Print - 【Vulnerability Alert】CISA Added 5 Known Exploited Vulnerabilities to the KEV Catalog (2026/05/25

【Vulnerability Alert】CISA Added 5 Known Exploited Vulnerabilities to the KEV Catalog (2026/05/25–2026/05/31)

publish date : 2026-06-05 update date : 2026-06-05

Source: Ministry of education information & communication security contingency platform

"" "" ""


Publication Number	TACERT-ANA-2026060310060101	Publication Time	2026-06-03 10:16:02
Incident Type	ANA-Vulnerability Alert	Discovery Time	2026-06-03 10:16:02
Impact Level	Low
[Subject] 【Vulnerability Alert】CISA Added 5 Known Exploited Vulnerabilities to the KEV Catalog (2026/05/25–2026/05/31)
[Content] Forwarded from TWCERTCC Security Advisory TWCERTCC-200-202606-00000001 【CVE-2026-48172】LiteSpeed cPanel Plugin Privilege Escalation Vulnerability (CVSS v3.1: 9.8) 【Whether exploited by ransomware: Unknown】 LiteSpeed cPanel Plugin has a privilege escalation vulnerability. This vulnerability may be triggered through the user-side cPanel plugin. Any cPanel user account may abuse this vulnerability to execute arbitrary scripts with root privileges. 【CVE-2026-48027】Nx Console Embedded Malicious Code Vulnerability (CVSS v3.1: 9.8) 【Whether exploited by ransomware: Known】 Nx Console has an embedded malicious code vulnerability. Attackers used this to release malicious versions of Nx Console. The affected extensions download obfuscated malicious payloads, which can steal credentials from multiple sources in disk and memory. 【CVE-2026-45321】TanStack Unspecified Vulnerability (CVSS v31: 9.6) 【Whether exploited by ransomware: Known】 TanStack has an unspecified vulnerability, allowing attackers to publish malicious versions of packages to the npm Registry and use a trusted identity to publish credential-stealing malware. 【CVE-2026-8398】Daemon Tools Lite Embedded Malicious Code Vulnerability (CVSS v3.1: 9.8) 【Whether exploited by ransomware: Unknown】 Daemon Tools has an unspecified vulnerability, causing a high impact on confidentiality, integrity, and availability. 【CVE-2026-0257】Palo Alto Networks PAN-OS Authentication Bypass Vulnerability (CVSS v3.1: 9.1) 【Whether exploited by ransomware: Unknown】 Palo Alto Networks PAN-OS has an authentication bypass vulnerability. Attackers may use this to bypass security restrictions and establish unauthorized VPN connections. Information Sharing Level: WHITE (the intelligence content is information that may be publicly disclosed)
[Affected Platform] 【CVE-2026-48172】Please refer to the affected versions listed by the official source https://blog.litespeedtech.com/2026/05/21/security-update-for-litespeed-cpanel-plugin/ 【CVE-2026-48027】Please refer to the affected versions listed by the official source https://nx.dev/blog/nx-console-v18-95-0-postmortem#indicators-of-compromise 【CVE-2026-45321】Please refer to the affected versions listed by the official source https://github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpx 【CVE-2026-8398】Please refer to the affected versions listed by the official source https://blog.daemon-tools.cc/post/security-incident 【CVE-2026-0257】Please refer to the affected versions listed by the official source https://security.paloaltonetworks.com/CVE-2026-0257
[Recommended Actions] 【CVE-2026-48172】The official source has released a fix update for the vulnerability. Please update to the relevant version https://blog.litespeedtech.com/2026/05/21/security-update-for-litespeed-cpanel-plugin/ 【CVE-2026-48027】The official source has released a fix update for the vulnerability. Please update to the relevant version https://nx.dev/blog/nx-console-v18-95-0-postmortem#indicators-of-compromise 【CVE-2026-45321】The official source has released a fix update for the vulnerability. Please update to the relevant version https://github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpx 【CVE-2026-8398】The official source has released a fix update for the vulnerability. Please update to the relevant version https://blog.daemon-tools.cc/post/security-incident 【CVE-2026-0257】The official source has released a fix update for the vulnerability. Please update to the relevant version https://security.paloaltonetworks.com/CVE-2026-0257
[Reference]

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center