CVE-2026-5710 Analysis: CVSS 7.5 HIGH
The Drag and Drop directory traversal (CVE-2026-5710) scores CVSS 7.5 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
Weekly Roundup
Security Roundup: April 12 to April 19, 2026
Weekly cybersecurity vulnerability roundup from Sherlock Forensics. 31 critical and high-severity CVEs analyzed from April 12 to April 19, 2026 with impact assessment and remediation guidance.
31 Vulnerabilities This Week
Critical findings
CVE-2026-6518 Analysis: CVSS 8.8 HIGH
The CMP – Coming remote code execution (CVE-2026-6518) scores CVSS 8.8 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-40525: Auth Bypass CVSS 9.1 | Sherlock Forensics
OpenViking prior to commit c7bb167 authentication bypass (CVE-2026-40525) scores CVSS 9.1 CRITICAL. Analysis of affected systems, exploitation risk and.
CVE-2026-40515 Analysis: CVSS 7.5 HIGH
OpenHarness before commit bd4df81 contains vulnerability (CVE-2026-40515) scores CVSS 7.5 HIGH. Analysis of affected systems, exploitation risk and.
CVE-2026-2262 Analysis: CVSS 7.5 HIGH
The Easy Appointments plugin vulnerability (CVE-2026-2262) scores CVSS 7.5 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-40516 Analysis: CVSS 8.3 HIGH
OpenHarness before commit bd4df81 contains vulnerability (CVE-2026-40516) scores CVSS 8.3 HIGH. Analysis of affected systems, exploitation risk and.
CVE-2026-3489 Analysis: CVSS 7.5 HIGH
The DirectoryPress – Business SQL injection (CVE-2026-3489) scores CVSS 7.5 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-5231 Analysis: CVSS 7.2 HIGH
The WP Statistics plugin cross-site scripting (CVE-2026-5231) scores CVSS 7.2 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-20205 Analysis: CVSS 7.2 HIGH
In Splunk MCP Server vulnerability (CVE-2026-20205) scores CVSS 7.2 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-3599 Analysis: CVSS 7.5 HIGH
The Riaxe Product Customizer SQL injection (CVE-2026-3599) scores CVSS 7.5 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-20186: Cisco ISE CVSS 9.9 RCE | Sherlock Forensics
CVE-2026-20186 is an authenticated command injection in Cisco ISE enabling root RCE (CVSS 9.9). Analysis of affected systems, exploitation risk and.
CVE-2026-3876 Analysis: CVSS 7.2 HIGH
The Prismatic plugin for cross-site scripting (CVE-2026-3876) scores CVSS 7.2 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-5050 Analysis: CVSS 7.5 HIGH
The Payment Gateway for vulnerability (CVE-2026-5050) scores CVSS 7.5 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-20147: Cisco ISE Root RCE | Sherlock Forensics
CVE-2026-20147 Cisco ISE detection playbook. Sigma rules, IOC hunt lists, triage commands. Command injection to root RCE. CVSS 9.9.
CVE-2026-4880: CVSS 9.8 Critical | Sherlock Forensics
The Barcode Scanner (+Mobile privilege escalation (CVE-2026-4880) scores CVSS 9.8 CRITICAL.
CVE-2026-20180: Cisco ISE Auth RCE | Sherlock Forensics
CVE-2026-20180 is an authenticated command injection in Cisco ISE enabling root RCE (CVSS 9.9). Analysis of affected systems, exploitation risk and.
CVE-2026-20184: CVSS 9.8 Critical | Sherlock Forensics
A vulnerability in the vulnerability (CVE-2026-20184) scores CVSS 9.8 CRITICAL. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-20204 Analysis: CVSS 7.1 HIGH
In Splunk Enterprise versions remote code execution (CVE-2026-20204) scores CVSS 7.1 HIGH.
CVE-2026-27243: CVSS 9.3 CRITICAL | Sherlock Forensics
Adobe Connect versions 2025.3, cross-site scripting (CVE-2026-27243) scores CVSS 9.3 CRITICAL.
CVE-2026-32089 Analysis: CVSS 7.8 HIGH | Sherlock Forensics
Use after free in vulnerability (CVE-2026-32089) scores CVSS 7.8 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-34619 Analysis: CVSS 7.7 HIGH | Sherlock Forensics
ColdFusion versions 2023.18, 2025.6 vulnerability (CVE-2026-34619) scores CVSS 7.7 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-34617 Analysis: CVSS 8.7 HIGH | Sherlock Forensics
Adobe Connect versions 2025.3, privilege escalation (CVE-2026-34617) scores CVSS 8.7 HIGH.
CVE-2026-26183 Analysis: CVSS 7.8 HIGH | Sherlock Forensics
Improper access control in access control (CVE-2026-26183) scores CVSS 7.8 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-32090 Analysis: CVSS 7.8 HIGH | Sherlock Forensics
Concurrent execution using shared vulnerability (CVE-2026-32090) scores CVSS 7.8 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-32171 Analysis: CVSS 8.8 HIGH | Sherlock Forensics
Insufficiently protected credentials in vulnerability (CVE-2026-32171) scores CVSS 8.8 HIGH.
CVE-2026-27245: CVSS 9.3 CRITICAL | Sherlock Forensics
Adobe Connect versions 2025.3, cross-site scripting (CVE-2026-27245) scores CVSS 9.3 CRITICAL.
CVE-2026-32168 Analysis: CVSS 7.8 HIGH | Sherlock Forensics
Improper input validation in vulnerability (CVE-2026-32168) scores CVSS 7.8 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-32192 Analysis: CVSS 7.8 HIGH | Sherlock Forensics
Deserialization of untrusted data deserialization (CVE-2026-32192) scores CVSS 7.8 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-27305 Analysis: CVSS 8.6 HIGH | Sherlock Forensics
ColdFusion versions 2023.18, 2025.6 vulnerability (CVE-2026-27305) scores CVSS 8.6 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-27926 Analysis: CVSS 7.0 HIGH | Sherlock Forensics
Concurrent execution using shared vulnerability (CVE-2026-27926) scores CVSS 7.0 HIGH. Analysis of affected systems, exploitation risk and remediation steps.
CVE-2026-27246: CVSS 9.3 CRITICAL | Sherlock Forensics
Adobe Connect versions 2025.3, cross-site scripting (CVE-2026-27246) scores CVSS 9.3 CRITICAL.