22 vulnerabilities across 13 products scored HIGH or above on July 06, 2026.

  • πŸ”΄ CRITICAL: 2
  • 🟠 HIGH: 20

Exploit Status Upgrades

The following CVEs from previous bulletins have been upgraded based on new exploit intelligence:

  • [UPGRADED] CVE-2026-13603 (pretix/pretix-oppwa) β€” F1: exploitable β†’ itw, AAS: 9.4 β†’ 11.9 (HIGH β†’ HIGH). Originally in 2026-07-01 bulletin.

πŸ”΄ [CRITICAL] adobe/coldfusion

1 CVE | CVSS 3.1: 10.0 | AAS 13.3

  • cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:* (>= 2025.0, < 2025.10)
  • cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:* (>= 2023.0, < 2023.21)

Adobe ColdFusion is affected by one critical vulnerability (CVE-2026-48316) carrying a maximum CVSS score of 10.0. The flaw is an improper input validation issue that allows unauthenticated arbitrary code execution without user interaction, with a changed scope indicating potential impact beyond the vulnerable component. ColdFusion versions 2025.9, 2023.20, and earlier are affected.

Organizations running Adobe ColdFusion should treat this as an emergency priority given the maximum-severity rating and the lack of any required user interaction or authentication. Review the vendor advisory at helpx.adobe.com/security/products/coldfusion/apsb26-68.html and apply the available patches immediately. ColdFusion servers exposed to the internet are at particular risk and should be patched or mitigated without delay.

Vendor Advisory


πŸ”΄ [CRITICAL] coollabsio/coolify

5 CVEs | CVSS 3.1: 9.9 | AAS 12.6

  • cpe:2.3:a:coollabsio:coolify:*:*:*:*:*:*:*:* (>= 4.0.0-beta.471, < 4.0.0-beta.474)

Coolify, the open-source self-hosted server and application management platform, is affected by five critical vulnerabilities with a maximum CVSS score of 9.9, including multiple authenticated remote command injection flaws. Proof-of-concept exploit code is available, increasing the likelihood of active exploitation. Attackers with application write permissions can achieve remote code execution and exfiltrate sensitive environment variables such as credentials through deployment logs.

Organizations running Coolify should update immediately to version 4.0.0-beta.469 or later, which addresses all five issues. Given the availability of public exploit code and the sensitivity of data at risk, teams unable to patch promptly should restrict application write permissions and audit deployment logs for signs of compromise.

Vendor Advisory


🟠 [HIGH] unclecode/crawl4ai

3 CVEs | CVSS 3.1: 10.0 | AAS 11.8

  • cpe:2.3:a:unclecode:crawl4ai:*:*:*:*:*:*:*:* (< 0.9.0)

Crawl4AI, the open-source LLM-friendly web crawler and scraper, is affected by three high-to-critical severity vulnerabilities with a maximum CVSS score of 10.0, including multiple flaws that enable unauthenticated arbitrary command execution. The most severe issue allows an attacker to inject malicious Chromium launch arguments through the Docker API server, which is unauthenticated by default, achieving remote code execution with a single HTTP request. These vulnerabilities are considered readily exploitable in exposed deployments.

Organizations running Crawl4AI in Docker should upgrade to version 0.9.0 or later immediately. Any instance with the API server exposed to untrusted networks should be treated as potentially compromised and investigated. As an interim mitigation, restrict network access to the Crawl4AI API endpoint until patching is complete.

Vendor Advisory


🟠 [HIGH] langroid/langroid

3 CVEs | CVSS 3.1: 10.0 | AAS 11.2

  • cpe:2.3:a:langroid:langroid:*:*:*:*:*:*:*:*

Langroid, an open-source Python framework for building LLM-powered applications, is affected by three high-to-critical severity vulnerabilities with a maximum CVSS score of 10.0, including multiple sandbox escape flaws that lead to remote code execution. The most severe issue involves an incomplete eval() sandbox in TableChatAgent and VectorStore components, where LLM-generated tool messages can break out of the restricted execution environment and run arbitrary code on the host system. These vulnerabilities are considered readily exploitable in deployments where these agent capabilities are enabled.

Teams using Langroid should review the vendor advisory at the GitHub Security Advisory linked above and upgrade to a patched version as soon as one is available. In the interim, disable full_eval mode for TableChatAgent and VectorStore agents, and avoid exposing Langroid-based applications to untrusted input sources. Any deployment that has processed untrusted LLM interactions through affected components should be investigated for signs of compromise.

Vendor Advisory


🟠 [HIGH] esri/arcgis_server

1 CVE | CVSS 3.1: 9.8 | AAS 10.9

  • cpe:2.3:a:esri:arcgis_server:*:*:*:*:*:*:*:*

Esri ArcGIS Server version 12.0 and all prior versions are affected by a critical directory traversal vulnerability (CVE-2026-9181) with a CVSS score of 9.8. The flaw allows an unauthenticated attacker to access sensitive files on the system by sending crafted path parameters, and is considered readily exploitable in exposed deployments.

Organizations running ArcGIS Server should consult the Esri security bulletin at the vendor advisory link and apply the recommended patches or updates immediately. Any internet-facing ArcGIS Server instances should be prioritized, and administrators should review access logs for suspicious path traversal patterns that may indicate prior exploitation attempts.

Vendor Advisory


🟠 [HIGH] verbb/formie

1 CVE | CVSS 3.1: 9.8 | AAS 10.9

  • cpe:2.3:a:verbb:formie:*:*:*:*:*:*:*:* (< 2.1.6)

Formie, a popular form plugin for Craft CMS, is affected by a critical server-side template injection vulnerability (CVE-2026-52889) with a CVSS score of 9.8. When a form uses Hidden fields with dynamic default values sourced from the HTTP request, such as User Agent, Referer URL, query parameters, or cookies, an unauthenticated attacker can inject Twig template syntax that is evaluated server-side during form rendering, potentially leading to remote code execution. The vulnerability is considered readily exploitable against any site with an affected form configuration.

Organizations running Formie on Craft CMS should review the GitHub Security Advisory and update to a patched version immediately. As an interim measure, remove or disable any Hidden fields that use request-derived dynamic default values until the update is applied.

Vendor Advisory


🟠 [HIGH] pnpm/pnpm

1 CVE | CVSS 3.1: 8.2 | AAS 10.7

  • cpe:2.3:a:pnpm:pnpm:*:*:*:*:*:*:*:* (< 10.34.4)
  • cpe:2.3:a:pnpm:pnpm:*:*:*:*:*:*:*:* (>= 11.0.0, < 11.8.0)

pnpm, the widely used JavaScript package manager, is affected by a high-severity path traversal vulnerability (CVE-2026-59195) with a CVSS score of 8.2. A malicious repository can include a crafted pnpm-lock.yaml file containing a traversal-shaped config dependency name, which causes pnpm to create symlinks outside the intended directory during installation. This is exploitable when developers clone and run pnpm install on untrusted repositories.

Teams using pnpm should upgrade to version 10.34.4 or 11.8.0 or later immediately. Developers should exercise caution when running pnpm install on unfamiliar or untrusted repositories, and review any lockfile changes in pull requests for suspicious dependency names. Review the vendor advisory on GitHub for full remediation details.

Vendor Advisory


🟠 [HIGH] github.com/cilium/cilium

1 CVE | CVSS 3.1: 9.2 | AAS 10.2

  • cpe:2.3:a:github.com:cilium_cilium:*:*:*:*:*:*:*:* (< 1.14.14)
  • cpe:2.3:a:github.com:cilium_cilium:*:*:*:*:*:*:*:* (>= 1.15.0, < 1.15.8)
  • cpe:2.3:a:github.com:cilium_cilium:*:*:*:*:*:*:*:* (>= 1.16.0, < 1.16.1)

Cilium, the widely deployed cloud-native networking and security platform for Kubernetes, is affected by a high-severity vulnerability (CVE-2026-49445) with a CVSS score of 9.2. When L7 network policy functionality is enabled, the Envoy proxy creates a world-accessible socket on cluster nodes, allowing a local attacker to reach Envoy admin endpoints and potentially expose TLS secrets, disrupt cluster traffic, or terminate the Envoy process. Both embedded and standalone Envoy deployment modes are affected.

Organizations running Cilium with L7 policies enabled should review the GitHub Security Advisory and upgrade to a patched version immediately. Until patching is complete, teams should restrict local access to cluster nodes and monitor for unauthorized connections to Envoy admin endpoints. Any cluster where untrusted users have node-level access should be treated as high priority for remediation.

Vendor Advisory


🟠 [HIGH] webpros/plesk

1 CVE | CVSS 3.1: 9.9 | AAS 10.1

  • cpe:2.3:a:webpros:plesk:*:*:*:*:*:*:*:*

Plesk, the widely used web hosting control panel from WebPros, is affected by a critical improper authorization vulnerability (CVE-2026-48614) with a CVSS score of 9.9. The flaw in the Plesk XML API allows any authenticated user to inject arbitrary configuration directives, enabling arbitrary file writes as root and full privilege escalation to complete server compromise. This vulnerability is considered readily exploitable and poses an immediate risk to any multi-tenant hosting environment running Plesk.

Organizations running Plesk should apply the vendor-provided patch immediately by consulting the support advisory linked above. Given that any authenticated Plesk user, including low-privileged hosting customers, can escalate to root, shared hosting providers should treat this as an emergency priority. Audit servers for signs of unauthorized configuration changes or unexpected file modifications while remediation is underway.

Vendor Advisory


🟠 [HIGH] fossbilling/fossbilling

1 CVE | CVSS 4.0: 9.2 | AAS 9.8

  • cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:* (>= 0.6.0, < 0.8.0)

FOSSBilling, the open-source billing and client management system, is affected by a high-severity unauthenticated payment bypass vulnerability (CVE-2026-42341) with a CVSS 4.0 score of 9.2. Versions 0.6.0 through 0.7.2 are affected when the Custom payment adapter is enabled, allowing an attacker to mark any unpaid invoice as paid and credit client accounts without making an actual payment by sending a single crafted HTTP request. This is readily exploitable and poses a direct financial fraud risk to any organization using the affected payment configuration.

Organizations running FOSSBilling should upgrade to version 0.8.0 immediately. As an interim workaround, disable the Custom payment gateway until the update is applied. Administrators should also audit recent payment records for invoices that were marked paid without corresponding legitimate transactions.

Vendor Advisory


🟠 [HIGH] leantime/leantime

2 CVEs | CVSS 4.0: 8.6 | AAS 9.5

  • cpe:2.3:a:leantime:leantime:*:*:*:*:*:*:*:* (< 3.3.2)

Leantime, the open-source project management platform, is affected by two high-severity vulnerabilities with a maximum CVSS 4.0 score of 8.6, including multiple authentication flaws. The most critical issue is an OIDC login CSRF vulnerability where the state parameter validation is completely bypassed, allowing attackers to craft malicious callback URLs that perform session fixation and log victims into attacker-controlled accounts. Both vulnerabilities are considered readily exploitable in deployments using OIDC authentication.

Organizations running Leantime with OIDC single sign-on should check the vendor’s GitHub repository for patched releases and upgrade as soon as a fix is available. Until then, teams should monitor authentication logs for suspicious OIDC callback activity and consider restricting access to the OIDC callback endpoint. Users should be advised to verify their account identity after logging in through SSO to detect potential session fixation attacks.

Vendor Advisory


🟠 [HIGH] vllm-project/vllm

1 CVE | CVSS 4.0: 8.7 | AAS 9.1

  • cpe:2.3:a:vllm-project:vllm:*:*:*:*:*:*:*:* (< 0.24.0)

vLLM, the widely used high-throughput inference and serving engine for large language models, is affected by a high-severity denial-of-service vulnerability (CVE-2026-55574) with a CVSS 4.0 score of 8.7. The structured_outputs.regex API parameter accepts user-supplied regular expressions without any compilation timeout or complexity analysis, allowing an attacker to submit a crafted regex pattern that causes catastrophic backtracking or unbounded compilation, blocking the inference engine. This is readily exploitable against any vLLM deployment that exposes the structured outputs API to untrusted users.

Organizations running vLLM should upgrade to version 0.24.0 or later, which addresses this issue. Until patching is complete, teams should restrict access to the structured_outputs.regex parameter or place the API behind an authenticated gateway that limits input from untrusted sources. Deployments exposed to the public internet should be prioritized for immediate remediation.

Vendor Advisory


🟠 [HIGH] decolua/9router

1 CVE | CVSS 3.1: 9.9 | AAS 9.1

  • cpe:2.3:a:decolua:9router:*:*:*:*:*:*:*:*

9Router, developed by decolua, is affected by a high-severity database export and import vulnerability (CVE-2026-55500) with a CVSS score of 9.9. The /api/settings/database endpoint allows full database export and complete database overwrite with minimal authentication, potentially exposing all stored credentials, API keys, OAuth tokens, and configuration settings. When combined with other weaknesses such as default passwords or tunnel exposure, this flaw enables complete database takeover.

Organizations running 9Router should review the GitHub Security Advisory and apply any available patches or mitigations immediately. As interim measures, ensure default credentials have been changed, restrict network access to the management API, and disable any unnecessary tunnel exposure. Audit database contents for signs of unauthorized export or modification.

Vendor Advisory