(TLP:CLEAR) Weekly Vulnerabilities to Prioritize – May 28, 2026

Author: Chase Snow

Created: Thursday, May 28, 2026 - 15:48

Categories: Cybersecurity, Security Preparedness

The below vulnerabilities have been identified by WaterISAC analysts as important for water and wastewater utilities to prioritize in their vulnerability management efforts. WaterISAC shares critical vulnerabilities that affect widely used products and may be under active exploitation. WaterISAC draws additional awareness in alerts and advisories when vulnerabilities are confirmed to be impacting, or have a high likelihood of impacting, water and wastewater utilities. Members are encouraged to regularly review these vulnerabilities, many of which are often included in CISA’s Known Exploited Vulnerabilities (KEV) Catalog.

Trend Micro Apex One Directory Traversal Vulnerability
CVSS v3.1: 6.7
CVE: CVE-2026-34926
Description: A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability. CISA added these vulnerabilities to its Known Exploited Vulnerabilities Catalog.
Source: https://success.trendmicro.com/en-US/solution/KA-0023430

Microsoft SharePoint Remote Code Execution Vulnerability
CVSS 3.1: 8.8
CVEs: CVE-2026-45659
Description: Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Original Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659

LiteSpeed User-End cPanel Plugin Privilege Escalation Vulnerability
CVSS v3.1: 10.0
CVE: CVE-2026-48172
Description: LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE “cpanel_jsonapi_func=redisAble” /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null in Bash. If you get no output, you have not been hit with exploitation of the vulnerability. If there is output, we recommend you examine the IP addresses in the list, determine if they are valid IP addresses, and if not, block them. To determine damage done, examine the system logs for use by the detected IP addresses. The issue is related to mishandling of Redis enable/disable features. The recommended minimum version is 2.4.7. CISA added these vulnerabilities to its Known Exploited Vulnerabilities Catalog.
Source: https://blog.litespeedtech.com/2026/05/21/security-update-for-litespeed-cpanel-plugin/

IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities when using when using Web Server Plug-ins
CVSS 3.1: 9.8, 7.5
CVEs: CVE-2026-8633, CVE-2026-8620
Description: IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code execution in the Web Server Plug-ins, through a specially crafted request.
Original Source: https://www.ibm.com/support/pages/node/7274072