
The past month was dominated by vulnerabilities affecting network infrastructure, security appliances, SD-WAN platforms, centralized management systems, and access control technologies. The reporting period included 118 vulnerabilities across 86 advisories from F5, HPE, Palo Alto Networks, Cisco, Fortinet, Check Point, and Ivanti. Common vulnerability classes included command injection, authentication bypass, missing authorization, deserialization flaws, path traversal, buffer overflows, SSRF, and signature validation weaknesses.
The concentration of vulnerabilities in management planes and network-edge infrastructure reinforces a recurring challenge: many of the highest-risk assets fall outside the visibility provided by endpoint and OS-focused security tools. As organizations prioritize remediation, they should also verify the integrity and posture of the infrastructure that supports critical business operations.
The highest-priority activity this month centers on internet-facing security infrastructure and SD-WAN management platforms. Palo Alto Networks disclosed two critical vulnerabilities affecting PAN-OS and Prisma Access, both of which appear in CISA’s Known Exploited Vulnerabilities catalog and have multiple public proof-of-concept references (CVE-2026-0300, CVE-2026-0257). Cisco Catalyst SD-WAN Manager also warrants immediate attention due to a KEV-listed authentication bypass vulnerability with public exploit activity (CVE-2026-20182). These products frequently occupy privileged positions within enterprise networks, making successful exploitation disproportionately impactful.
Management and orchestration platforms represented a second major area of concern. F5 released 45 advisories covering BIG-IP, BIG-IQ, BIG-IP Next, APM, WAF, DNS, and related technologies. While none of the disclosed F5 vulnerabilities were listed in KEV during the reporting period, the volume and concentration of command injection, deserialization, privilege-management, and path traversal weaknesses increase the likelihood of exposure, particularly where management interfaces are broadly accessible. Cisco Secure Workload (CVE-2026-20223), FortiAuthenticator (CVE-2026-44277), FortiSandbox (CVE-2026-26083), and Ivanti Xtraction (CVE-2026-8043) also introduced critical vulnerabilities affecting privileged administrative functions and management workflows.
A third theme involves networking and SD-WAN ecosystems. HPE ArubaOS and Aruba SD-WAN advisories accounted for 32 vulnerabilities across two advisories, including command injection, SQL injection, access control, buffer overflow, certificate validation, and resource consumption weaknesses. Several affected-product entries relied on CPE, NVD descriptions, or inferred product mapping rather than authoritative product metadata. Security teams should validate affected asset inventories carefully rather than relying solely on vulnerability scanner identification.
Across all vendors, prioritization should be driven by exposure, privilege level, exploit availability, and the ability to verify remediation on affected infrastructure. KEV-listed vulnerabilities with public exploit references deserve immediate action, followed by vulnerabilities affecting management planes, identity infrastructure, firewalls, VPN services, SD-WAN controllers, and centralized orchestration systems.
JuneMay’s disclosures reinforce a familiar pattern: the most operationally significant vulnerabilities continue to concentrate around network-edge infrastructure, security appliances, SD-WAN platforms, and centralized management systems. These systems often sit in privileged positions within enterprise environments, making exploitation more consequential than vulnerabilities affecting individual endpoints.
Security teams should treat remediation as a validation exercise rather than a patching exercise. Establishing infrastructure trust requires direct verification of device and firmware posture, confirmation of applied fixes, and ongoing monitoring for unauthorized modifications.
Hardware-level visibility, firmware integrity validation, and continuous assessment of critical infrastructure help organizations verify that remediation efforts have reduced risk rather than simply recorded change activity.