Tuesday, June 9, 2026

Palo Alto PAN-OS Auth Bypass (CVE-2026-0257) on CISA KEV — Deadline Passed, Still Exploited

Palo Alto Networks PAN-OS CVE-2026-0257 is an authentication bypass flaw allowing attackers to bypass security restrictions and establish unauthorised VPN connections; it was added to the CISA Known Exploited Vulnerabilities catalog with a federal deadline of June 1, 2026, which has now passed. Active exploitation has been confirmed and continues. MSPs should apply the vendor patch from security.paloaltonetworks.com immediately; if patching is not possible, restrict GlobalProtect/Authentication Portal exposure to trusted networks only.

SonicWall SMA1000 Series: High-Severity SQL Injection CVE-2026-4112 and Three Additional Flaws Patched

SonicWall released patches for four vulnerabilities in SMA1000 series firewalls, including CVE-2026-4112, a high-severity SQL injection flaw that could allow a read-only admin to escalate to primary admin rights; three additional issues can enable SSL VPN credential enumeration and TOTP authentication bypass. SonicWall states no evidence of in-the-wild exploitation but strongly urges immediate appliance updates. Admins should consult psirt.sonicwall.com for affected version guidance.

Blackpoint Cyber May 2026 MSP Vulnerability Review — 6,500+ CVEs, 21 Added to CISA KEV

Blackpoint Cyber's Adversary Pursuit Group published its May 2026 vulnerability review, noting more than 6,500 CVEs disclosed in May alone with over 53% rated high or critical CVSS; CISA added 21 vulnerabilities to the KEV catalog during the month. Key MSP-relevant items included Palo Alto CVE-2026-0300 (actively exploited internet-facing firewalls), Progress MOVEit CVE-2026-4670 and CVE-2026-5174, and Microsoft Exchange CVE-2026-42897. MSPs should use this report to audit client environments against the full May KEV additions.