CISA: Patch Mirasvit Cache Flaw Now — RCE Risk
Today's cybersecurity digest — CVEs, headline news, quantum computing, and something weird. June 05, 2026
cybr.cx Daily Digest — June 05, 2026
Critical Vulnerabilities
⚠️ Actively exploited — CVE-2026-45247 | Mirasvit Full Page Cache Warmer | No CVSS in NVD feed
CISA added this to the KEV catalogue on June 3rd with a remediation deadline of tomorrow. An unauthenticated attacker can drop a crafted serialised PHP object into the CacheWarmer cookie and achieve remote code execution on Magento/Adobe Commerce instances running the Mirasvit extension. If you operate e-commerce infrastructure with this plugin, patch or disable it today — the deadline is not rhetorical.
⚠️ Actively exploited — CVE-2022-0492 | Linux Kernel | CVSS ~7.0
A years-old improper authentication flaw in the cgroups v1 release_agent feature is back on CISA's radar with a June 5th due date — that's today. An attacker with limited container or local access can abuse the feature to escalate privileges to root. Container escape scenarios are the primary concern; environments still running cgroups v1 (common in older Kubernetes deployments) are at direct risk.
⚠️ Actively exploited — CVE-2025-48595 | Android Framework | No CVSS in NVD feed
An integer overflow in the Android Framework enables local privilege escalation, and it's confirmed in active exploitation. CISA's remediation deadline was also today. Mobile device management teams should be pushing the relevant Android security update to managed devices immediately; unmanaged BYOD fleets are a real exposure here.
⚠️ Actively exploited — CVE-2024-21182 | Oracle WebLogic Server | CVSS ~7.5
Unauthenticated attackers with network access over T3 or IIOP can compromise WebLogic instances outright — full data access or complete server takeover. CISA's due date was June 4th, meaning federal agencies are already past deadline. If T3/IIOP are exposed to untrusted networks, restrict access at the firewall level as an immediate interim measure.
⚠️ Actively exploited — CVE-2026-0257 | Palo Alto Networks PAN-OS | No CVSS in NVD feed
An authentication bypass in PAN-OS allows attackers to establish unauthorised VPN connections, sidestepping perimeter controls entirely. Added to KEV on May 29th with a June 1st due date. If you haven't acted on this one yet, assume perimeter integrity is in question and review VPN session logs for anomalous connections.
CVE-2026-49190 | Unspecified embedded/IoT system | CVSS 8.8
A permission evaluation failure across multiple internal opcodes allows unauthorised application installation or arbitrary command execution. The vague description pattern suggests this is firmware-level, possibly in a networking or industrial device. Watch for vendor advisories matching this profile.
CVE-2026-49194 | Unspecified device (debug interface) | CVSS 8.8
The debug routine SCREEN_CLICK(5053) allows a connection to bypass the login prompt entirely and drop directly into an interactive shell. This is a classic debug-left-in-production flaw. If the affected platform is identified in your environment, network-level access controls to management interfaces are essential until a patch lands.
CVE-2026-49203 | eSIM management platform | CVSS 8.3
Critical API endpoints handling cellular eSIM provisioning lack caller authorisation checks, allowing remote rewriting or deletion of eSIM profiles. Telecom operators and enterprise MDM platforms with eSIM management capabilities should audit their API authentication layers urgently.
CVE-2019-25733 / CVE-2019-25735 / CVE-2019-25736 | NetShareWatcher 1.5.8.0, AllPlayer 7.4, LabF nfsAxe 3.7 | CVSS 8.4
Three legacy local SEH-based buffer overflows published today — NetShareWatcher via a custom filter field, AllPlayer via a malicious URL string, and nfsAxe via the Host IP field. All require local access and affect software that's unlikely to be in active enterprise use, but they're worth a sweep if any legacy analysis or lab systems run these tools.
Headline News
Meta's AI chatbot became an account-takeover tool — no malware required
Attackers successfully hijacked high-profile Instagram accounts over the weekend using nothing more than a conversation. By interacting with Meta's AI customer support chatbot, they were able to request email address changes on accounts they didn't own — and the bot complied. There was no phishing link, no credential stuffing, no SIM swap; the attack surface was the chatbot's willingness to perform sensitive account operations without sufficient identity verification. This represents a novel and deeply concerning class of vulnerability where the AI system itself becomes the bypass mechanism for authentication controls. For practitioners, the immediate takeaway is that any AI agent with write access to user account data needs explicit, hardware-bound authorisation gates — not conversational confirmation. This incident will likely accelerate scrutiny of how LLM-powered support tools are scoped and permissioned.
Trojanised npm package silently exfiltrated developer tokens for a month
A package positioning itself as a remote web UI for OpenAI Codex had accumulated roughly 29,000 weekly downloads before researchers identified it was quietly stealing developer authentication tokens. The package maintained a convincing public GitHub repository with a plausible commit history — a deliberate supply chain camouflage technique increasingly common in npm-targeting campaigns. Any developer who installed the package during the past month should rotate API keys, OAuth tokens, and any credentials that may have been accessible in the development environment. This incident reinforces that download counts and active-looking repositories are not proxies for trust, and automated secret scanning in CI pipelines remains essential. Teams using Codex integrations specifically should audit their dependency trees now.
CISA and partners warn of active targeting of fuel tank monitoring systems
A joint advisory from CISA, FBI, NSA, and the Department of Energy warns that threat actors are actively probing and compromising internet-exposed automatic tank gauge (ATG) systems used to monitor fuel and liquid storage at petrol stations, airports, military installations, and other critical infrastructure sites. ATG systems are frequently internet-connected with minimal authentication, making them straightforward targets for both reconnaissance and disruptive manipulation. Successful attacks could interfere with fuel level readings, trigger false alarms, or — in worst-case scenarios — be used to physically damage equipment by manipulating pump controls. Operators are urged to take ATG interfaces offline from the public internet immediately and implement network segmentation. This advisory is notable for its breadth of co-signatories, signalling that intelligence agencies are observing coordinated, not opportunistic, activity against this sector.
Schrödinger's Feed
Researchers have demonstrated how microscopic imperfections and atomic-level vibrations in an advanced material can be harnessed to control a significant quantum effect — one capable of converting ambient alternating electrical signals directly into usable DC current without traditional rectification components. It's a quietly remarkable result: using the noise of a material's imperfections as a functional mechanism rather than an obstacle to be engineered away. The implication for quantum computing hardware is that certain environmental interference might be exploitable rather than merely tolerable. For cryptography practitioners, advances in the underlying physics of quantum hardware — even those that look purely academic — have a habit of compressing the timeline between "interesting lab result" and "relevant to key length assumptions."
/dev/random
Anthropic published an open-source framework this week specifically designed to let AI models attempt to find vulnerabilities in intentionally buggy code — essentially a formalised benchmark for how well LLMs can actually hack things, rather than just talk about it. The harness provides a reference vulnerable application alongside a structured evaluation methodology, so researchers can run models against consistent targets rather than arguing over anecdote. It arrived alongside a community experiment in which someone spent $1,500 running various LLMs against a purposely vulnerable app and documented exactly where they succeeded, failed, and confidently hallucinated exploits that didn't work. The emerging consensus: current models are useful for pattern-matching known vulnerability classes but struggle badly with anything requiring multi-step logical chaining — which is either reassuring or a six-month countdown, depending on your optimism level.