Forwarded from Taiwan Computer Emergency Response Team / Coordination Center Cybersecurity Alert TWCERTCC-200-202605-00000012
【CVE-2026-20182】Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability (CVSS v3.1: 10.0)
【Known Ransomware Use: Unknown】 An authentication bypass vulnerability exists in Cisco Catalyst SD-WAN Controller & Manager, which allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on the affected system.
【CVE-2026-42897】Microsoft Exchange Server Cross-Site Scripting Vulnerability (CVSS v3.1: 8.1)
【Known Ransomware Use: Unknown】 A cross-site scripting vulnerability exists in Microsoft Exchange Server when Outlook Web Access generates webpages; under specific interaction conditions, an attacker could execute arbitrary JavaScript code in the browser environment.