Vulnerability Review – May 2026

This blog is a recap of the most critical vulnerabilities disclosed between 01 May to 31 May 2026 that most likely impact software utilized by managed service providers (MSPs).

While not all MSPs use the software discussed in this blog, the software has been labeled as a priority software by Blackpoint Cyber’s Adversary Pursuit Group (APG) due to the overall number of MSPs/organizations that use it.

Key Findings

There were more than 6,500 vulnerabilities disclosed between 01 May to 31 May 2026, with more than 53% being scored with a high or critical Common Vulnerability Scoring System (CVSS) rating.

The U.S. CISA added 21 vulnerabilities to their Known Exploited Vulnerability (KEV) Catalog, indicating reliable reports of active exploitation.

Blackpoint’s APG assesses with high confidence that threat actors will continue to leverage known and unknown vulnerabilities in ubiquitous software and services over the next 12 months.

Prioritized Software Categories – May 2026

The Blackpoint APG tracks prioritized software across six categories; in May 2026, we delivered notices spanning five of them. These categories include tools that are widely used and critical to daily operations, indicating that security issues in these areas have a higher change of causing devastating impacts if successfully exploited. These categories are detailed in the Glossary.

Vulnerability Review – May 2026

Apache HTTP Server – Multiple Vulnerabilities

CVE-2026-28780

Prioritized Category: IT Management & Operations

Impacted Software: Apache HTTP Server

Type: Heap Based Overflow Vulnerability

CVSS: 9.8 Critical

CISA KEV Catalog: Yes/No – added Month DD, YYYY

CVE-2026-23918

Prioritized Category: IT Management & Operations

Impacted Software: Apache HTTP Server

Type: Double Free Vulnerability

CVSS: 8.8 High

CISA KEV Catalog: Yes/No – added Month DD, YYYY

CVE-2026-24072

Prioritized Category: IT Management & Operations

Impacted Software: Apache HTTP Server

Type: Escalation of Privilege Vulnerability

CVSS: #.# (Critical/High/Medium/Low)

CISA KEV Catalog: Yes/No – added Month DD, YYYY

Apache HTTP Server is an attractive target for attackers because it is frequently internet-facing and provides a gateway to web applications, backend systems, and internal infrastructure. Successful exploitation of these vulnerabilities could allow threat actors to achieve remote code execution (RCE), disrupt service, elevate privileges, deploy malware, or move laterally within a compromised environment. [1]

Cisco – Multiple Vulnerabilities

CVE-2026-20182

Prioritized Category: Network & Infrastructure

Impacted Software: Cisco Catalyst SD-WAN Controller

Type: Authentication Bypass Vulnerability

CVSS: 10.0 Critical

CISA KEV Catalog: Yes – added May 14, 2026

Threat actors could exploit this vulnerability to bypass authentication and log into an impacted controller as an internal, high-privileged, non-root user account. An attacker could then access NETCONF, which would allow them to manipulate network configurations for the SD-WAN fabric. [2]

Cisco reported that this vulnerability was actively exploited by UAT-8616. The threat actor reportedly attempted to add SSH keys, modify NETCONF configurations, and elevate to root privileges. [3]

CVE-2026-20128

Prioritized Category: Network & Infrastructure

Impacted Software: Cisco Catalyst SD-WAN Controller

Type: Escalation of Privilege Vulnerability

CVSS: 7.5 High

CISA KEV Catalog: Yes – added April 20, 2026

While this vulnerability was reported in April 2026 [4]; Cisco reported, in May, that the vulnerability is being exploited by at least 10 different clusters of activity. This vulnerability enables remote threat actors to gain Data Collection Agent (DCA) user privileges on an impacted system. Threat actors have been reported to exploit this vulnerability to deploy post-exploitation frameworks, web shells, and cryptominers since at least March 2026. [3]

CVE-2026-20223

Prioritized Category: Security & Threat Defense

Impacted Software: Cisco Secure Workload

Type: Authentication Bypass Vulnerability

CVSS: 10 Critical

CISA KEV Catalog: No

An unauthenticated, remote threat actor could exploit this vulnerability to access site resources with the privileges of the Site admin role. An attacker could exploit this to read sensitive information, modify configurations, and identify and map additional targets within a network.[5]

Fortinet – Multiple Vulnerabilities

CVE-2026-44277

Prioritized Category: Remote Access & Identity

Impacted Software: Fortinet FortiAuthenticator 8.0.0, 6.6.0 through 6.6.8, and 6.5.0 through 6.5.6

Type: Improper Access Control vulnerability

CVSS: 9.1 Critical

CISA KEV Catalog: No

This vulnerability enables an unauthenticated attacker to execute code or commands via crafted requests. This vulnerability does not impact FortiAuthenticator Cloud. [6]

CVE-2026-26083

Prioritized Category: Security & Threat Defense

Impacted Software: FortiSandbox, FortiSandbox Cloud and FortiSandbox PaaS WEB UI

Type: Missing Authorization Vulnerability

CVSS: 9.1 Critical

CISA KEV Catalog: No

Threat actors could exploit this vulnerability to execute code or commands via HTTP requests. [7] A threat actor that can reach the appliance can submit requests that the application would process as privileged operations, leading to unauthorized execution.

While there is no evidence that these vulnerabilities were exploited; Fortinet products are an attractive target and are historically targeted by financially motivated threat actors for initial access, persistence, and more.

Microsoft – Multiple Vulnerabilities

CVE-2026-42897

Prioritized Category: Productivity, Communication, & Knowledge

Impacted Software: Microsoft Exchange Server

Type: Cross-Site Scripting (XXS) Vulnerability

CVSS: 8.1 High

CISA KEV Catalog: Yes – added May 15, 2026

A threat actor could exploit this vulnerability by sending a specially crafted email to a target; when the recipient opens the message in Outlook Web Access, arbitrary JavaScript executes in the browser context.[8] Successful exploitation can allow attackers to steal authenticated session tokens, harvest credentials, pivot to broader phishing campaigns against internal users, and leverage access to Exchange as a foothold for lateral movement and persistence across connected environments. The vulnerability was reported as actively exploited; however, no details of the exploitation were released.

CVE-2026-41091

Prioritized Category: Security & Threat Defense

Impacted Software: Microsoft Defender

Type: Elevation of Privilege Vulnerability

CVSS: 7.8 High

CISA KEV Catalog: Yes – added May 20, 2026

An attacker with local endpoint access could exploit improper symlink resolution in Defender to gain SYSTEM-level privileges, which could enable them to disable security controls and move laterally. A privilege escalation inside the endpoint security tool itself gives an attacker the ability to tamper with logging, move laterally, and deploy malware with significantly reduced detection risk.[9]

Palo Alto – CVE-2026-0300

Prioritized Category: Network & Infrastructure

Impacted Software: Palo Alto Networks PAN-OS

Type: Out-of-bounds Write Vulnerability

CVSS: 9.8 Critical

CISA KEV Catalog: Yes – added May 06, 2026

Threat actors could exploit this vulnerability by sending specially crafted packets, which would allow them to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls. [10] Successful compromise could allow attackers to gain control of perimeter security devices, intercept or manipulate network traffic, establish persistence, pivot internally, or disrupt security operations.

Palo Alto Networks confirmed the vulnerability is being actively exploited in the wild against exposed systems. The issue primarily impacts internet-facing firewalls with the Authentication Portal enabled and accessible from untrusted networks.

Progress Software – Multiple Vulnerabilities

CVE-2026-4670

Prioritized Category: IT Management & Operations

Impacted Software: Progress MOVEit Automation

Type: Authentication Bypass Vulnerability

CVSS: 9.8 Critical

CISA KEV Catalog: No

This vulnerability is network exploitable with no user interaction and could allow threat actors to gain unauthenticated remote access to targeted systems. [11] Successful exploitation could expose sensitive data and enable further compromise of managed file transfer workflows.

CVE-2026-5174

Prioritized Category: IT Management & Operations

Impacted Software: Progress MOVEit Automation

Type: Escalation of Privilege Vulnerability

CVSS: 8.8 High

CISA KEV Catalog: No

A threat actor could exploit this vulnerability to elevate privileges to administrative access within the system, which could then enable full control over the MOVEit environment, including management of users, workflows, and configurations. [11]

While these vulnerabilities have not been reported to be exploited in the wild, the platform’s history as a high-value target increases the likelihood of real-world attacks.

SAP – CVE-2026-34260

Prioritized Category: IT Management & Operations

Impacted Software: SAP S/4HANA

Type: SQL Injection Vulnerability

CVSS: 9.6 Critical

CISA KEV Catalog: No

SonicWall – Multiple Vulnerabilities

This enables threat actors with basic privileges to inject malicious SQL statements in low-complexity attacks that could provide them with access to sensitive database information and could crash the application. [12] SAP S/4HANA often sits at the center of enterprise environments and supports critical operations, which likely makes it an attractive target for both financially motivated and nation-state actors.

CVE-2026-0204

Prioritized Category: Network & Infrastructure

Impacted Software: SonicWall Gen 6 firewalls (SonicOS < 6.5.5.2‑28n); Gen 7 firewalls and NSv (< 7.3.2‑7010), and Gen 8 firewalls (< 8.2.0‑8009)

Type: Improper Access Control Vulnerability

CVSS: 8.0 High

CISA KEV Catalog: No

Threat actors can access or interact with management interface functions under certain conditions, potentially leading to administrative-level control or configuration manipulation. [13]

CVE-2026-0205

Prioritized Category: Network & Infrastructure

Impacted Software: SonicWall Gen 6 firewalls (SonicOS < 6.5.5.2‑28n); Gen 7 firewalls and NSv (< 7.3.2‑7010), and Gen 8 firewalls (< 8.2.0‑8009)

Type: Path Traversal Vulnerability

CVSS: 6.8 Medium

CISA KEV Catalog: No

This vulnerability requires authentication to be exploited; threat actors with authenticated access can traverse directories and interact with restricted services, potentially exposing sensitive data or enabling further compromise. [13]

CVE-2026-0206

Prioritized Category: Network & Infrastructure

Impacted Software: SonicWall Gen 6 firewalls (SonicOS < 6.5.5.2‑28n); Gen 7 firewalls and NSv (< 7.3.2‑7010), and Gen 8 firewalls (< 8.2.0‑8009)

Type: Stack-Based Buffer Overflow Vulnerability

CVSS: 4.9 Medium

CISA KEV Catalog: No

This vulnerability requires authentication to be exploited; threat actors with authenticated access can trigger a buffer overflow to crash the firewall, causing denial of service conditions. [13]

Network edge devices are frequently targeted due to the level of access they can grant, the impact of an attack, and the ability to map out and move through an impacted network.

Blackpoint’s APG Analysis

Blackpoint’s Security Operations Center (SOC) consistently monitors and actions lateral movement and remote execution within our customer’s environments. Additionally, Blackpoint has detections in place to identify the behaviors associated with the vulnerabilities detailed within this blog.

Blackpoint’s APG assesses with high confidence that threat actors will continue to target, or begin targeting, these vulnerabilities over the next 12 months to deploy malware, steal sensitive information, and gain unauthorized access to organizations. It is likely that these vulnerabilities will be targeted by multiple types of threat actors, including both nation-state and financially motivated threat actors over the next 12 months.

Glossary

Data Protection & Recovery: These tools are very likely to store important data from multiple systems in one place, making them an attractive target for threat actors. Attackers who gain access to these systems can delete company backups, encrypt them, or steal data.

IT Management & Operations: IT teams use these tools to monitor systems, fix issues, and automate tasks. These tools typically have high-level access permissions and an attacker who gains access could change settings, run malicious code, or spread across many systems without detection. A single compromise of these tools could impact multiple customers as the result of a single intrusion.

Network & Infrastructure: These systems control how data moves in and out of a network; they often sit between the internal systems and the internet. Due to their exposure and being highly trusted, they are attractive targets for threat actors and are frequently targeted. An attacker that successfully targets these systems could access internal systems, access network traffic, or bypass security controls.

Productivity, Communication, & Knowledge: These tools frequently contain sensitive data, instructions, and private conversations, making them attractive tools for threat actors. An attacker that gains access to these tools can read private messages, steal information, impersonate trusted users, and conduct additional attacks from a trusted platform.

Remote Access & Identity: These tools are frequently used by administrators and are trusted across the environment, making them an attractive target for threat actors. An attacker that gains access to or abuses tools within this category can log in as legitimate users, bypass security checks, and more through systems without being detected.

Security & Threat Defense: These tools collect security data and alert teams when something appears suspicious or malicious. Attackers that exploit these tools can hide their activity, turn off alerts, or delete evidence of their activity. This type of abuse can leave security teams blind to malicious activity and allow attackers to complete their objectives.

References

1. Cisco SD-WAN RPA2 Advisory

2. Talos Intelligence – SD-WAN Ongoing Exploitation

3. Cisco SD-WAN Auth Bypass Advisory

4. Cisco Secure Workload Advisory

5. Fortinet PSIRT – FG-IR-26-128

6. Fortinet PSIRT – FG-IR-26-136

7. Microsoft Security Response Center – CVE-2026-42897

8. Microsoft Security Response Center – CVE-2026-41091

9. Palo Alto Networks – CVE-2026-0300

10. Progress MOVEit Automation Security Bulletin – CVE-2026-4670 & CVE-2026-5174

11. SAP Security Notes – May 2026

12. SonicWall PSIRT – SNWLID-2026-0004

DATE PUBLISHEDJune 4, 2026

AUTHORBlackpoint Cyber

2026 Annual Threat Report

What actually worked for attackers in 2025.

Most attackers aren’t breaking in
They’re logging in

Explore the real patterns behind modern intrusions in the 2026 Annual Threat Report

GET THE REPORT

img:is([sizes=auto i],[sizes^="auto," i]){contain-intrinsic-size:3000px 1500px}#fancybox-outer{background:#fff}#fancybox-content{background:#fff;border-color:#fff;color:#000}#fancybox-title,#fancybox-title-float-main{color:#fff}.searchwp-live-search-result .searchwp-live-search-result--title a{font-size:16px}.searchwp-live-search-result .searchwp-live-search-result--price{font-size:14px}.searchwp-live-search-result .searchwp-live-search-result--add-to-cart .button{font-size:14px}@media ( min-width: 992px ){.block-visibility-hide-large-screen{display:none !important}}@media ( min-width: 768px ) and ( max-width: 991.98px ){.block-visibility-hide-medium-screen{display:none !important}}@media ( max-width: 767.98px ){.block-visibility-hide-small-screen{display:none !important}}.searchwp-live-search-results{opacity:0;transition:opacity .25s ease-in-out;-moz-transition:opacity .25s ease-in-out;-webkit-transition:opacity .25s ease-in-out;height:0;overflow:hidden;z-index:9999995;position:absolute;display:none}.searchwp-live-search-results-showing{display:block;opacity:1;height:auto;overflow:auto}.searchwp-live-search-no-results{padding:3em 2em 0;text-align:center}.searchwp-live-search-no-min-chars:after{content:"Continue typing";display:block;text-align:center;padding:2em 2em 0}.is-small-text{font-size:.875em}.is-regular-text{font-size:1em}.is-large-text{font-size:2.25em}.is-larger-text{font-size:3em}.has-drop-cap:not(:focus):first-letter{float:left;font-size:8.4em;font-style:normal;font-weight:100;line-height:.68;margin:.05em .1em 0 0;text-transform:uppercase}body.rtl .has-drop-cap:not(:focus):first-letter{float:none;margin-left:.1em}p.has-drop-cap.has-background{overflow:hidden}:root :where(p.has-background){padding:1.25em 2.375em}:where(p.has-text-color:not(.has-link-color)) a{color:inherit}p.has-text-align-left[style*="writing-mode:vertical-lr"],p.has-text-align-right[style*="writing-mode:vertical-rl"]{rotate:180deg}h1:where(.wp-block-heading).has-background,h2:where(.wp-block-heading).has-background,h3:where(.wp-block-heading).has-background,h4:where(.wp-block-heading).has-background,h5:where(.wp-block-heading).has-background,h6:where(.wp-block-heading).has-background{padding:1.25em 2.375em}h1.has-text-align-left[style*=writing-mode]:where([style*=vertical-lr]),h1.has-text-align-right[style*=writing-mode]:where([style*=vertical-rl]),h2.has-text-align-left[style*=writing-mode]:where([style*=vertical-lr]),h2.has-text-align-right[style*=writing-mode]:where([style*=vertical-rl]),h3.has-text-align-left[style*=writing-mode]:where([style*=vertical-lr]),h3.has-text-align-right[style*=writing-mode]:where([style*=vertical-rl]),h4.has-text-align-left[style*=writing-mode]:where([style*=vertical-lr]),h4.has-text-align-right[style*=writing-mode]:where([style*=vertical-rl]),h5.has-text-align-left[style*=writing-mode]:where([style*=vertical-lr]),h5.has-text-align-right[style*=writing-mode]:where([style*=vertical-rl]),h6.has-text-align-left[style*=writing-mode]:where([style*=vertical-lr]),h6.has-text-align-right[style*=writing-mode]:where([style*=vertical-rl]){rotate:180deg}ol,ul{box-sizing:border-box}:root :where(.wp-block-list.has-background){padding:1.25em 2.375em}.wp-block-image>a,.wp-block-image>figure>a{display:inline-block}.wp-block-image img{box-sizing:border-box;height:auto;max-width:100%;vertical-align:bottom}@media not (prefers-reduced-motion){.wp-block-image img.hide{visibility:hidden}.wp-block-image img.show{animation:show-content-image .4s}}.wp-block-image[style*=border-radius] img,.wp-block-image[style*=border-radius]>a{border-radius:inherit}.wp-block-image.has-custom-border img{box-sizing:border-box}.wp-block-image.aligncenter{text-align:center}.wp-block-image.alignfull>a,.wp-block-image.alignwide>a{width:100%}.wp-block-image.alignfull img,.wp-block-image.alignwide img{height:auto;width:100%}.wp-block-image .aligncenter,.wp-block-image .alignleft,.wp-block-image .alignright,.wp-block-image.aligncenter,.wp-block-image.alignleft,.wp-block-image.alignright{display:table}.wp-block-image .aligncenter>figcaption,.wp-block-image .alignleft>figcaption,.wp-block-image .alignright>figcaption,.wp-block-image.aligncenter>figcaption,.wp-block-image.alignleft>figcaption,.wp-block-image.alignright>figcaption{caption-side:bottom;display:table-caption}.wp-block-image .alignleft{float:left;margin:.5em 1em .5em 0}.wp-block-image .alignright{float:right;margin:.5em 0 .5em 1em}.wp-block-image .aligncenter{margin-left:auto;margin-right:auto}.wp-block-image :where(figcaption){margin-bottom:1em;margin-top:.5em}.wp-block-image.is-style-circle-mask img{border-radius:9999px}@supports ((-webkit-mask-image:none) or (mask-image:none)) or (-webkit-mask-image:none){.wp-block-image.is-style-circle-mask img{border-radius:0;-webkit-mask-image:url("data:image/svg+xml;utf8,<svg viewBox=\"0 0 100 100\" xmlns=\"http://www.w3.org/2000/svg\"><circle cx=\"50\" cy=\"50\" r=\"50\"/></svg>");mask-image:url("data:image/svg+xml;utf8,<svg viewBox=\"0 0 100 100\" xmlns=\"http://www.w3.org/2000/svg\"><circle cx=\"50\" cy=\"50\" r=\"50\"/></svg>");mask-mode:alpha;-webkit-mask-position:center;mask-position:center;-webkit-mask-repeat:no-repeat;mask-repeat:no-repeat;-webkit-mask-size:contain;mask-size:contain}.wp-block-image.is-style-circle-mask img.nitro-lazy{mask-image:none !important}}:root :where(.wp-block-image.is-style-rounded img,.wp-block-image .is-style-rounded img){border-radius:9999px}.wp-block-image figure{margin:0}.wp-lightbox-container{display:flex;flex-direction:column;position:relative}.wp-lightbox-container img{cursor:zoom-in}.wp-lightbox-container img:hover+button{opacity:1}.wp-lightbox-container button{align-items:center;backdrop-filter:blur(16px) saturate(180%);background-color:rgba(90,90,90,.25);border:none;border-radius:4px;cursor:zoom-in;display:flex;height:20px;justify-content:center;opacity:0;padding:0;position:absolute;right:16px;text-align:center;top:16px;width:20px;z-index:100}@media not (prefers-reduced-motion){.wp-lightbox-container button{transition:opacity .2s ease}}.wp-lightbox-container button:focus-visible{outline:3px auto rgba(90,90,90,.25);outline:3px auto -webkit-focus-ring-color;outline-offset:3px}.wp-lightbox-container button:hover{cursor:pointer;opacity:1}.wp-lightbox-container button:focus{opacity:1}.wp-lightbox-container button:focus,.wp-lightbox-container button:hover,.wp-lightbox-container button:not(:hover):not(:active):not(.has-background){background-color:rgba(90,90,90,.25);border:none}.wp-lightbox-overlay{box-sizing:border-box;cursor:zoom-out;height:100vh;left:0;overflow:hidden;position:fixed;top:0;visibility:hidden;width:100%;z-index:100000}.wp-lightbox-overlay .close-button{align-items:center;cursor:pointer;display:flex;justify-content:center;min-height:40px;min-width:40px;padding:0;position:absolute;right:calc(env(safe-area-inset-right) + 16px);top:calc(env(safe-area-inset-top) + 16px);z-index:5000000}.wp-lightbox-overlay .close-button:focus,.wp-lightbox-overlay .close-button:hover,.wp-lightbox-overlay .close-button:not(:hover):not(:active):not(.has-background){background:none;border:none}.wp-lightbox-overlay .lightbox-image-container{height:var(--wp--lightbox-container-height);left:50%;overflow:hidden;position:absolute;top:50%;transform:translate(-50%,-50%);transform-origin:top left;width:var(--wp--lightbox-container-width);z-index:9999999999}.wp-lightbox-overlay .wp-block-image{align-items:center;box-sizing:border-box;display:flex;height:100%;justify-content:center;margin:0;position:relative;transform-origin:0 0;width:100%;z-index:3000000}.wp-lightbox-overlay .wp-block-image img{height:var(--wp--lightbox-image-height);min-height:var(--wp--lightbox-image-height);min-width:var(--wp--lightbox-image-width);width:var(--wp--lightbox-image-width)}.wp-lightbox-overlay .wp-block-image figcaption{display:none}.wp-lightbox-overlay button{background:none;border:none}.wp-lightbox-overlay .scrim{background-color:#fff;height:100%;opacity:.9;position:absolute;width:100%;z-index:2000000}.wp-lightbox-overlay.active{visibility:visible}@media not (prefers-reduced-motion){.wp-lightbox-overlay.active{animation:turn-on-visibility .25s both}.wp-lightbox-overlay.active img{animation:turn-on-visibility .35s both}.wp-lightbox-overlay.show-closing-animation:not(.active){animation:turn-off-visibility .35s both}.wp-lightbox-overlay.show-closing-animation:not(.active) img{animation:turn-off-visibility .25s both}.wp-lightbox-overlay.zoom.active{animation:none;opacity:1;visibility:visible}.wp-lightbox-overlay.zoom.active .lightbox-image-container{animation:lightbox-zoom-in .4s}.wp-lightbox-overlay.zoom.active .lightbox-image-container img{animation:none}.wp-lightbox-overlay.zoom.active .scrim{animation:turn-on-visibility .4s forwards}.wp-lightbox-overlay.zoom.show-closing-animation:not(.active){animation:none}.wp-lightbox-overlay.zoom.show-closing-animation:not(.active) .lightbox-image-container{animation:lightbox-zoom-out .4s}.wp-lightbox-overlay.zoom.show-closing-animation:not(.active) .lightbox-image-container img{animation:none}.wp-lightbox-overlay.zoom.show-closing-animation:not(.active) .scrim{animation:turn-off-visibility .4s forwards}}@keyframes show-content-image{0%{visibility:hidden}99%{visibility:hidden}to{visibility:visible}}@keyframes turn-on-visibility{0%{opacity:0}to{opacity:1}}@keyframes turn-off-visibility{0%{opacity:1;visibility:visible}99%{opacity:0;visibility:visible}to{opacity:0;visibility:hidden}}@keyframes lightbox-zoom-in{0%{transform:translate(calc(( -100vw + var(--wp--lightbox-scrollbar-width) ) / 2 + var(--wp--lightbox-initial-left-position)),calc(-50vh + var(--wp--lightbox-initial-top-position))) scale(var(--wp--lightbox-scale))}to{transform:translate(-50%,-50%) scale(1)}}@keyframes lightbox-zoom-out{0%{transform:translate(-50%,-50%) scale(1);visibility:visible}99%{visibility:visible}to{transform:translate(calc(( -100vw + var(--wp--lightbox-scrollbar-width) ) / 2 + var(--wp--lightbox-initial-left-position)),calc(-50vh + var(--wp--lightbox-initial-top-position))) scale(var(--wp--lightbox-scale));visibility:hidden}}

Vulnerability Review – May 2026

Key Findings

Prioritized Software Categories – May 2026

Vulnerability Review – May 2026

Apache HTTP Server – Multiple Vulnerabilities

Cisco – Multiple Vulnerabilities

Fortinet – Multiple Vulnerabilities

Microsoft – Multiple Vulnerabilities

Palo Alto – CVE-2026-0300

Progress Software – Multiple Vulnerabilities

SAP – CVE-2026-34260

SonicWall – Multiple Vulnerabilities

Blackpoint’s APG Analysis

DATE PUBLISHEDJune 4, 2026

AUTHORBlackpoint Cyber

2026 Annual Threat Report

Platform

Solutions

Why Blackpoint

Partners

Company

Resources

Vulnerability Review – May 2026

Key Findings

Prioritized Software Categories – May 2026

Vulnerability Review – May 2026

Apache HTTP Server – Multiple Vulnerabilities

Cisco – Multiple Vulnerabilities

Fortinet – Multiple Vulnerabilities

Microsoft – Multiple Vulnerabilities

Palo Alto – CVE-2026-0300

Progress Software – Multiple Vulnerabilities

SAP – CVE-2026-34260

SonicWall – Multiple Vulnerabilities

Blackpoint’s APG Analysis

DATE PUBLISHEDJune 4, 2026

AUTHORBlackpoint Cyber

SHARE ON

2026 Annual Threat Report