blog

FOCUS FRIDAY: TPRM Insights on Critical Vulnerabilities in Samba, Roundcube, Langflow, Axios, ActiveMQ, Apache Solr, Apache Airflow, Plesk, and Synology Chat Server

Published

Jun 5, 2026

Introduction

This week's Focus Friday covers nine FocusTags® spanning a broad cross-section of enterprise infrastructure: file and print services (Samba), webmail (Roundcube), AI workflow platforms (Langflow), JavaScript HTTP clients (axios), enterprise message brokers (Apache ActiveMQ), search infrastructure (Apache Solr), workflow orchestration (Apache Airflow), web hosting control panels (Plesk), and enterprise communication (Synology Chat Server). Together, these vulnerabilities expose a pattern that TPRM professionals must internalize: critical risk does not concentrate in a single technology layer — it is distributed across the entire vendor software stack, from foundational network file sharing protocols to AI orchestration platforms processing sensitive business data.

Three of this week's tags involve the Apache ecosystem (ActiveMQ, Solr, Airflow), reinforcing that open-source infrastructure software widely shared across vendor environments remains a primary attack surface. The Langflow and axios tags highlight the expanding risk in AI tooling and JavaScript dependency chains — two areas where vendor software bills of materials are frequently incomplete or entirely absent from TPRM disclosure requests. The Samba cluster includes two critical CVSS 9.8 unauthenticated Remote Code Execution vulnerabilities, while Plesk carries a near-maximum CVSS 9.9 chained injection exploit and Apache Solr presents a default credentials scenario exploitable without any technical skill.

For third-party risk management professionals, each of these tags represents more than a patch advisory: they are signals that vendor environments running these products are operationally exposed in ways that affect data confidentiality, service availability, and supply chain integrity. Black Kite's FocusTags® translate this signal into direct, prioritized vendor risk intelligence — enabling teams to target the right vendors with the right questions at the right time, without waiting for breach notifications or public disclosures to surface the exposure.

Filtered view of vendors with Samba FocusTag® on the Black Kite platform.

Samba (CVE-2026-4480, CVE-2026-4408, CVE-2026-1933, CVE-2026-3012, CVE-2026-3238, CVE-2026-2340)

What is the Samba Vulnerability?

Multiple critical and high-severity vulnerabilities were addressed in Samba, the open-source implementation of the SMB/CIFS file and print sharing protocol, with patches released on May 29, 2026. CVE-2026-4480 (CVSS 9.8) is an unauthenticated Remote Code Execution flaw in the printing subsystem — print servers that use the %J substitution character in the 'print command' configuration pass the client-controlled job description string directly to the shell without escaping metacharacters, allowing unauthenticated guest users to execute arbitrary scripts on the host. CVE-2026-4408 (CVSS 9.0) is a second RCE in the core password verification mechanism, targeting classic domain controllers running a background process as a system service — client-supplied usernames are processed in an internal check script without input token filtering, enabling remote system privilege escalation.

CVE-2026-1933 (CVSS 6.5) is an access control bypass allowing authenticated users to create symbolic links on read-only network shares via missing authorization checks during file reparse point processing. CVE-2026-3012 (CVSS 8.0) exposes domain members to cleartext certificate chain interception by fetching enrollment data over unencrypted HTTP instead of secure LDAP. CVE-2026-3238 (CVSS 7.5) is an unauthenticated Denial of Service — a corrupted UDP packet triggers a null pointer dereference in the Active Directory WINS server component. CVE-2026-2340 (CVSS 6.5) allows local users to overwrite protected files via file rename manipulation in the immutable storage module. No public PoC exists for any of these vulnerabilities; none are listed in the CISA KEV catalog. Fixed in Samba 4.22.10, 4.23.8, and 4.24.3.

Why should TPRM professionals care?

Samba is foundational infrastructure in enterprise environments — it powers file servers, print services, and Active Directory-compatible domain controllers across Windows-Linux mixed estates. Many organizations rely on vendors, MSPs, and hosting providers who manage Samba-based file sharing, backup infrastructure, and internal domain services. The two critical RCE flaws (CVE-2026-4480 and CVE-2026-4408) require no authentication, meaning any attacker with network access can compromise a vendor's Samba file server without credentials — placing all data stored on that server at immediate risk. CVE-2026-3012's cleartext certificate exposure introduces a supply chain trust risk: if a vendor's domain members are fetching forged root certificates over plaintext HTTP, the vendor's entire PKI trust chain can be silently undermined, with cascading effects on any services relying on that infrastructure. The symbolic link bypass (CVE-2026-1933) could be exploited to access files outside authorized share boundaries on vendor file systems, exposing confidential data.

What questions should TPRM professionals ask vendors?

Have you applied Samba patches 4.22.10, 4.23.8, or 4.24.3 released on May 29, 2026? If not, what is your remediation timeline and interim mitigation?
Do any of your Samba print servers use the %J substitution character in the 'print command' configuration? What controls are in place to prevent unauthenticated guest printing access?
Are any Samba deployments operating as classic domain controllers with background process authentication services? Have those services been patched or isolated?
Are certificate enrollment processes in your Samba environment using LDAP over TLS, or are any nodes fetching certificate chains over plaintext HTTP channels?
Have you audited Samba-hosted file shares for unauthorized symbolic links that may have been created via CVE-2026-1933 exploitation prior to patching?
What network monitoring exists on SMB/CIFS traffic (port 445) to detect anomalous privilege escalation attempts or unexpected print command executions?

Remediation Recommendations

Upgrade to Samba 4.22.10, 4.23.8, or 4.24.3 immediately across all Samba instances.
Remove or sanitize the %J substitution from all print command configurations, or disable guest printing access as an interim control.
Harden classic domain controller background authentication processes and enforce input filtering on all username-handling scripts.
Enforce LDAP over TLS for all certificate enrollment channels; block unencrypted HTTP-based certificate fetching at the network level.
Conduct an audit of read-only shares for unauthorized symbolic links and remove any that were not explicitly created by administrators.
Monitor SMB port 445 for anomalous traffic and review Samba server logs for unexpected privilege escalation events or print command anomalies.

Black Kite's Samba FocusTag® details critical insights on the event for TPRM professionals.

Roundcube - Jan2026 (CVE-2026-48842, CVE-2026-48844, CVE-2026-48848, CVE-2026-48845, CVE-2026-48846)

What is the Roundcube Vulnerabilities?

Five high-severity vulnerabilities were identified in Roundcube Webmail, a widely deployed open-source webmail solution used across enterprise and government environments. CVE-2026-48842 (CVSS 8.1) is the most critical: a pre-authentication SQL injection in the virtuser_query plugin, exploiting a backslash escape bypass in the preg_replace mechanism. No credentials are required — an attacker can directly manipulate backend database records against any Roundcube instance with the plugin configured. CVE-2026-48844 (CVSS 7.5) is a code injection/RCE vulnerability in the LDAP autovalues configuration option, where attacker-supplied code is evaluated server-side under the Roundcube process's privilege context; the vulnerability was remediated by fully removing direct code evaluation from the LDAP autovalues option. CVE-2026-48848 (CVSS 7.2) is a CSS injection enabling XSS via SVG <animate> token bypass in the HTML sanitizer, allowing session token theft. CVE-2026-48845 (CVSS 6.5) is SSRF via remote image blocking bypass for local/private network URLs in crafted HTML emails. CVE-2026-48846 (CVSS 6.5) is a remote image bypass via crafted CSS var() values leading to information disclosure. Fixed in Roundcube 1.6.16 and 1.7.1. No public PoC; not in CISA KEV.

Why should TPRM professionals care?

Roundcube is a perimeter-facing, internet-accessible platform in most deployments, making it a high-priority target for external attackers and a direct supply chain risk for TPRM programs. CVE-2026-48842's pre-authentication SQL injection requires zero credentials, meaning any vendor operating an unpatched Roundcube instance is immediately exposed to database manipulation — including potential exposure of stored email content, user credentials, and contact data. CVE-2026-48844's RCE path means a compromised Roundcube server can be used as a pivot point into the vendor's internal network. For organizations that exchange emails with vendors through Roundcube-fronted domains, CVE-2026-48848's XSS and CVE-2026-48845's SSRF create direct inbound attack vectors: a malicious email from a compromised vendor account could deliver payloads that steal session tokens or trigger internal network reconnaissance against the recipient's email server.

What questions should TPRM professionals ask vendors?

Have all Roundcube Webmail instances been upgraded to version 1.6.16 or 1.7.1 to address all five CVEs?
Is the virtuser_query plugin active on your Roundcube deployment? If so, has it been disabled pending or after patching?
Does your Roundcube configuration use LDAP autovalues? Have all LDAP autovalues configuration entries been removed or nullified?
What WAF rules are deployed to detect SQL injection at Roundcube login endpoints, outbound server-side requests to RFC 1918 IP ranges, and anomalous CSS var() patterns in email payloads?
How is remote image loading restricted for untrusted or external senders to mitigate SSRF risks from CVE-2026-48845 and CVE-2026-48846?

Remediation Recommendations

Upgrade all Roundcube instances to version 1.6.16 or 1.7.1 immediately.
Disable the virtuser_query plugin as an immediate interim measure if patching cannot be performed without delay.
Remove all LDAP autovalues configuration entries to eliminate the server-side code evaluation attack surface.
Configure Roundcube to block remote image loading by default for untrusted senders, providing partial mitigation against CVE-2026-48845 and CVE-2026-48846.
Deploy or update WAF rules to filter SQL injection patterns, outbound SSRF requests, and anomalous CSS var() values in email payloads.
Review database logs for anomalous queries via the virtuser_query plugin and server-side HTTP access logs for unexpected internal network connections.

Black Kite's Roundcube - Jun2026 FocusTag® details critical insights on the event for TPRM professionals.

Langflow - Jun2026 (CVE-2026-7524, CVE-2026-48519)

What is the Langflow Vulnerabilities?

Two critical-severity vulnerabilities were identified in Langflow OSS, an open-source AI workflow and pipeline orchestration platform. CVE-2026-7524 (CVSS 9.8) is a path traversal vulnerability (CWE-22) in the _unpack_bundle function shared across all BaseFileComponent-based file processing nodes — Docling, Docling Serve, Read File, NVIDIA Retriever Extraction, Video File, and Unstructured API. Improper symlink validation during tar archive extraction allows an attacker to craft a malicious tar file containing symlinks targeting arbitrary host filesystem locations. In RAG chatbot deployments accepting user file uploads, the most critical exploitation path targets Langflow's JWT secret key file: by embedding symlinks pointing to that key, an attacker retrieves it through ordinary chatbot queries post-extraction, forges valid authentication tokens to bypass authentication entirely, and then invokes Langflow's Python Interpreter node to achieve full Remote Code Execution on the host.

CVE-2026-48519 (CVSS 9.6) is an unauthenticated RCE in Langflow's Shareable Playground feature. The /api/v1/build_public_tmp route — used for public flow execution — accepts attacker-supplied Python code in the data.nodes[X].data.node.template.code.value field of the JSON payload without sanitization, executing it server-side with the privileges of the Langflow process. Any actor with access to a shared flow link can exploit this, requiring no authentication beyond the link itself. A public Proof-of-Concept is available for CVE-2026-48519. Both vulnerabilities affect Langflow OSS 1.0.0 through 1.9.1 and are fully remediated in version 1.9.2. Neither is listed in the CISA KEV catalog.

Why should TPRM professionals care?

Langflow is increasingly embedded in enterprise AI infrastructure — deployed as a central orchestration hub for RAG chatbots, data pipelines, and multi-agent workflows connected to sensitive data sources, vector databases, and third-party APIs. Vendor deployments of Langflow that accept user file uploads or expose Shareable Playground features are directly exploitable. The JWT secret exfiltration chain of CVE-2026-7524 is particularly alarming: a compromised JWT secret grants persistent, authenticated access to the entire Langflow platform and all integrated systems. A single exploited vendor Langflow deployment could expose AI pipeline data, connected API credentials, and all workflows the vendor has built — including any processing your organization's data. With a public PoC available for CVE-2026-48519 and no vendor workaround for either flaw, the only defense is immediate patching.

What questions should TPRM professionals ask vendors?

Have all Langflow OSS instances been upgraded to version 1.9.2? If not, what is the remediation timeline and what interim controls have been applied?
Are the Shareable Playground / Public Flows features currently disabled? Have all existing public flow links been revoked and audited?
Has the JWT secret key been rotated and all active sessions invalidated given the risk of prior exploitation via CVE-2026-7524?
Which BaseFileComponent-based nodes (Docling, Read File, NVIDIA Retriever Extraction, Video File, Unstructured API) are active and accepting user-uploaded files?
Has the vector database been audited for unexpected or sensitive content — including configuration files, key material, or credentials — that may have been ingested via symlink exploitation?

Remediation Recommendations

Upgrade all Langflow OSS instances to version 1.9.2 immediately. No vendor workaround or alternative mitigation exists for either vulnerability.
Disable the Shareable Playground feature and revoke all existing public flow links if immediate patching is not operationally feasible.
Rotate JWT secret keys immediately for any deployment that accepts user-uploaded files; treat the existing key as compromised and invalidate all active sessions.
Disable all BaseFileComponent-based nodes (Docling, Docling Serve, Read File, NVIDIA Retriever Extraction, Video File, Unstructured API) that accept untrusted file uploads pending patch confirmation.
Audit vector database contents for sensitive ingested material (config files, key material, credential artifacts) and initiate incident response procedures for any suspicious findings.
Enforce network-level egress controls on the Langflow host to limit outbound connectivity from the Python Interpreter node, reducing the blast radius of any achieved RCE.

Black Kite's Langflow - Jun2026 FocusTag® details critical insights on the event for TPRM professionals.

Axios - Jun2026 (CVE-2026-44492, CVE-2026-44494)

What is the Axios Vulnerabilities?

Two high-severity vulnerabilities were identified in axios, one of the most widely used JavaScript HTTP client libraries in the Node.js ecosystem, present across millions of applications and enterprise software stacks. CVE-2026-44492 (CVSS 8.6) is an incomplete fix for the previously disclosed CVE-2025-62718: the shouldBypassProxy function introduced in axios v1.15.0 does not normalize IPv4-mapped IPv6 addresses before comparing them against NO_PROXY exclusion rules. When NO_PROXY lists a cloud metadata endpoint such as 169.254.169.254, a request URL using the IPv4-mapped IPv6 form (::ffff:a9fe:a9fe) bypasses the exclusion and routes through an attacker-controlled proxy, enabling Server-Side Request Forgery (SSRF) and cloud IMDS credential exfiltration from AWS, GCP, or Azure metadata services.

CVE-2026-44494 (CVSS 8.7) is a Prototype Pollution gadget vulnerability in axios's Node.js HTTP adapter. The lib/adapters/http.js file reads config.proxy via standard JavaScript property access, which traverses the prototype chain. Because proxy is absent from axios defaults, any Object.prototype.proxy injection — achievable via any prototype pollution vulnerability anywhere in the application's dependency tree — silently redirects all axios HTTP requests through the attacker's server, enabling full Man-in-the-Middle interception of Authorization headers, session tokens, API keys, and full request bodies without application-detectable side effects. Public Proof-of-Concept exploits are available for both vulnerabilities. Neither is listed in the CISA KEV catalog. Affects axios 1.0.0–1.15.x; fixed in axios 1.16.0 (and 0.32.0 for legacy 0.x deployments).

Why should TPRM professionals care?

Axios is present in virtually every modern Node.js application stack as a transitive dependency — vendors may not know they are vulnerable because the library is embedded in their dependency tree rather than directly imported. CVE-2026-44494 is a gadget vulnerability: its exploitability is conditioned on any prototype pollution flaw anywhere in the application's dependency chain, making it a universal escalation risk across complex Node.js stacks. For TPRM professionals, this means that data transmitted from vendor systems using axios-based applications — including API calls, authentication requests, and webhook deliveries — could be silently intercepted if the vendor's dependency tree contains any prototype pollution vulnerability. CVE-2026-44492's incomplete fix adds particular urgency: vendors who believe they previously remediated CVE-2025-62718 may assume they are protected, when in fact the bypass is still exploitable via IPv4-mapped IPv6 addresses.

What questions should TPRM professionals ask vendors?

Have all Node.js applications been updated to axios version 1.16.0 or 0.32.0? Has a transitive dependency audit confirmed no pinned older axios versions remain in the dependency tree?
Are NO_PROXY=169.254.169.254 configurations supplemented with network-level egress rules (iptables, security groups) that block outbound connections to 169.254.169.254 at the infrastructure layer?
Has a dependency audit been conducted to identify prototype pollution vulnerabilities in the application dependency tree (qs, minimist, lodash, body-parser) that could serve as entry points for CVE-2026-44494 escalation?
Are custom axios wrappers or interceptors audited to ensure security-sensitive config properties (proxy, socketPath, transport) use hasOwnProperty validation rather than direct prototype chain access?
What outbound network monitoring exists to detect unexpected HTTP proxy connections from application services that do not have proxy configurations explicitly set?

Remediation Recommendations

Update axios to version 1.16.0 (or 0.32.0 for legacy 0.x projects) across all Node.js applications; use 'npm list axios' or 'yarn why axios' to identify transitive pins and force resolution via package.json overrides or resolutions fields.
Supplement NO_PROXY=169.254.169.254 configurations with network-level egress filtering (iptables rules or cloud security group policies) blocking outbound access to 169.254.169.254 independent of axios proxy logic.
Conduct a full dependency audit using 'npm audit' to identify and remediate prototype pollution vulnerabilities across the application dependency tree.
Harden custom axios wrappers with Object.prototype.hasOwnProperty.call(config, 'proxy') validation as an interim mitigation against prototype pollution gadget exploitation.
Monitor outbound HTTP proxy logs and SIEM alerts for unexpected connections from application services to external hosts not covered by explicit proxy configurations.

Black Kite's Axios - Jun2026. FocusTag® details critical insights on the event for TPRM professionals.

Apache ActiveMQ - Jun2026 (CVE-2026-45505, CVE-2026-42588, CVE-2026-49157, CVE-2026-42253)

What is the Apache ActiveMQ Vulnerabilities?

Four high-severity vulnerabilities were identified in Apache ActiveMQ, one of the most widely deployed open-source message broker platforms used across enterprise, financial, and critical infrastructure environments. CVE-2026-45505 (CVSS 8.8) is a documented patch bypass for the previously published CVE-2026-34197: non-parenthesized discovery wrappers such as masterslave:vm://...,... and static:vm://... bypass the input validation fix introduced in the prior patch. An authenticated attacker invokes BrokerService.addNetworkConnector() or addConnector() via the Jolokia JMX-HTTP bridge at /api/jolokia/ with a crafted URI, triggering the VM transport's brokerConfig parameter to load a remote Spring XML application context. Because Spring instantiates all singleton beans before BrokerService validates configuration, arbitrary code execution occurs through bean factory methods including Runtime.exec(), granting full JVM-level control of the broker.

CVE-2026-42588 (CVSS 8.1) is an analogous RCE path via the masterslave:// URL scheme and ResourceXmlApplicationContext through the Jolokia interface. CVE-2026-49157 (CVSS 8.8) involves incorrect default Jolokia authorization — low-privileged web-login accounts can invoke admin-only broker operations including addQueue and removeQueue, enabling unauthorized message infrastructure manipulation without code injection or elevated credentials. CVE-2026-42253 (CVSS 6.1) is an XSS vulnerability: the MessageServlet copies all JMS message properties directly into HTTP response headers without validation, enabling security header injection and Cross-Site Scripting attacks against web console users. The MessageServlet has been deprecated and disabled in patched releases. No public PoC; not in CISA KEV. Fixed in Apache ActiveMQ 5.19.7 and 6.2.6.

Why should TPRM professionals care?

Apache ActiveMQ functions as the central nervous system of enterprise messaging — routing transactions, inter-service communications, financial data, and sensitive payloads across enterprise architectures in banking, healthcare, and critical infrastructure. A successful RCE against the broker grants full JVM control, enabling interception or modification of all messages in transit, poisoning of downstream services, and lateral movement across the enterprise network. CVE-2026-45505 is especially concerning for TPRM programs because it is a patch bypass: vendors who applied the CVE-2026-34197 patch may believe their exposure is closed, when in fact the attack surface persists through alternative URI formats. TPRM professionals must specifically verify that vendors have applied the 5.19.7 or 6.2.6 releases — not merely earlier patch versions — to confirm the bypass is addressed. CVE-2026-49157's privilege misconfiguration adds another dimension: unauthorized queue manipulation by low-privileged accounts can disrupt business-critical message processing without any code injection.

What questions should TPRM professionals ask vendors?

Have ActiveMQ instances been upgraded specifically to version 5.19.7 or 6.2.6? Earlier patches for CVE-2026-34197 do not address the bypass documented in CVE-2026-45505.
Is access to the /api/jolokia/ endpoint restricted at the network or application level? What exec operations are permitted for non-administrator web console accounts?
Have all web console user accounts been audited for access to admin-only Jolokia operations including addQueue, removeQueue, addNetworkConnector, and addConnector?
Are egress firewall rules in place on broker hosts to prevent outbound HTTP/HTTPS connections to external hosts that could be used to fetch malicious Spring XML application context files?
Are POST requests to /api/jolokia/ containing masterslave://, static:vm://, or brokerConfig flagged in your security monitoring systems?

Remediation Recommendations

Upgrade to Apache ActiveMQ 5.19.7 or 6.2.6 immediately. Verify the specific version number — earlier 5.x patches do not address the CVE-2026-45505 bypass.
Restrict or disable the /api/jolokia/ endpoint for all non-administrator accounts; apply a strict access policy denying exec operations on all org.apache.activemq:* MBeans.
Enforce role-based access control on the web console; revoke access for any account that does not require it, particularly for addQueue, removeQueue, addNetworkConnector, and addConnector operations.
Implement egress firewall rules on broker hosts to block outbound connections to untrusted external hosts from the ActiveMQ process, preventing remote Spring XML context loading.
Monitor web console access logs for anomalous POST requests to /api/jolokia/ and broker operation logs for unexpected queue management calls from low-privileged accounts.

Black Kite's ActiveMQ - Jun2026 FocusTag® details critical insights on the event for TPRM professionals.

Apache Solr - Jun2026 (CVE-2026-44825)

What is the Apache Solr Vulnerability?

CVE-2026-44825 (CVSS 9.8, EPSS 0.40%) is a critical hardcoded/default credentials vulnerability in Apache Solr's Basic Authentication setup subsystem. The flaw originates from the behavior of the 'bin/solr auth enable' command-line utility when used to bootstrap BasicAuth: the tool silently installs template user accounts — superadmin, admin, search, and index — with publicly known default credentials into the security.json configuration file. Any attacker with network access to the Solr cluster and knowledge of these credentials — both of which are publicly available — can authenticate as a full administrative user, gaining complete control over the cluster.

The vulnerability specifically applies to clusters where BasicAuth was configured using 'bin/solr auth enable' and where template users were not subsequently removed or assigned strong unique passwords. Systems where administrators manually configured authentication, bypassed the utility, deleted the template users, or changed their passwords are not affected. Affects Apache Solr 9.4.0 through 9.10.1 and version 10.0.0. No fixed version is currently available — the fix is expected in versions 9.11.0 and 10.1.0. The immediate workaround is to remove template users from security.json or replace their passwords. No public PoC reported; not in the CISA KEV catalog.

Why should TPRM professionals care?

Apache Solr is a core search and indexing engine embedded in enterprise content management systems, e-commerce platforms, analytics stacks, and products including Confluence, JIRA, and numerous SaaS platforms using Solr as a backend. The trivial exploitation path — publicly known default credentials — requires no technical expertise. Any attacker with network reach to a vendor's Solr cluster can authenticate as a full administrator immediately. Solr administrative access is particularly dangerous because it provides control over indexed data — which may include sensitive customer records, emails, and proprietary documents — and Solr's stream expressions feature can be leveraged to execute arbitrary code on the underlying server. The combination of a CVSS 9.8 severity, no fixed version yet available, and a 0.40% EPSS score (elevated for a default credentials flaw) makes this a high-priority inquiry for TPRM programs assessing data-intensive vendors.

What questions should TPRM professionals ask vendors?

Was the 'bin/solr auth enable' command used during initial BasicAuth setup? If so, have all template users (superadmin, admin, search, index) been removed from security.json or had their passwords replaced with strong, unique values?
What credential management policy governs Solr administrative accounts? Does your deployment procedure explicitly prohibit the use of default or template credentials?
Is Apache Solr accessible on public-facing network interfaces, or is it restricted to internal trusted network ranges only?
Have all deployment automation scripts and provisioning pipelines been audited to confirm they do not silently enable the vulnerable BasicAuth setup with template credentials?
What is your planned upgrade timeline to Apache Solr 9.11.0 or 10.1.0 once these versions are released?

Remediation recommendations

Immediately review security.json on all Apache Solr deployments and delete template users (superadmin, admin, search, index) or replace their passwords with strong, randomly generated unique values.
Audit all deployment automation scripts and provisioning pipelines for use of 'bin/solr auth enable' to identify all clusters where template credentials may have been silently installed.
Restrict Solr administrative endpoints to trusted internal network ranges; prevent direct public internet access to Solr admin interfaces using firewall rules or reverse proxy authentication.
Plan and schedule upgrade to Apache Solr 9.11.0 or 10.1.0 as the definitive remediation upon release.
Enforce comprehensive credential management policies for all Solr deployments, with explicit prohibition of default and template credentials in automated provisioning environments.

Black Kite's Apache Solr - Jun2026 FocusTag® details critical insights on the event for TPRM professionals.

Apache Airflow — Jun2026 (CVE-2026-45360)

What is the Apache Airflow Vulnerability?

CVE-2026-45360 (CVSS 7.3, EPSS 0.06%) is a high-severity arbitrary class import vulnerability in Apache Airflow, a widely adopted open-source workflow orchestration platform used across data engineering, MLOps, and enterprise automation environments. The flaw resides in the scheduler-side SerializedCustomReference.deserialize_reference function, which decodes deadline-reference objects serialized within DAG definitions. Without an allowlist or plugin-registry gate, the function calls import_string() on class path values drawn directly from DAG-author-controlled serialized state — meaning any Python class importable within the scheduler's runtime environment can be named in a malicious DeadlineReference payload.

The exploitation path requires DAG author-level access. A DAG author embeds a custom DeadlineReference subclass whose serialized form contains an attacker-controlled module and class path. When the scheduler processes the DAG, it deserializes the reference and invokes import_string() on the supplied path, instantiating the designated class with a live SQLAlchemy database session attached. This grants the attacker direct, authenticated access to the Airflow metadata database — enabling exfiltration of stored connection credentials, Variables, XCom payloads, and DAG run histories. Depending on the class instantiated, the attack can further escalate to arbitrary code execution within the scheduler process. The vulnerability is most critical in single-host, default-configuration Airflow deployments — the most common setup — where the DAG bundle is directly importable from the scheduler process. Fixed in Apache Airflow 3.2.2. No public PoC; not in CISA KEV.

Why should TPRM professionals care?

Apache Airflow is the backbone of data pipeline orchestration in modern data engineering — it coordinates ETL workflows, ML training pipelines, and cross-system integrations across cloud and on-premises environments. Airflow Connection objects in the metadata database commonly store credentials for databases, cloud providers, APIs, and third-party services. CVE-2026-45360 allows a DAG author — a role frequently held by data engineers and analysts with less security oversight than infrastructure engineers — to exfiltrate all of these stored credentials via a malicious payload embedded in an otherwise legitimate DAG file. For TPRM professionals, a vendor's Airflow metadata database is a potential treasure trove of third-party credentials, and its compromise can cascade into downstream systems your organization shares with the vendor. The stealthy nature of the exploitation — embedded in normal DAG code, triggered only during scheduler processing — makes this flaw particularly difficult to detect without proactive monitoring.

What questions should TPRM professionals ask vendors?

Have all Apache Airflow deployments been upgraded to version 3.2.2 or later
What access controls govern DAG authorship in your environment? Is the ability to commit or deploy DAG files to the scheduler's importable bundle limited to vetted, explicitly trusted personnel?
Have all DAG files been audited for the presence of custom DeadlineReference subclasses or serialized objects referencing unexpected external or unknown module paths?
Is the Airflow scheduler process running under a dedicated, low-privileged service account with restricted outbound network access and filesystem permissions?
Have Airflow metadata database access logs been reviewed for anomalous reads of the connection, variable, or xcom tables outside of normal DAG execution windows that may indicate prior exploitation?

Remediation Recommendations

Upgrade all Apache Airflow deployments to version 3.2.2 or later immediately — this is the only complete remediation.
Audit all DAG files accessible to the scheduler for custom DeadlineReference subclasses or serialized objects with unexpected external module paths; flag and investigate any anomalies.
Restrict DAG authorship access to the minimum set of vetted, trusted users; treat all DAG-author code as untrusted in environments where this cannot be fully enforced.
If immediate patching is not feasible, isolate the scheduler process in a sandboxed environment with restricted outbound network access and limited filesystem permissions, running under a dedicated low-privileged service account.
Review Airflow metadata database access logs for anomalous reads of sensitive tables coinciding with scheduler deserialization activity and treat suspicious patterns as potential indicators of exploitation.

Black Kite's Apache Airflow - Jun2026 FocusTag® details critical insights on the event for TPRM professionals.

Plesk - Jun2026 (CVE-2026-44962)

What is this Plesk Vulnerability?

CVE-2026-44962 (CVSS 9.9) is a near-maximum-severity chained vulnerability in Plesk, a widely deployed commercial web hosting control panel used to manage web servers, domains, email services, databases, and SSL certificates across enterprise and hosting provider environments. The flaw resides in the APS Application Catalog search functionality, where user-supplied input is directly interpolated into dynamic XPath queries without architectural sanitization. The exploitation chain proceeds in two stages: first, XPath injection bypasses the access control logic enforced by the application's query boundaries, enabling traversal of the underlying XML data store beyond the attacker's authorized scope; second, the injected payload triggers OS command injection, passing arbitrary commands directly to the underlying Linux operating system shell with escalated privileges.

Successful exploitation of this chain grants the attacker effective administrative control over the server — enabling access to sensitive configuration files, hijacking of hosted web services, reading or modification of database credentials, interception of email traffic, and establishment of persistent unauthorized access across all domains and services managed by the compromised Plesk instance. The attack requires only a low-privileged authenticated account — a condition easily met in shared or multi-tenant hosting environments where reseller and customer accounts exist. Affects all Plesk versions prior to 18.0.76.2 and 18.0.75.1 on Linux. Fixed in Plesk 18.0.76.2 and 18.0.75.1. No public PoC; not in CISA KEV.

Why should TPRM professionals care?

Plesk centralizes control over a wide range of critical infrastructure on a single server — web services, DNS records, email infrastructure, databases, and SSL private keys for potentially hundreds of hosted domains. Vendors operating as web hosting providers or managed service providers using Plesk represent a particularly high-risk profile: one successful privilege escalation gives an attacker root-level control over every service hosted on that server. For TPRM professionals, this means that a compromised Plesk instance at a vendor could expose customer data across every domain the vendor hosts — potentially including services processing your organization's data. The low authentication barrier makes this flaw accessible to a wide range of threat actors, including disgruntled resellers, compromised hosting customers, or external attackers who obtained any valid low-privileged account credential.

What questions should TPRM professionals ask vendors?

Have all Plesk instances been upgraded to version 18.0.76.2 or 18.0.75.1? What is the verification method used to confirm the patched version is active?
Have all active Plesk accounts with access to the APS Application Catalog search functionality been audited? Have any unverified or suspicious accounts been suspended pending review?
Has access to the APS Application Catalog been temporarily restricted to administrator-level accounts only as an interim control pending patching?
Have Plesk access logs and OS-level audit logs been reviewed for anomalous search queries, unexpected command executions, or privilege escalation events originating from low-privileged accounts since the vulnerability disclosure?
Is the Plesk service running under a least-privilege Linux user context? Are sensitive files — database credentials, SSL private keys, API tokens — protected with strict filesystem permissions?

Remediation Recommendations

Upgrade all Plesk instances to version 18.0.76.2 or 18.0.75.1 immediately and verify the installed version through the Plesk admin panel or via CLI.
Restrict APS Application Catalog access to administrator-level accounts only as an interim measure if patching cannot be performed without delay.
Audit all Plesk accounts; suspend or revoke access for any account that cannot be confirmed as trusted, particularly reseller and customer accounts in shared hosting environments.
Review access and OS audit logs for anomalous search queries, unexpected command executions, new administrative account creation, or file modification in configuration directories.
Ensure Plesk runs under a least-privilege service context and enforce strict filesystem permissions on sensitive configuration files, SSL keys, and database credentials to limit the impact of any exploitation that occurred prior to patching.

Black Kite's Plesk - Jun2026 FocusTag® details critical insights on the event for TPRM professionals.

Synology DSM Chat Server (CVE-2026-40541, CVE-2026-32998, CVE-2026-32997, CVE-2026-32996, CVE-2026-9548, CVE-2026-9491)

What is the Synology DSM Chat Server Vulnerabilities?

Synology issued an urgent security alert and released patches for multiple vulnerabilities in Synology Chat Server, the enterprise communication platform running on Synology DiskStation Manager (DSM). CVE-2026-40541 (CVSS 9.0) is the most critical flaw: a high-severity arbitrary file access vulnerability allowing remote authenticated users to read or write arbitrary files on the DSM host system, and to conduct Denial of Service attacks. This direct arbitrary file write capability introduces ransomware-equivalent risk — an attacker can overwrite critical files on the NAS device, disrupting storage and communication infrastructure. CVE-2026-32998 (CVSS 9.4) is a critical Remote Code Execution vulnerability. CVE-2026-32997 (CVSS 8.6) is an arbitrary file write vulnerability. CVE-2026-32996 (CVSS 7.3) is a privilege escalation vulnerability.

Additional vulnerabilities include CVE-2026-9548, a medium-severity flaw allowing authenticated attackers to read restricted files and conduct limited DoS actions, and CVE-2026-9491, an information disclosure vulnerability exposing non-sensitive information. All vulnerabilities affect Synology Chat Server prior to version 2.4.5-22148 on DiskStation Manager (DSM) versions 7.2.1, 7.2.2, and 7.3. Fixed in Synology Chat Server version 2.4.5-22148. No public Proof-of-Concept exploits have been reported; these vulnerabilities are not listed in the CISA KEV catalog.

Why should TPRM professionals care?

Synology Chat Server is an enterprise messaging and collaboration platform deployed by organizations seeking on-premises alternatives to cloud communication tools. These systems store internal communications, file attachments, and shared content in a centralized location on NAS infrastructure — making them a repository of sensitive business conversations, project discussions, and confidential file exchanges. CVE-2026-40541's arbitrary file read/write capability means an authenticated attacker can access or corrupt any file on the DSM host — including configuration files, database files, and shared storage volumes. For TPRM professionals, a compromised vendor communication platform can expose confidential business discussions about joint projects, contracts, and sensitive customer data. The presence of a critical RCE (CVE-2026-32998) elevates the risk beyond data exposure to full host compromise of the NAS device and all data it hosts.

What questions should TPRM professionals ask vendors?

Have all Synology Chat Server deployments been upgraded to version 2.4.5-22148 or above?
Which DSM versions are in use across your Synology infrastructure? Have deployments on DSM 7.2.1, 7.2.2, and 7.3 all been included in the patch campaign?
What authentication controls and access restrictions govern Synology Chat Server? Have all authenticated user accounts been reviewed for necessity?
Are Synology DSM management interfaces accessible only from trusted internal network ranges, or are they exposed to the public internet?
Have file integrity monitoring controls been implemented on DSM storage volumes to detect unauthorized arbitrary file writes consistent with CVE-2026-40541 exploitation?

Remediation Recommendations

Upgrade Synology Chat Server to version 2.4.5-22148 or above immediately on all affected DSM versions (7.2.1, 7.2.2, and 7.3).
Apply all available DSM operating system updates in conjunction with the Chat Server upgrade to ensure the full security posture is current.
Restrict DSM management interface access to trusted internal network ranges using firewall rules; disable direct public internet exposure of management ports.
Audit all Synology Chat Server user accounts for necessity; disable or remove inactive accounts to reduce the authenticated attack surface.
Implement file integrity monitoring on DSM storage volumes to detect unauthorized write activity and establish baseline behavior for anomaly detection.
Conduct regular security audits of network assets to detect any unauthorized internal access or suspicious activity in chat logs or file modification histories.

Black Kite's Synology DSM Chat Server FocusTag® details critical insights on the event for TPRM professionals.

How TPRM Professionals Can Leverage Black Kite for These Vulnerabilities

This week's nine FocusTags® span a remarkable breadth of infrastructure layers — from foundational network file sharing (Samba) and webmail (Roundcube) to AI workflow platforms (Langflow), JavaScript dependency ecosystems (axios), enterprise messaging (ActiveMQ), search infrastructure (Solr), data pipeline orchestration (Airflow), web hosting control panels (Plesk), and enterprise communication (Synology Chat Server). The cross-cutting theme is clear: critical vendor risk is not concentrated in a single technology category but is distributed across the entire software stack that vendors deploy to run their operations. TPRM programs that scope their assessments narrowly — focusing only on customer-facing web applications or network perimeter controls — will miss the majority of the exposure surfaces documented this week.

Black Kite's FocusTags® translate this distributed risk landscape into prioritized, actionable vendor intelligence. Rather than requiring TPRM teams to monitor dozens of vulnerability feeds and manually map CVEs to vendor technology profiles, FocusTags® automatically surface the vendors in your ecosystem whose technology footprints match the affected products. The patch bypass pattern in the ActiveMQ tag and the incomplete fix in the axios tag illustrate why this matters: vendors may report compliance with a prior patch cycle while remaining fully exposed to the updated attack variant. FocusTags® enable TPRM teams to ask the precise, version-specific questions that distinguish genuine remediation from false compliance.

For organizations managing vendor ecosystems of hundreds or thousands of third parties, the operational efficiency of FocusTags® is transformative. Nine concurrent vulnerability clusters across infrastructure layers as diverse as those covered this week would otherwise require TPRM teams to run nine parallel assessment campaigns, coordinate nine separate vendor communications, and track nine independent remediation workflows. FocusTags® consolidate this into a single, prioritized view — enabling risk teams to operate at the speed of the threat landscape rather than the pace of traditional questionnaire cycles. The result is faster vendor prioritization, more targeted remediation requests, and measurably reduced exposure windows across the entire third-party ecosystem.

Strengthening TPRM Outcomes with Black Kite’s FocusTags®

Black Kite's FocusTag® technology provides TPRM teams with the intelligence infrastructure needed to keep pace with an accelerating threat landscape. By automatically correlating newly disclosed vulnerabilities with the technology profiles of vendors in your ecosystem, Black Kite transforms reactive patch tracking into proactive vendor risk management.

Instant Vendor Exposure Mapping: FocusTags® automatically identify which vendors in your portfolio are running affected products, eliminating the manual effort of mapping CVEs to vendor technology inventories across large, complex third-party ecosystems.
Precision-Targeted Remediation Requests: Each FocusTag® includes specific, technically grounded vendor questions — moving beyond generic patch status inquiries to version-specific, control-specific questions that surface genuine remediation versus compliance theater.
Continuous Risk Score Integration: FocusTag® exposure feeds directly into Black Kite's vendor risk scores, ensuring that critical vulnerability exposure is immediately reflected in your third-party risk ratings without waiting for the next scheduled assessment cycle.
Operational Efficiency at Scale: By consolidating multi-product vulnerability intelligence into a single prioritized view, FocusTags® enable TPRM teams to manage concurrent threat events across diverse technology categories without scaling headcount — ensuring risk teams operate at the speed of the threat landscape.

About Focus Friday

Every week, we delve into the realms of critical vulnerabilities and their implications from a Third-Party Risk Management (TPRM) perspective. This series is dedicated to shedding light on pressing cybersecurity threats, offering in-depth analyses, and providing actionable insights.

FocusTags® in the Last 30 Days

Samba - Jun2026 : CVE-2026-4480, CVE-2026-4408, CVE-2026-1933, CVE-2026-3012, CVE-2026-3238, CVE-2026-2340, Critical and High-Severity Vulnerabilities including Remote Code Execution and Access Control Bypass in Samba.

Roundcube - Jun2026 : CVE-2026-48842, CVE-2026-48844, CVE-2026-48848, CVE-2026-48845, CVE-2026-48846, Five High-Severity Vulnerabilities including SQL Injection, Server-Side Code Injection (RCE), and XSS in Roundcube Webmail. Langflow - Jun2026 : CVE-2026-7524, CVE-2026-48519, Two Critical-Severity Vulnerabilities including Path Traversal and Remote Code Execution in Langflow OSS.

Axios - Jun2026 : CVE-2026-44492, CVE-2026-44494, Two High-Severity Vulnerabilities including SSRF via NO_PROXY Bypass and Prototype Pollution in Axios.

ActiveMQ - Jun2026 : CVE-2026-45505, CVE-2026-42588, CVE-2026-49157, CVE-2026-42253, High-Severity Vulnerabilities including Remote Code Execution, Incorrect Permissions, and XSS in Apache ActiveMQ.

Apache Solr - Jun2026 : CVE-2026-44825, Critical Hardcoded and Default Credentials Vulnerability in Apache Solr.

Apache Airflow - Jun2026 : CVE-2026-45360, High-Severity Arbitrary Class Import Vulnerability in Apache Airflow.

Plesk - Jun2026 : CVE-2026-44962, Near-Maximum-Severity Chained XPath and OS Command Injection Vulnerability in Plesk.

Synology DSM Chat Server - Jun2026 : CVE-2026-40541, CVE-2026-32998, CVE-2026-32997, CVE-2026-32996, CVE-2026-9548, CVE-2026-9491, Critical and High-Severity Vulnerabilities including Remote Code Execution and Arbitrary File Access in Synology Chat Server.

Langflow - May2026 : CVE-2025-34291, Critical CORS/CSRF and Remote Code Execution Vulnerabilities in Langflow.

FreeBSD - May2026 : CVE-2026-45255, CVE-2026-45250, CVE-2026-45251, CVE-2026-45252, CVE-2026-39461, CVE-2026-45254, CVE-2026-45253, Critical and High-Severity Remote Code Execution, Kernel Privilege Escalation, Sandboxing Breaches, and Network Denial of Service Vulnerabilities in FreeBSD core OS.

Memcached - May2026 : CVE-2026-47783, CVE-2026-47784, High-Severity SASL Authentication Timing Side-Channel Vulnerabilities in Memcached.

Exchange Server - May2026 : CVE-2026-42897, High-Severity Cross-Site Scripting (XSS) Vulnerability in Outlook Web Access (OWA).

NGINX - May2026 : Critical Memory Corruption and Remote Code Execution Vulnerability in Nginx.

OpenClaw - May2026 : CVE-2026-44112, CVE-2026-44113, CVE-2026-44115, CVE-2026-44118, Critical Sandbox Escape, Sensitive Data Exfiltration, Privilege Escalation, and Persistent Backdoor Installation Vulnerabilities in OpenClaw.

Flowise - May2026 : CVE-2026-46442, Critical Sandbox Escape and Remote Code Execution Vulnerability in Flowise.

PostgreSQL - May2026 : CVE-2026-6637, CVE-2026-6477, CVE-2026-6473, CVE-2026-6475, CVE-2026-6479, High-Severity Stack Buffer Overflow, Memory Corruption, Integer Wraparound, Filesystem Hijacking, and Denial of Service Vulnerabilities in PostgreSQL.

MongoDB - May2026 : CVE-2026-8053, Critical Time-Series Arbitrary Code Execution Vulnerability in MongoDB Server.

pgAdmin - May2026 : CVE-2026-7813, CVE-2026-7816, CVE-2026-7815, CVE-2026-7820, CVE-2026-7818, CVE-2026-7817, CVE-2026-7819, Critical and High-Severity OS Command Injection, Improper Authorization, Unsafe Deserialization, SSRF, and Authentication Bypass Vulnerabilities in pgAdmin 4.

FreePBX - May2026: CVE-2026-46376, Critical Hard-Coded Credentials Vulnerability in FreePBX User Control Panel (UCP).

n8n - May2026 : CVE-2026-44790, CVE-2026-44791, CVE-2026-44789, Critical Arbitrary File Read, Prototype Pollution, and Remote Code Execution Vulnerabilities in n8n.

Dead.Letter : CVE-2026-45185, Critical Remote Code Execution, Use-After-Free,

Memory Corruption, and Improper Input Validation Vulnerabilities in Exim Mail

Server.

SharePoint - May2026 : CVE-2026-35439, CVE-2026-33110, CVE-2026-33112, CVE-2026-40357, CVE-2026-40365, CVE-2026-40368, High-Severity Remote Code Execution Vulnerabilities in Microsoft SharePoint.

MSSQL - May2026 : CVE-2026-40370, High-Severity Remote Code Execution and Privilege Escalation Vulnerability in Microsoft SQL Server.

cPanel & WHM : CVE-2026-41940, Critical Authentication Bypass Vulnerability in cPanel & WHM.

Redis - May2026 : CVE-2026-25243, CVE-2026-25588, CVE-2026-25589, CVE-2026-23479, CVE-2026-23631, High-Severity Invalid Memory Access and Use-After-Free Vulnerabilities in Redis.

Ivanti EPMM - May2026 : CVE-2026-6973, CVE-2026-7821, Improper Input Validation, Remote Code Execution, Improper Certificate Validation, Authentication Bypass, Information Disclosure, and Data Integrity Failure Vulnerabilities in Ivanti EPMM.

See Black Kite's full CVE Database and the critical TPRM vulnerabilities that have an applied FocusTags® at https://blackkite.com/cve-database.