. No user interaction is required. CISA added this vulnerability to its Known Exploited Vulnerabilities Catalog.
Original Source: https://simple-help.com/security/simplehelp-security-update-2026-05
Citrix NetScaler Insufficient input validation leading to memory overread
CVSS 3.1: 8.8CVEs: CVE-2026-8451Description: Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP.
Source: https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604
Additional Reading:
- CitrixBleed To Infinity And Beyond (Citrix NetScaler Pre-Auth Memory Overread CVE-2026-8451)
- CVE-2026-8451 Adds a New NetScaler Memory Overread to the CitrixBleed Pattern
Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability
CVSS 3.1: 8.6
CVEs: CVE-2026-20230
Description: A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root. Note: To exploit this vulnerability, the WebDialer service must be enabled. WebDialer is disabled by default. CISA added this vulnerabilities to its Known Exploited Vulnerability Catalog.
Original Source: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW
Joomla Extension – joomlack.fr – Unauthenticated file upload in Page Builder CK extension < 3.6.0
CVSS v3.1: 10.0
CVE: CVE-2026-56290
Description: The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
Source: https://www.cve.org/CVERecord?id=CVE-2026-56290
PTC Windchill and FlexPLM Improper Input Validation Vulnerability
CVSS 4.0: 9.3
CVEs: CVE-2026-12569
Description: A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. * This advisory also applies to all CPS versions * The identified vulnerability also impacts Windchill and FlexPLM releases prior to 11.0 M030. CISA added this vulnerabilities to its Known Exploited Vulnerability Catalog.
Original Source: https://www.ptc.com/en/support/article/CS473270
