[Content]
Forwarded from TWCERTCC-200-202602-00000009

【CVE-2026-21513】Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability (CVSS v3.1: 8.8)

【Ransomware Exploitation: Unknown】 Microsoft MSHTML Framework contains a protection mechanism failure vulnerability, which may allow an unauthorized attacker to bypass security features over the network.

【CVE-2026-21525】Microsoft Windows NULL Pointer Dereference Vulnerability (CVSS v3.1: 6.2)

【Ransomware Exploitation: Unknown】 Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference vulnerability, which may allow an unauthorized attacker to cause a denial-of-service condition locally.

【CVE-2026-21510】Microsoft Windows Shell Protection Mechanism Failure Vulnerability (CVSS v3.1: 8.8)

【Ransomware Exploitation: Unknown】 Microsoft Windows Shell contains a protection mechanism failure vulnerability, which may allow an unauthorized attacker to bypass security features over the network.

【CVE-2026-21533】Microsoft Windows Improper Privilege Management Vulnerability (CVSS v3.1: 7.8)

【Ransomware Exploitation: Unknown】 Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability, which may allow an authorized attacker to elevate privileges locally.

【CVE-2026-21519】Microsoft Windows Type Confusion Vulnerability (CVSS v3.1: 7.8)

【Ransomware Exploitation: Unknown】 Microsoft Desktop Window Manager contains a type confusion vulnerability, which may allow an authorized attacker to elevate privileges locally.

【CVE-2026-21514】Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability (CVSS v3.1: 7.8)

【Ransomware Exploitation: Unknown】 Microsoft Office Word relies on untrusted inputs in a security decision, which may allow an authorized attacker to elevate privileges locally.

【CVE-2026-20700】Apple Multiple Buffer Overflow Vulnerability (CVSS v3.1: 7.8)

【Ransomware Exploitation: Unknown】 Apple iOS, macOS, tvOS, watchOS, and visionOS contain buffer overflow vulnerabilities, which may allow an attacker with memory write capabilities to execute arbitrary code.

【CVE-2024-43468】Microsoft Configuration Manager SQL Injection Vulnerability (CVSS v3.1: 9.8)

【Ransomware Exploitation: Unknown】 Microsoft Configuration Manager contains a SQL injection vulnerability. An unauthenticated attacker can send specially crafted requests to the target environment to execute commands on the server and/or the underlying database.

【CVE-2025-15556】Notepad++ Download of Code Without Integrity Check Vulnerability (CVSS v3.1: 7.5) 【Ransomware Exploitation: Unknown】 Notepad++ contains a vulnerability involving the download of code without integrity verification when using the WinGUp updater. An attacker may intercept or redirect update traffic to download and execute an attacker-controlled installer. This vulnerability may allow the attacker to execute arbitrary code with user-level privileges.

【CVE-2025-40536】SolarWinds Web Help Desk Security Control Bypass Vulnerability (CVSS v3.1: 8.1)

【Ransomware Exploitation: Unknown】 SolarWinds Web Help Desk contains a security control bypass vulnerability, which may allow an unauthenticated attacker to access certain restricted functionalities.

【CVE-2026-1731】BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability (CVSS v3.1: 9.8)

【Ransomware Exploitation: Yes】 BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) contain an operating system command injection vulnerability. This vulnerability may allow an unauthenticated remote attacker to execute operating system commands as the website user. This vulnerability can be exploited without authentication or user interaction and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption."

(Information Sharing Level: WHITE (Information content can be publicly disclosed)

[Affected Platform]
【CVE-2026-21513】Please refer to the officially listed affected versions: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21513

【CVE-2026-21525】Please refer to the officially listed affected versions: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525

【CVE-2026-21510】Please refer to the officially listed affected versions: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510

【CVE-2026-21533】Please refer to the officially listed affected versions: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533

【CVE-2026-21519】Please refer to the officially listed affected versions: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519

【CVE-2026-21514】Please refer to the officially listed affected versions: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514

【CVE-2026-20700】Please refer to the officially listed affected versions: https://support.apple.com/en-us/100100 【CVE-2024-43468】Please refer to the officially listed affected versions: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468

【CVE-2025-15556】Please refer to the officially listed affected versions: https://notepad-plus-plus.org//news//clarification-security-incident/

【CVE-2025-40536】Please refer to the officially listed affected versions: https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40536 【CVE-2026-1731】Please refer to the officially listed affected versions: https://www.beyondtrust.com/trust-center/security-advisories/bt26-02"

[Recommended Actions]
【CVE-2026-21513】 The vendor has released a security update to address this vulnerability. Please upgrade to the relevant patched version: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21513

【CVE-2026-21525】 The vendor has released a security update to address this vulnerability. Please upgrade to the relevant patched version: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525

【CVE-2026-21510】 The vendor has released a security update to address this vulnerability. Please upgrade to the relevant patched version: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510

【CVE-2026-21533】 The vendor has released a security update to address this vulnerability. Please upgrade to the relevant patched version: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533

【CVE-2026-21519】 The vendor has released a security update to address this vulnerability. Please upgrade to the relevant patched version: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519

【CVE-2026-21514】 The vendor has released a security update to address this vulnerability. Please upgrade to the relevant patched version: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514

【CVE-2026-20700】 The vendor has released a security update to address this vulnerability. Please upgrade to the relevant patched version: https://support.apple.com/en-us/100100

【CVE-2024-43468】 The vendor has released a security update to address this vulnerability. Please upgrade to the relevant patched version: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468

【CVE-2025-15556】 The vendor has released a security update to address this vulnerability. Please upgrade to the relevant patched version: https://notepad-plus-plus.org//news//clarification-security-incident/

【CVE-2025-40536】 The vendor has released a security update to address this vulnerability. Please upgrade to the relevant patched version: https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40536

【CVE-2026-1731】 The vendor has released a security update to address this vulnerability. Please upgrade to the relevant patched version: https://www.beyondtrust.com/trust-center/security-advisories/bt26-02