```html ```
top of page

Two KEV Bugs We Owe You Late, and the Ransomware Access Cluster They Fall Into. We've Been Mapping It Since May.

  • Writer: Patrick Duggan
    Patrick Duggan
  • 1 hour ago
  • 5 min read

Two vulnerabilities went into CISA's Known Exploited Vulnerabilities catalog in June that we did not flag early and owe you no receipt on. We are filling those two holes here, late and honestly credited. But the more useful thing is what we found when we went to write them up: they are not two loose ends. They drop into a cluster we have been mapping in this blog since May — the convergence of the top ransomware crews on the access, management, and orchestration plane as the initial-access commodity of 2026. So this is a catch-up on two bugs and a map of the cluster they belong to, with our own receipt trail as the spine.



Hole one: Cisco Unified Communications Manager — [CVE-2026-20230](https://analytics.dugganusa.com/api/v1/dredd/kev-gap?cve=CVE-2026-20230)


Your phone system is a Linux box on the network, and this quarter it is an exposed one. CVE-2026-20230 is a server-side request forgery flaw in Cisco Unified Communications Manager, CVSS 8.6, exploitable by an unauthenticated remote attacker through crafted HTTP requests. The SSRF is the foot in the door; the danger is where it leads — an attacker can write files to the underlying operating system and use that foothold to escalate toward root. Cisco patched it on June 3; by late June, threat-detection outfit Defused had observed it exploited in the wild to write arbitrary files to affected endpoints, and Cisco's PSIRT confirmed active exploitation. CISA's KEV deadline was June 28. The disclosure and the in-the-wild catch belong to Cisco PSIRT and Defused.


We flagged this one late, but not blind to the neighborhood: we have written the Cisco network-infrastructure beat repeatedly, most recently "[CVE-2026-20262](https://analytics.dugganusa.com/api/v1/dredd/kev-gap?cve=CVE-2026-20262) Is The Seventh Cisco SD-WAN Zero-Day In Thirteen Months. The Brain Of The Network Is Still Open." CUCM is the same story on a different appliance — the management surface of the voice network, unauthenticated, reachable, and one file-write away from the OS.


What to do: patch to a fixed Unified CM release. If you cannot immediately, Cisco's interim guidance is to disable the WebDialer service. Then hunt: unexplained files appearing on the CUCM host, outbound requests from the appliance to destinations it has no business reaching. A PBX that suddenly makes web requests has already been asked to.



Hole two: Langflow — [CVE-2026-55255](https://analytics.dugganusa.com/api/v1/dredd/kev-gap?cve=CVE-2026-55255)


This is the one that should make you sit up, because it is the AI stack itself becoming the attack surface. Langflow is a popular visual builder for LLM applications and agent workflows. CVE-2026-55255 is an insecure-direct-object-reference flaw: an authenticated attacker sends a crafted request to the /api/v1/responses endpoint carrying another user's flow UUID and executes that victim's flows — reaching the sensitive data those flows process and consuming their resources. Sysdig's Threat Research Team first observed it exploited in the wild on June 25, and they were blunt about the objective: code execution and second-stage implant delivery. CISA's KEV deadline is Friday. The primary research and the in-the-wild catch are Sysdig TRT's.


And here the hole closes back onto ground we already hold. Langflow is a repeat KEV offender — CVE-2025-3248 (missing authentication) and CVE-2026-33017 (code injection) preceded this one. That missing-auth flaw is the door the JADEPUFFER operation walked through to dump Langflow's PostgreSQL database — and JadePuffer is a beat we own, the LLM-agent-run ransomware operation we wrote up on July 3 in "The First AI-Run Ransomware Didn't Crack Anything. It Walked Through Default Passwords." Pair that with the Djinn stealer we documented July 1, the infostealer built to harvest Claude, Gemini, and Codex keys through a SimpleHelp help-desk bypass, and the shape is unmistakable: the tooling teams adopted to build with AI is now a first-class target, exploited by operators who understand it better than the teams running it.


What to do: update Langflow to a patched release now. Never expose a Langflow instance to the internet without authentication in front of it, and treat any flow that touches credentials or customer data as a crown-jewel asset — because to an attacker with an implant objective, it is.



The cluster: one plane, the top crews, five weeks of receipts


Here is why these two are not loose ends. Line up what this blog has documented since late spring, in order:


May 21 — Edge-Appliance Week. CISA's KEV added three entries in fourteen days, two of them edge vendors (Ivanti, Fortinet). Our read then: the foot in the door is every foot — the perimeter appliance is the initial-access surface, whichever vendor's logo is on it.


June 9 — the two biggest crews, same doorway. We wrote that Akira, the number-two ransomware crew by volume, runs its whole game through SSL VPN — Cisco ASA, SonicWall, WatchGuard — in and encrypting in under four hours. Two days later the number-one crew, Qilin, was burning Check Point [CVE-2026-50751](https://analytics.dugganusa.com/api/v1/dredd/kev-gap?cve=CVE-2026-50751), an unauthenticated IKEv1 VPN auth bypass, no password required. That is not a coincidence of vendors. That is the two most active extortion operations on earth independently converging on the same category of target. (So no, Check Point was not a hole for us — we called it the day the cluster snapped into focus. It belongs here, as evidence.)


June 10 — Operation Riptide. One bulletproof VPN provider served twenty-five distinct ransomware crews before takedown seized all thirty-three servers. A literal shared-access cluster: the crews were not just using the same kind of door, some were renting the same infrastructure to walk through it.


June 21 — the brain of the network. Cisco Catalyst SD-WAN Manager took its seventh zero-day in thirteen months. The management console of the network, still open.


July 1, 3, 9 — the plane widens. SimpleHelp's help-desk bypass feeding the Djinn AI-key stealer. JadePuffer running end-to-end as an AI agent through a Langflow default-credential door. And today, a weaponized one-click getshell kit for Progress LoadMaster, an application delivery controller at the network edge.


Now add today's two holes. Cisco CUCM: the voice-management plane. Langflow: the AI-orchestration plane. They are the same bug the whole cluster is made of — machinery you deployed to run your estate, turned into pre-authenticated or trivially-authenticated control of it for someone else. VPN gateway, SSL concentrator, remote-support console, comms manager, SD-WAN brain, load balancer, agent builder. Different vendors, different CVSS, different weeks. One plane.



What the cluster tells you to do


The blast radius of a compromised control plane is never one machine; it is the fleet that plane controls. So the defensive move is not vendor-by-vendor whack-a-mole — it is to inventory by function. Pull the list of everything on your network whose entire job is control or access: every VPN and remote-access gateway, every RMM and help-desk console, every comms manager, every orchestration and CI surface, every internet-reachable admin plane. That list is your real attack surface in 2026, and it is the shelf every bug in this post came off of. Patch the two we just handed you. Then work that list, because the top crews already are.


Held to about ninety-five percent, as always. Primary credit for the two fills belongs to Cisco PSIRT, Defused, and Sysdig TRT; the Check Point work to watchTowr, Rapid7, and Check Point. What we add, even on the bugs we did not break, is the thing a single advisory can't show you: the cluster they are part of, and the map we have been drawing of it since May.




Every indicator in this post is in the feed. Free.

1.58M+ IOCs, STIX 2.1 / TAXII, 88% novel vs ThreatFox, exploited-CVE leads ahead of CISA. No credit card — a free API key in 30 seconds, and you can audit every claim above against the live endpoints.


Comments

Rated 0 out of 5 stars.
No ratings yet

Add a rating
bottom of page