Full Report
In June 2026, Insikt Group® identified 60 high-impact vulnerabilities that should be prioritized for remediation, 30 of which had a Very Critical Recorded Future Risk Score. This represents a 49% increase from last month.
Analysis Summary
The following summary encapsulates the key findings from the Recorded Future Insikt Group® June 2026 Vulnerability Landscape report, focusing on the highest-priority security flaws identified.
# Vulnerability: June 2026 High-Impact Vulnerability Landscape (Consolidated)
## CVE Details
- **CVE IDs:** Primary focus on CVE-2026-35616 (Fortinet) and CVE-2026-25939 (Frangoteam), among 60 others.
- **CVSS Score:** Range includes 30 vulnerabilities with a "Very Critical" Recorded Future Risk Score (99/100).
- **CWE:** Includes RCE (Remote Code Execution), SSRF (Server-Side Request Forgery), and Authentication Bypass.
## Affected Systems
- **Products:**
- **Security/Network:** Fortinet FortiClient EMS, Ivanti Sentry, Cisco Catalyst SD-WAN, Cisco Unified Communications Manager, SolarWinds Serv-U, Ubiquiti UniFi OS/UDM.
- **Enterprise Softare:** Microsoft Office 2016/365, Oracle PeopleSoft, Splunk Enterprise, PTC Windchill.
- **Development/Core:** Linux Kernel, Google Chromium V8, Meta React Server Components.
- **Versions:** Specific to older versions of Windows (10/11, Server 2019) and various enterprise firmware.
- **Configurations:** Internet-facing assets and systems using default or misconfigured administrative interfaces.
## Vulnerability Description
The June 2026 report highlights a significant shift in the threat landscape, with a 49% increase in high-impact flaws compared to May. Notable technical flaws include:
- **CVE-2026-35616 (Fortinet):** Vulnerability in FortiClient EMS allowing for potential unauthorized actions.
- **CVE-2026-34910 (Ubiquiti):** A critical RCE flaw being actively exploited to build Mirai-based botnets.
- **CVE-2026-20253 (Splunk):** A pre-authentication RCE flaw affecting Splunk Enterprise.
## Exploitation
- **Status:** **Exploited in the wild.** 23 of the featured CVEs are in the CISA KEV catalog; 57 of the 60 were actively exploited in June 2026.
- **Complexity:** Ranges from Low to Medium; many flaws allow for pre-authentication execution.
- **Attack Vector:** Primarily **Network** (Remote).
- **PoC Availability:** Public Proof-of-Concepts (PoCs) are available for most high-risk CVEs (e.g., Cisco, Splunk, WinRAR, and Ubiquiti).
## Impact
- **Confidentiality:** Very High (Data exfiltration through SSRF and RCE).
- **Integrity:** Very High (Unauthorized system modification and malware installation).
- **Availability:** Very High (Botnet recruitment and system crashes).
## Remediation
### Patches
- **Microsoft:** Multiple updates for Windows and Office 365.
- **Fortinet:** Update FortiClient EMS to latest patched versions.
- **Ubiquiti:** Immediate firmware updates required for UniFi OS, UDM, and UDM-Pro.
- **Cisco:** Deploy patches for SD-WAN Manager and Unified Communications Manager.
### Workarounds
- **Network Segmentation:** Isolate management interfaces (Cisco, Ubiquiti, SolarWinds) from the public internet.
- **Disabled Services:** Temporarily disable vulnerable components if patches cannot be immediately applied (e.g., specific React Server Component packages).
## Detection
- **Indicators of Compromise (IoC):** Look for unusual outbound traffic to known Mirai C2 IPs (linked to Ubiquiti exploitation).
- **Detection Methods:**
- Use **Nuclei templates** specifically created for CVE-2026-35616 and CVE-2026-25939.
- Monitor for unauthorized database authentication attempts in Splunk environments.
- Scan internet-facing assets using Attack Surface Intelligence tools.
## References
- **Fortinet Advisory:** hxxps[://]fortiguard[.]com/
- **Cisco Security Advisories:** hxxps[://]tools[.]cisco[.]com/security/center/
- **CISA KEV Catalog:** hxxps[://]www[.]cisa[.]gov/known-exploited-vulnerabilities-catalog
- **Recorded Future Blog:** hxxps[://]www[.]recordedfuture[.]com/blog/june-2026-cve-landscape