Post Date: 2026/07/16
【Vulnerability Alert】CISA Adds 2 Known Exploited Vulnerabilities to KEV Catalog (2026/06/29-2026/07/05)
- Subject: 【Vulnerability Alert】CISA Adds 2 Known Exploited Vulnerabilities to KEV Catalog (2026/06/29-2026/07/05)
- Description:
- Forwarded TWCERT/CC Security Alert TWCERTCC-200-202607-00000003
- 【CVE-2026-48558】SimpleHelp Authentication Bypass Vulnerability (CVSS v3.1: 10.0)
- 【Known Ransomware Exploitation: Unknown】 SimpleHelp's OIDC authentication process contains an authentication bypass vulnerability. When OIDC authentication is enabled in the system, the login process fails to properly validate the cryptographic signature of the ID token. A remote unauthenticated attacker could submit a forged token to obtain an authenticated technician session; under certain configurations, this may even bypass multi-factor authentication (MFA).
- 【CVE-2026-45659】Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability (CVSS v3.1: 8.8)
- 【Known Ransomware Exploitation: Unknown】 Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability, allowing an authorized attacker to execute arbitrary code over the network.
- Affected Platforms:
- 【CVE-2026-48558】Please refer to the affected versions listed by the official vendor: https://simple-help.com/security/simplehelp-security-update-2026-05
- 【CVE-2026-45659】Please refer to the affected versions listed by the official vendor: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659
- Recommended Actions:
- 【CVE-2026-48558】 The official vendor has released a security update for this vulnerability. Please update to the relevant version: https://simple-help.com/security/simplehelp-security-update-2026-05
- 【CVE-2026-45659】 The official vendor has released a security update for this vulnerability. Please update to the relevant version: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659
Computer and Communication Center
Network Systems Division Sincerely