Weekly security intelligence digest covering the most critical vulnerabilities, threats, and breach news from the past week.
🚨 Critical: CISA Known Exploited Vulnerabilities
These vulnerabilities are being actively exploited in the wild. Immediate action required.
CVE-2026-42897: Microsoft Exchange Server Cross-Site Scripting Vulnerability
Vendor/Product: Microsoft Microsoft
Description: Microsoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA Due Date: 2026-05-29
Reference: CVE-2026-42897 - NVD
Expert take: Expert take: Exchange is one of the most attacked pieces of software out there — it holds your email, which means it holds password resets, internal conversations, and a map of who talks to who. An XSS flaw in Outlook Web Access matters because OWA is usually internet-facing, so the attack surface is basically anyone who can reach your login page. The one bit of good news is it needs some user interaction, so it’s not fully automatic. But XSS in webmail tends to chain into bigger problems: stealing a session, reading mail, or quietly setting up forwarding rules to siphon messages out. If you’re still on on-prem Exchange, patch by the deadline, then ask the harder question — does OWA need to be exposed to the whole internet? And while you’re in there, check mailbox rules for anything you didn’t create.
CVE-2026-20182: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
Vendor/Product: Cisco Catalyst SD-WAN
Description: Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.
Required Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlined in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
CISA Due Date: 2026-05-17
Reference: CVE-2026-20182 - NVD
Expert take: Expert take: This is the bad one. Unauthenticated, remote, and it hands an attacker admin on the SD-WAN controller — the brain that decides how traffic moves between all your sites. Get admin there and you don’t just own one box, you can reshape the whole network: reroute traffic, intercept it, or cut it off. No login, no user clicking anything, so attackers will mass-scan for exposed controllers. CISA put this under an Emergency Directive (ED 26-03), which is the category they save for the worst stuff. Also note the due date already passed — if you run Cisco Catalyst SD-WAN and haven’t patched, you’re overdue, so treat it as drop-everything. Patch, lock the management interface down so it isn’t reachable from the internet, and assume you might already be compromised — work through CISA’s hunt guidance and go looking.
📰 This Week’s Security News
Exploit available for new DirtyDecrypt Linux root escalation flaw
A recently patched local privilege escalation vulnerability in the Linux kernel’s rxgk module now has a proof-of-concept exploit that allows attackers to gain root access on some Linux systems. […]…
Read more: Exploit available for new DirtyDecrypt Linux root escalation flaw
Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 2026
The Pwn2Own Berlin 2026 hacking contest has concluded, with security researchers collecting $1,298,250 in rewards after exploiting 47 zero-day flaws. […]…
Read more: Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 2026
New Windows ‘MiniPlasma’ zero-day exploit gives SYSTEM access, PoC released
A cybersecurity researcher has released a proof-of-concept exploit for a Windows privilege escalation zero-day dubbed “MiniPlasma” that lets attackers gain SYSTEM privileges on fully patched Windows s…
Read more: New Windows ‘MiniPlasma’ zero-day exploit gives SYSTEM access, PoC released
✅ What You Should Do This Week
- Immediate: Patch CVE-2026-42897, CVE-2026-20182 (actively exploited)
- Verify: Check your systems against CISA KEV catalog
- Monitor: Review Azure AD sign-in logs for suspicious activity
- Audit: Verify MFA is enforced for all privileged accounts
- Backup: Test your disaster recovery procedures
📬 Stay Updated
Subscribe to receive weekly security digests directly in your inbox.
Questions or feedback? Contact us
GRC Vitrix provides cloud security and compliance intelligence for financial services professionals. This digest is curated from publicly available sources including CISA, Microsoft MSRC, and industry news.