1 vulnerability across 1 product scored HIGH or above on June 26, 2026.
- ๐ HIGH: 1
Exploit Status Upgrades
The following CVEs from previous bulletins have been upgraded based on new exploit intelligence:
- [UPGRADED] CVE-2025-71333 (flowise/flowise) โ F1: exploitable โ itw, AAS: 10.7 โ 13.7 (HIGH โ CRITICAL). Originally in 2026-06-25 bulletin.
- [UPGRADED] CVE-2025-71327 (flowise/flowise) โ F1: exploitable โ itw, AAS: 10.7 โ 13.7 (HIGH โ CRITICAL). Originally in 2026-06-25 bulletin.
- [UPGRADED] CVE-2025-71324 (flowise/flowise) โ F1: exploitable โ itw, AAS: 10.1 โ 13.1 (HIGH โ CRITICAL). Originally in 2026-06-25 bulletin.
- [UPGRADED] CVE-2026-12053 (gitlab/gitlab) โ F1: theoretical โ poc, AAS: 9.4 โ 11.9 (HIGH โ HIGH). Originally in 2026-06-25 bulletin.
- [UPGRADED] CVE-2026-50189 (appsmithorg/appsmith) โ F1: exploitable โ functional, AAS: 9.7 โ 11.7 (HIGH โ HIGH). Originally in 2026-06-24 bulletin.
- [UPGRADED] CVE-2026-54067 (siyuan-note/siyuan) โ F1: exploitable โ functional, AAS: 9.2 โ 11.2 (HIGH โ HIGH). Originally in 2026-06-24 bulletin.
๐ [HIGH] wso2/wso2_api_manager
1 CVE | CVSS 3.1: 8.3 | AAS 11.0
cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*
WSO2 API Manager is affected by a high-severity server-side request forgery vulnerability (CVE-2026-2053, CVSS 8.3) in its message flow component. The flaw stems from insufficient validation of WS-Addressing headers, allowing an unauthenticated attacker to manipulate header values and force the API Manager to send requests to arbitrary attacker-controlled destinations, potentially enabling access to internal services and sensitive resources. A proof-of-concept exploit is available, increasing the risk of active exploitation. Organizations running WSO2 API Manager should review the vendor advisory at security.docs.wso2.com and apply the recommended patches or mitigations immediately.
- ๐ CVE-2026-2053 (CVSS 3.1: 8.3)