Print - 【Vulnerability Alert】CISA Added 5 Known Exploited Vulnerabilities to the KEV Catalog (2026/06/01

【Vulnerability Alert】CISA Added 5 Known Exploited Vulnerabilities to the KEV Catalog (2026/06/01–2026/06/07)

publish date : 2026-06-12 update date : 2026-06-12

Source: Ministry of education information & communication security contingency platform

"" "" ""


Publication Number	TACERT-ANA-2026060804065050	Publication Time	2026-06-08 16:40:51
Incident Type	ANA-Vulnerability Alert	Discovery Time	2026-06-08 16:40:51
Impact Level	Low
[Subject] 【Vulnerability Alert】CISA Added 5 Known Exploited Vulnerabilities to the KEV Catalog (2026/05/25–2026/05/31)
[Content] Forwarded from TWCERTCC Security Advisory TWCERTCC-200-202606-00000005 【CVE-2024-21182】Oracle WebLogic Server Unspecified Vulnerability (CVSS v3.1: 7.5) 【Whether exploited by ransomware: Unknown】 Oracle WebLogic has an unspecified vulnerability. An unauthenticated attacker connecting through the T3 or IIOP protocol may exploit this vulnerability to compromise Oracle WebLogic Server. Successful exploitation of this vulnerability may result in unauthorized access to critical data or allow the attacker to obtain full access to all data accessible by Oracle WebLogic Server. 【CVE-2022-0492】Linux Kernel Improper Authentication Vulnerability (CVSS v3.1: 7.8) 【Whether exploited by ransomware: Unknown】 The Linux Kernel has an improper authentication vulnerability. An attacker may elevate privileges through the release_agent function of cgroups v1. 【CVE-2025-48595】Android Framework Integer Overflow Vulnerability (CVSS v3.1: 8.4) 【Whether exploited by ransomware: Unknown】 Android Framework has an integer overflow vulnerability, which may result in arbitrary code execution and thereby cause local privilege escalation. 【CVE-2026-45247】Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability (CVSS v3.1: 9.8) 【Whether exploited by ransomware: Unknown】 Mirasvit Full Page Cache Warmer has a deserialization of untrusted data vulnerability. An unauthenticated attacker may achieve remote code execution by providing a specially crafted PHP object in the CacheWarmer Cookie. 【CVE-2026-28318】SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability (CVSS v3.1: 7.5) 【Whether exploited by ransomware: Unknown】 SolarWinds Serv-U has an uncontrolled resource consumption vulnerability. An attacker may cause the Serv-U service to crash without authentication by using a specially crafted POST request with the Content-Encoding: deflate header. Information Sharing Level: WHITE (the intelligence content is information that may be publicly disclosed)
[Affected Platform] 【CVE-2024-21182】Please refer to the affected versions listed by the official source https://www.oracle.com/security-alerts/cpujul2024.html 【CVE-2022-0492】Please refer to the affected versions listed by the official source https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af 【CVE-2025-48595】Please refer to the affected versions listed by the official source https://source.android.com/docs/security/bulletin/2026/2026-06-01 【CVE-2026-45247】Please refer to the affected versions listed by the official source https://mirasvit.com/package/changelog/?package=mirasvit/module-cache-warmer 【CVE-2026-28318】Please refer to the affected versions listed by the official source https://www.solarwinds.com/trust-center/security-advisories/cve-2026-28318
[Recommended Actions] 【CVE-2024-21182】The official source has released a fix update for the vulnerability. Please update to the relevant version https://www.oracle.com/security-alerts/cpujul2024.html 【CVE-2022-0492】The official source has released a fix update for the vulnerability. Please update to the relevant version https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af 【CVE-2025-48595】The official source has released a fix update for the vulnerability. Please update to the relevant version https://source.android.com/docs/security/bulletin/2026/2026-06-01 【CVE-2026-45247】The official source has released a fix update for the vulnerability. Please update to the relevant version https://mirasvit.com/package/changelog/?package=mirasvit/module-cache-warmer 【CVE-2026-28318】The official source has released a fix update for the vulnerability. Please update to the relevant version https://www.solarwinds.com/trust-center/security-advisories/cve-2026-28318
[Reference]

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center