(TLP:CLEAR) Weekly Vulnerabilities to Prioritize – May 7, 2026
Created: Thursday, May 7, 2026 - 14:21
Categories: Cybersecurity, Security Preparedness
The below vulnerabilities have been identified by WaterISAC analysts as important for water and wastewater utilities to prioritize in their vulnerability management efforts. WaterISAC shares critical vulnerabilities that affect widely used products and may be under active exploitation. WaterISAC draws additional awareness in alerts and advisories when vulnerabilities are confirmed to be impacting, or have a high likelihood of impacting, water and wastewater utilities. Members are encouraged to regularly review these vulnerabilities, many of which are often included in CISA’s Known Exploited Vulnerabilities (KEV) Catalog.
Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability
CVSS v3.1: 9.3
CVE: CVE-2026-0300
Description: A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability. CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog.
Source: https://security.paloaltonetworks.com/CVE-2026-0300
Linux “Copy Fail” Vulnerability
CVSS 3.1: 7.8
CVEs: CVE-2026-31431
Description: In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead – Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
Original Source: https://www.cve.org/CVERecord?id=CVE-2026-31431
Additional Reading:
Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability
CVSS v3.1: 7.2
CVE: CVE-2026-6973
Description: An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution. CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog.
Source: https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-Multiple-CVEs?language=en_US
Progress MOVEit Automation Improper Authentication Vulnerability
CVSS 3.1: 9.8
CVEs: CVE-2026-4670
Description: Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.
Original Source: https://community.progress.com/s/article/MOVEit-Automation-Critical-Security-Alert-Bulletin-April-2026-CVE-2026-4670-CVE-2026-5174
Additional Reading:
Weaver E-cology 10.0 Unauthenticated RCE via dubboApi Debug Endpoint
CVSS v3.1: 9.8
CVE: CVE-2026-22679
Description: Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality. Attackers can craft POST requests with attacker-controlled interfaceName and methodName parameters to reach command-execution helpers and achieve arbitrary command execution on the system. Exploitation evidence was first observed by the Shadowserver Foundation on 2026-03-31 (UTC).
Source: https://www.weaver.com.cn/cs/securityDownload_en.html
Additional Reading: