【Vulnerability Alert】CISA Added 2 Known Exploited Vulnerabilities to the KEV Catalog (2026/06/29-2026/07/05)

publish date : 2026-07-13 update date : 2026-07-13

Source: Ministry of education information & communication security contingency platform

"" "" ""

Publication Number TACERT-ANA-2026070805075353 Publication Time 2026-07-08 17:16:54
Incident Type ANA-Vulnerability Alert Discovery Time 2026-07-08 17:16:54
Impact Level Low  
[Subject]
【Vulnerability Alert】CISA Added 2 Known Exploited Vulnerabilities to the KEV Catalog (2026/06/29-2026/07/05)
[Content]

Forwarded from TWCERTCC Cybersecurity Alert TWCERTCC-200-202607-00000003

【CVE-2026-48558】SimpleHelp Authentication Bypass Vulnerability (CVSS v3.1: 10.0)
【Whether exploited by ransomware: Unknown】There is an authentication bypass vulnerability in SimpleHelp's OIDC authentication process. When OIDC authentication is enabled on the system, the login process does not properly verify the cryptographic signature of the identity token. A remote unauthenticated attacker may submit a forged token to obtain an authenticated technician session; under some configurations, the attacker may even bypass multi-factor authentication.

【CVE-2026-45659】Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability (CVSS v3.1: 8.8)
【Whether exploited by ransomware: Unknown】Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability, allowing an authorized attacker to execute arbitrary code over the network.

Information Sharing Level: WHITE (the intelligence content is information that may be publicly disclosed)

[Affected Platform]

【CVE-2026-48558】Please refer to the affected versions listed by the official vendor https://simple-help.com/security/simplehelp-security-update-2026-05

【CVE-2026-45659】Please refer to the affected versions listed by the official vendor https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659

[Recommended Actions]

【CVE-2026-48558】The official vendor has released a remediation update for the vulnerability. Please update to the relevant version https://simple-help.com/security/simplehelp-security-update-2026-05

【CVE-2026-45659】The official vendor has released a remediation update for the vulnerability. Please update to the relevant version https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659

[Reference]

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center