2 vulnerabilities across 2 products scored HIGH or above on July 08, 2026.

  • 🟠 HIGH: 2

Exploit Status Upgrades

The following CVEs from previous bulletins have been upgraded based on new exploit intelligence:

  • [UPGRADED] CVE-2026-55952 (erlang/erlang_otp) β€” F1: theoretical β†’ poc, AAS: 9.2 β†’ 11.7 (HIGH β†’ HIGH). Originally in 2026-07-02 bulletin.
  • [UPGRADED] CVE-2026-13603 (pretix/pretix-oppwa) β€” F1: exploitable β†’ itw, AAS: 9.4 β†’ 11.9 (HIGH β†’ HIGH). Originally in 2026-07-01 bulletin.

🟠 [HIGH] openbsd/openssh

1 CVE | CVSS 3.1: 7.7 | AAS 9.4

  • cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:* (< 10.4)

OpenBSD OpenSSH versions prior to 10.4 are affected by a high-severity use-after-free vulnerability (CVE-2026-60002, CVSS 7.7) in the SSH client that can be triggered when a server changes its host key during key re-exchange. This flaw is considered exploitable and should be a priority for any organization using OpenSSH clients in their environment, which includes virtually all Linux, BSD, and macOS systems. Security teams should upgrade OpenSSH to version 10.4 or later immediately and review the vendor advisory at https://marc.info/?l=openssh-unix-dev&m=178333966933090&w=2 for additional details.

Vendor Advisory


🟠 [HIGH] webpros/plesk

1 CVE | CVSS 3.1: 9.9 | AAS 9.1

  • cpe:2.3:a:webpros:plesk:*:*:*:*:*:*:*:* (< 18.0.78.4)

WebPros Plesk versions prior to 18.0.78.4 are affected by a critical authorization bypass vulnerability (CVE-2026-56843, CVSS 9.9) in the XML-RPC API that allows a low-privileged authenticated customer to enumerate domains across tenant boundaries and retrieve other tenants’ FTP credentials stored in cleartext, ultimately enabling code execution as another tenant’s system user. Hosting providers and managed service providers running Plesk should treat this as an urgent priority given the cross-tenant impact and potential for full compromise of shared hosting environments. Administrators should update Plesk to version 18.0.78.4 or later immediately and review the vendor advisory at https://support.plesk.com/hc/en-us/articles/41178305151255-Vulnerability-in-Plesk-XML-API-Cleartext-FTP-Password-Exposure for remediation guidance.

Vendor Advisory