Post Date: 2026/07/16

【Vulnerability Alert】CISA Adds 2 Known Exploited Vulnerabilities to KEV Catalog (2026/06/29-2026/07/05)

  • Subject: 【Vulnerability Alert】CISA Adds 2 Known Exploited Vulnerabilities to KEV Catalog (2026/06/29-2026/07/05)


  • Description:
    • Forwarded TWCERT/CC Security Alert TWCERTCC-200-202607-00000003
    • 【CVE-2026-48558】SimpleHelp Authentication Bypass Vulnerability (CVSS v3.1: 10.0)
    • 【Known Ransomware Exploitation: Unknown】 SimpleHelp's OIDC authentication process contains an authentication bypass vulnerability. When OIDC authentication is enabled in the system, the login process fails to properly validate the cryptographic signature of the ID token. A remote unauthenticated attacker could submit a forged token to obtain an authenticated technician session; under certain configurations, this may even bypass multi-factor authentication (MFA).
    • 【CVE-2026-45659】Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability (CVSS v3.1: 8.8)
    • 【Known Ransomware Exploitation: Unknown】 Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability, allowing an authorized attacker to execute arbitrary code over the network.
  • Affected Platforms:
  • Recommended Actions:

Computer and Communication Center
Network Systems Division Sincerely