CVE-2026-48558

CVE: SimpleHelp Authentication Bypass Vulnerability: SimpleHelp contains an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication.
CWE: CWE-347
Published: SimpleHelp | SimpleHelp
Link: https://www.cve.org/CVERecord?id=CVE-2026-48558

Threat Analysis (SimpleHelp Authentication Bypass Vulnerability: SimpleHelp contains an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication.)

  1. Impact – Attacker can obtain a fully authenticated technician session without any user credentials, potentially gaining administrative control or modifying system settings. May also bypass multi‑factor authentication if configured to rely solely on the ID token.

  2. Affected components / attack surface – SimpleHelp’s OIDC login endpoint (typically /.well‑known/oauth/token or similar) and the token‑validation logic used to issue technician sessions. The vulnerability exists only when OIDC authentication is enabled.

  3. Exploitation prerequisites / minimal assumptions – Remote, unauthenticated attacker with network reach to SimpleHelp, ability to send HTTP POST/GET with a forged ID token. Token must be signed with a valid private key or can be crafted with any payload (no verification of signature).

  4. Detection ideas / indicators – Unexpected OIDC token issuance with non‑standard issuer or missing signature verification in logs. Alert on high‑frequency token requests from external IPs.

  5. Mitigations / workarounds – Disable OIDC authentication or enforce strict token‑signature validation on the server; rotate secret keys; implement CWE‑347 remediation (e.g., use signed tokens with trusted issuers).

  6. Verification steps – Confirm token signing is enforced by sending a token with a known private key; observe that the server rejects it if signature verification fails. Also test that disabling OIDC returns the original credential‑only flow.

CVE-2026-20230

CVE: Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability: Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) contain a server-side request forgery (SSRF) Vulnerability that could allow an unauthenticated, remote attacker to write files to the underlying operating system that could be used later to elevate to root.
CWE: CWE-918
Published: Cisco | Unified Communications Manager
Link: https://www.cve.org/CVERecord?id=CVE-2026-20230

Threat Analysis (Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability: Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) contain a server-side request forgery (SSRF) Vulnerability that could allow an unauthenticated, remote attacker to write files to the underlying operating system that could be used later to elevate to root.)

  1. Impact: Remote attacker can trigger server‑side SSRF to write arbitrary files to the host OS, potentially leading to OS privilege escalation (e.g., root shell).

  2. Affected components/attack surface: Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME); server‑side HTTP request processing (handlers, session APIs).

  3. Exploitation prerequisites: Unauthenticated attacker can send a crafted HTTP request (POST/PUT) with malicious payload to a vulnerable endpoint; no authentication required; OS must allow file write (e.g., /tmp).

  4. Detection ideas/indicators: Logs of unusual HTTP POSTs to file‑related paths; creation of unexpected files in /tmp or /var/tmp; IDS alerts for SSRF patterns; repeated requests to known SSRF vectors.

  5. Mitigations/workarounds: Disable server‑side file write; enforce strict input validation; limit request body size; apply CVE‑2026‑20230 patch; run services under least‑privilege OS user.

  6. Verification steps: Capture traffic with Wireshark to confirm malicious request; attempt file creation; verify no file exists or is owned by root; confirm patch applied; test with known exploit script.

CVE-2026-12569

CVE: PTC Windchill and FlexPLM Improper Input Validation Vulnerability: PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by sending a malicious request to the network.
CWE: CWE-20|
Published: PTC | Windchill and FlexPLM
Link: https://www.cve.org/CVERecord?id=CVE-2026-12569

Threat Analysis (PTC Windchill and FlexPLM Improper Input Validation Vulnerability: PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by sending a malicious request to the network.)

  1. Impact – Unauthenticated remote attacker can execute arbitrary code on the PTC Windchill/FlexPLM server, potentially leading to full system compromise, data theft, or denial‑of‑service.

  2. Affected components/attack surface – The vulnerable endpoint is a network‑exposed API in the Windchill server (and related FlexPLM client/server components) that processes unsanitized input.

  3. Exploitation prerequisites – Ability to send a crafted request to the target endpoint over the network; no authentication required.

  4. Detection ideas/indicators – Unexpected remote requests, high‑memory or process‑creation spikes, repeated error logs, or execution of unknown binaries on the server.

  5. Mitigations/workarounds – Apply the vendor patch immediately; if unavailable, restrict the endpoint to trusted internal networks, enforce strict input validation, and monitor for anomalous traffic.

  6. Verification steps – Confirm patch installation, run the vulnerable version in a sandbox to reproduce the CVE, and verify that no arbitrary code is executed after patch or mitigation.

CVE-2026-34908

CVE: Ubiquiti UniFi OS Improper Access Control Vulnerability: Ubiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to the network to make unauthorized changes to the system.
CWE: CWE-284
Published: Ubiquiti | UniFi OS
Link: https://www.cve.org/CVERecord?id=CVE-2026-34908

Threat Analysis (Ubiquiti UniFi OS Improper Access Control Vulnerability: Ubiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to the network to make unauthorized changes to the system.)
  1. Impact: Unauthorized configuration or firmware modifications on the UniFi OS system, potentially causing network disruption, data exfiltration, or privilege escalation.
  2. Affected components/attack surface: UniFi OS server/agent, web UI, SSH/CLI interfaces, and any device running UniFi OS with network exposure.
  3. Exploitation prerequisites: attacker must reach the UniFi network and obtain valid login credentials (admin or token) to the management interface.
  4. Detection ideas/indicators: unexpected config changes, new admin users, SSH logins from unknown IPs, web UI modifications, and absence of the patch.
  5. Mitigations/workarounds: apply the latest UniFi OS patch, disable unused services, enforce strong authentication, and segment the UniFi network.
  6. Verification steps: confirm patch version, run unifi-os-patch --check, compare config files against baseline, and audit logs for anomalous activity.

CVE-2026-34909

CVE: Ubiquiti UniFi OS Path Traversal Vulnerability: Ubiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that could be manipulated to access an underlying account.
CWE: CWE-22
Published: Ubiquiti | UniFi OS
Link: https://www.cve.org/CVERecord?id=CVE-2026-34909

Threat Analysis (Ubiquiti UniFi OS Path Traversal Vulnerability: Ubiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that could be manipulated to access an underlying account.)

  1. Impact: Path traversal lets a remote actor read any file on the UniFi OS host, potentially exposing credentials or configuration data that could enable account takeover.

  2. Affected components: UniFi OS kernel/rootfs, network services (SSH, web UI) that accept file‑path parameters, and any API call using relative paths.

  3. Prerequisites: Network access to the device; attacker can craft a request with a malicious path component. No additional authentication bypass is required beyond normal login.

  4. Detection: Look for unexpected file access logs, new files in /tmp or system directories, and SSH command history showing path‑traversal patterns.

  5. Mitigations: Validate/normalize all path inputs, escape special characters, restrict file‑system permissions, enforce a whitelist of allowed paths, and upgrade to the patched version.

  6. Verification: Reproduce the traversal with a test payload, confirm logs show the attempt, apply the patch, and verify no new files or privilege escalation occur.