Skip to dossier
fruition.net
verified 4h ago
The Perimeter · Issue 07-03-2026

Cisco CUCM exploited within 24 hours, pnpm 15-CVE batch, KEV adds Windchill and UniFi

The week's sharpest signal is operational. CISA added Cisco Unified CM (CVE-2026-20230, SSRF to root) to KEV on June 25, and researchers observed weaponization within 24 hours of disclosure. A companion finding: Cisco SD-WAN Manager (CVE-2026-20262) was exploited roughly two months before public disclosure via rogue peering. If you operate Cisco voice or SD-WAN in any environment, pull access logs back to the disclosure date now, not next sprint. The supply-chain layer is dense. pnpm disclosed a coordinated 15-CVE batch covering lockfile-driven RCE, integrity-check bypass, git argument injection, and traversal in patch application. Treat any `pnpm install` on an untrusted PR branch as code execution until runners are upgraded. A second Shai-Hulud/Miasma wave hit npm via the compromised czirker maintainer account, this time abusing `binding.gyp` rather than install hooks, so detection that only inspects pre/postinstall scripts will miss it. CISA also added PTC Windchill/FlexPLM, three Ubiquiti UniFi OS flaws, Splunk Enterprise, and Lantronix EDS5000 to KEV this period. A Snyk writeup of the Klue incident is worth reading for the connected-app hygiene lesson: a single forgotten OAuth credential at a SaaS vendor gave attackers read access to multiple customers' Salesforce orgs. Two notes for readers who saw last week's issue: the Drupal core JSON:API object injection (SA-CORE-2026-005), the Avada Builder file deletion, the Gravity SMTP exposure, and the Vertex AI SDK bucket-squat were all curated in the 2026-06-26 dossier and are not repeated here. Run those patches if you have not already. This issue was trimmed from 11 to 7 items after a pipeline dedup miss: the perimeter curator's seen-ledger is ephemeral on the K8s CronJob, so sources still inside the 14-day fetch window were re-picked. A repo-seeded dedup guard lands with this issue to stop the recurrence.
Published
Friday, July 3, 2026
Entries
7
Cadence
Weekly · Sundays
Curator
Brad Anderson
Wire
cisa.gov New addition to the Known Exploited Vulnerabilities catalog ·
github.com GHSA: critical npm package compromise affecting CI pipelines ·
wordfence.com WordPress plugin vulnerability with active exploitation ·
drupal.org Highly critical core security advisory published ·
aws.amazon.com AWS security bulletin: IAM policy evaluation update ·
unit42.paloaltonetworks.com Threat actor expands toolkit targeting public-facing PHP apps ·
krebsonsecurity.com Breach disclosure with named victim and confirmed initial vector ·
snyk.io Composer dependency advisory affecting production framework versions ·
cisa.gov New addition to the Known Exploited Vulnerabilities catalog ·
github.com GHSA: critical npm package compromise affecting CI pipelines ·
wordfence.com WordPress plugin vulnerability with active exploitation ·
drupal.org Highly critical core security advisory published ·
aws.amazon.com AWS security bulletin: IAM policy evaluation update ·
unit42.paloaltonetworks.com Threat actor expands toolkit targeting public-facing PHP apps ·
krebsonsecurity.com Breach disclosure with named victim and confirmed initial vector ·
snyk.io Composer dependency advisory affecting production framework versions ·
01

Web Application

frameworks · browsers · authentication flows

no entries this week

02

Supply Chain

packages · build systems · dependency attacks

github.com 2d CVSS 8.8

pnpm 15-CVE batch: lockfile-driven RCE, integrity bypass, git argument injection

pnpm disclosed a coordinated batch of advisories including CVE-2026-55698 (env lockfile short-circuits package-manager resolution to run attacker-chosen pnpm bytes, CVSS 8.8), CVE-2026-50016 (transitive alias path traversal replaces project paths with symlinks, 8.8), CVE-2026-50014 (git fetch argument injection via lockfile resolution.commit), CVE-2026-50021/50573 (integrity check bypass via missing/changed integrity), and CVE-2026-50015 (arbitrary file write/delete via malicious .patch).

Fruition take

Pin CI runners to the patched pnpm release and treat any `pnpm install` against an untrusted PR branch as code execution until you upgrade. The integrity-bypass cases (50021/50573) mean lockfile diffs alone are no longer a sufficient guard — require frozen-lockfile mode and review changes to `packageManager`, `configDependencies`, and `patchedDependencies`.

github.com 2d CVSS 8.1

PhpWeasyPrint: case-insensitive PHAR wrapper bypass enables deserialization RCE

pontedilana/php-weasyprint uses a case-sensitive `strpos($filename, 'phar://')` check to block PHAR stream wrappers, but PHP stream wrappers are case-insensitive — `PHAR://` or `Phar://` bypass the guard and reach `file_exists()` in prepareOutput(). On PHP 7 this triggers metadata deserialization and RCE. CVE-2026-49286, a patch bypass of CVE-2023-28115; same pattern as the KnpLabs/snappy fix.

CVE-2026-49286 pontedilana/php-weasyprint PHP 7
Fruition take

If any Laravel/Symfony PDF rendering path uses php-weasyprint and accepts user-influenced output filenames, upgrade and add an explicit lowercase-then-startswith check. Inventory other libraries that block stream wrappers with case-sensitive comparisons — this is a recurring class.

Shai-Hulud Miasma returns: czirker npm account compromise hits Leo/RStreams

Sonatype reports 23 malicious package versions published via the compromised czirker maintainer account, affecting the RStreams and Leo Platform ecosystems. The Miasma variant abuses binding.gyp rather than pre/postinstall hooks to steal credentials, validate access, and propagate via trusted publishing workflows — bypassing scanners that only watch lifecycle scripts.

npm Leo Platform RStreams czirker packages
Fruition take

Grep CI and dev workstation install logs for leo-* and rstreams-* packages installed since mid-June and rotate any npm/GitHub/cloud tokens reachable from those hosts. Detection that only inspects pre/postinstall scripts will miss binding.gyp execution — extend to native-build steps.

snyk.io this week

Klue vendor breach cascades to customer Salesforce data via forgotten credential

Snyk's writeup of the Klue incident details how a single forgotten OAuth credential at a SaaS vendor gave attackers read access to multiple customers' Salesforce orgs. The pattern matches recent campaigns against connected-app integrations: persistent refresh tokens with broad scopes, no expiry, no per-customer rotation.

Klue Salesforce connected apps
Fruition take

Pull a list of every connected app and OAuth grant in your Salesforce, Auth0, and Google Workspace tenants. Anything older than 12 months from a vendor you no longer actively use should be revoked this week, not next quarter.

03

Infrastructure

kubernetes · cloud · network · ingress

github.com 2d CVSS 9.1

Nezha monitoring: pre-auth path traversal leaks JWT secret; cross-tenant shell hijack

Nezha dashboard contains an unauthenticated path-traversal (CVE-2026-53519, CVSS 9.1) via `/dashboard..` prefix confusion that returns `data/config.yaml` and the HS256 jwt_secret_key, enabling session forgery. A separate flaw (CVE-2026-46716, 9.9) lets any authenticated dashboard user attach to live WebSocket terminal/file-manager streams on other tenants — interactive RCE on monitored servers. Fixed in v2.0.10+.

CVE-2026-53519 CVE-2026-46716 Nezha Monitoring Nezha Dashboard
Fruition take

If Nezha is used to monitor any client infrastructure, upgrade to ≥2.0.10 and rotate jwt_secret_key — both bugs are trivially exploitable and at least one was silently patched without a CVE for months.

04

PHP & CMS

wordpress · drupal · plugins · php frameworks

no entries this week

05

Identity & Auth

oauth · saml · iam · session attacks

no entries this week

06

Threat Intel

active exploitation · breaches · ransomware

▲ headline

Cisco Unified CM SSRF-to-root exploited within 24 hours; added to KEV

CVE-2026-20230 in Cisco Unified Communications Manager and Unified CM SME allows unauthenticated SSRF that writes files to the underlying OS, escalating to root. CISA added it to KEV on June 25 and researchers observed weaponization within 24 hours of disclosure. Separately, CVE-2026-20262 in Catalyst SD-WAN Manager was exploited approximately two months before public disclosure via rogue peering.

CVE-2026-20230 CVE-2026-20262 Cisco Unified CM Cisco Unified CM SME Cisco Catalyst SD-WAN Manager
Fruition take

If you operate Cisco UCM/SME in any client environment, patch now and pull access logs back to disclosure date — exploitation is not theoretical. For SD-WAN Manager deployments, hunt for unexpected admin sessions and rogue peer relationships established before June.

nvd.nist.gov this week KEV

CISA KEV additions: PTC Windchill, Ubiquiti UniFi OS, Splunk, Lantronix

CISA added several actively-exploited flaws this period: CVE-2026-12569 (PTC Windchill/FlexPLM unauthenticated RCE via improper input validation), three Ubiquiti UniFi OS bugs (CVE-2026-34908/34909/34910 — access control, path traversal, command injection), CVE-2026-20253 (Splunk Enterprise missing auth on PostgreSQL sidecar allows arbitrary file create/truncate), and CVE-2025-67038 (Lantronix EDS5000 root command injection).

CVE-2026-12569 CVE-2026-34908 CVE-2026-34909 +3 more PTC Windchill PTC FlexPLM Ubiquiti UniFi OS Splunk Enterprise
Fruition take

Run an asset query against these vendors today — Windchill and UniFi controllers in particular often live in network corners that miss patch cycles. BOD 26-04 deadlines apply to federal teams but the timelines are a reasonable target for everyone.