Affected Vendors This Week
- Cisco: 12 CVEs (5 High, 3 Medium, 4 Other)
- Palo Alto Networks: 1 CVE (1 Critical)
- OpenWrt / DD-WRT: 2 CVEs (2 Info/No Severity)
- ASUS: 2 CVEs (2 Info/No Severity)
Critical Vulnerability Alert
This week brings one critical-severity vulnerability that demands immediate attention. CVE-2026-0300 (CVSS 9.8) affects Palo Alto Networks PAN-OS and involves a buffer overflow in the User-ID Authentication Portal (Captive Portal) service. The vulnerability allows unauthenticated attackers to execute arbitrary code—making this a severe risk for any organization running affected PAN-OS versions. If you maintain Palo Alto Networks firewalls or security appliances, prioritize patching this immediately.
Cisco Dominates This Week's Volume
Cisco accounts for 12 of the 17 new CVEs, reflecting a significant patch Tuesday release. While none reach critical severity, the collection includes several high-risk issues affecting core networking and management infrastructure:
- CVE-2026-20034 (CVSS 8.8): Remote code execution in Cisco Unity Connection web interface via authenticated access. This requires user credentials but the high CVSS score suggests low complexity exploitation.
- CVE-2026-20185 (CVSS 7.7): SNMP subsystem vulnerability in Cisco 350 Series (SG350) and 350X Series (SG350X) managed switches. SNMP often runs with default or weak credentials—check your switch configurations.
- CVE-2026-20188 (CVSS 7.5): Denial-of-service flaw in Cisco Crosswork Network Controller (CNC) and Network Services Orchestrator (NSO) that allows unauthenticated remote attackers to cause service disruption.
- CVE-2026-20035 (CVSS 7.2): Server-Side Request Forgery (SSRF) vulnerability in Cisco Unity Connection Web Inbox. SSRF can be leveraged to access internal resources or pivot attacks deeper into your network.
- CVE-2026-20167 and CVE-2026-20168, CVE-2026-20169 (CVSS 7.7, 6.5, 6.4): Multiple vulnerabilities in Cisco IoT Field Network Director affecting authentication, privilege escalation, and file disclosure.
Additional Cisco Findings
CVE-2026-20195 (CVSS 5.3) affects Cisco Identity Services Engine (ISE) with an unauthenticated user enumeration flaw—useful for reconnaissance but moderate impact. CVE-2026-20219 (CVSS 5.4) in Cisco Slido's REST API allows data theft in social profiles and quiz results.
Actionable Next Steps
For Palo Alto Networks users: Immediately check your PAN-OS version against vendor advisories and apply patches for CVE-2026-0300 if you run an affected release.
For Cisco customers: Review which products in your environment are affected (Unity Connection, ISE, Crosswork, NSO, SG350 switches, IoT Field Network Director). Cisco typically releases patches on Tuesday; check your device management console for available firmware updates. Prioritize CVE-2026-20034 and CVE-2026-20188 first due to remote exploitation risk.
General: This week highlights the importance of regular patch management schedules and monitoring vendor security advisories—Cisco's 12 CVEs underscore the value of automated update deployment where possible.