Weekly dossier · 2026-W22
Joel Traber AG
25.05.2026 – 31.05.2026
Strategic overview
CRITICALIn CW 22, several critical vulnerabilities are relevant to Joel Traber AG: most urgently, an actively exploited authentication bypass in PAN-OS GlobalProtect (CVE-2026-0257) and an RCE flaw in Microsoft SharePoint (CVE-2026-45659), which allows authenticated attackers with minimal permissions to compromise collaboration infrastructure, including internal threat vectors.
- Alerts
- 205
- CVEs
- 557
- KEV
- 7
- Critical
- 69
Top news
- TAKTISCH The Hacker NewsPAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
An actively exploited authentication bypass in PAN-OS GlobalProtect enables unauthorized VPN access; while Palo Alto is not in Joel Traber's stated stack, any manufacturing company using Palo Alto firewalls for remote access must treat this as an immediate remediation priority.
→ CVE-2026-0257 affects PAN-OS GlobalProtect, which is not in Joel Traber AG's stated tech stack; however, the active exploitation of VPN authentication bypass is operationally relevant to manufacturing companies using Palo Alto firewalls and remote access infrastructure, and represents a near-term defensive priority.
- TAKTISCH BleepingComputerHackers exploit FortiClient EMS flaw to push infostealer malware
The vulnerability is being actively exploited to deliver credential-stealing malware disguised as legitimate Fortinet updates through VPN scripting workflows.
→ FortiClient EMS is directly in Joel Traber AG's tech stack; CVE-2026-35616 is a critical authentication bypass being actively exploited to deliver infostealer malware, requiring immediate patching.
- TAKTISCH ZDI: Published AdvisoriesZDI-26-186: Fortinet FortiClient Link Following Local Privilege Escalation Vulnerability
Local privilege escalation in FortiClient requires prior low-privilege code execution and affects a core security infrastructure product.
→ Fortinet FortiClient is in the company's tech stack and this LPE vulnerability has a CVSS 7.8 score requiring local code execution first.
- TAKTISCH ZDI: Published AdvisoriesZDI-26-266: Fortinet FortiWeb cat_cgi_paths Out-Of-Bounds Write Remote Code Execution Vulnerability
A CVSS-8.8 RCE vulnerability in FortiWeb requires authentication and should be prioritized once a fix is available.
→ Fortinet FortiWeb is a critical security appliance in Joel Traber AG's tech stack, and this authentication-required RCE vulnerability requires immediate patch evaluation.
- TAKTISCH The Hacker NewsMicrosoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
The vulnerability requires only minimal Site Member permissions and can be exploited by internal or compromised accounts without elevated administrator rights , a risk for manufacturing environments with many SharePoint users.
→ CVE-2026-45659 directly affects Microsoft SharePoint Server, a core component of Joel Traber AG's M365/collaboration infrastructure; requires authenticated access with minimum Site Member permissions, making internal threat vectors a concern for manufacturing environments.
- OPERATIV ZDI: Published AdvisoriesZDI-26-203: (Pwn2Own) Canon imageCLASS MF654Cdw XML SOAP Request Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
This Pwn2Own exploit demonstrates a critical vulnerability in Canon printers exploitable without authentication by network-adjacent attackers, enabling direct access to a widespread peripheral device on the corporate network.
→ Canon imageCLASS MF654Cdw is explicitly listed in Joel Traber AG's tech stack; this remote code execution vulnerability affecting the printer directly threatens the company's managed devices.
- OPERATIV ZDI: Published AdvisoriesZDI-26-184: Microsoft Windows NDIS Driver Use-After-Free Local Privilege Escalation Vulnerability
Use-after-free in Windows NDIS driver enables local privilege escalation with CVSS 7.8 on systems where code execution is already possible.
→ CVE-2026-24289 is a local privilege escalation vulnerability in Microsoft Windows NDIS Driver affecting Windows Server 2022 and 2019, both core to the company's infrastructure.
- TAKTISCH Rapid7 Cybersecurity BlogPatch Tuesday - May 2026
137 Microsoft vulnerabilities published in May 2026, including critical RCE in Windows Netlogon and DNS Client with no known active exploitation.
→ Patch Tuesday with critical RCE vulnerabilities in Windows Netlogon, DNS Client, and Microsoft products directly affecting Joel Traber AG's Microsoft infrastructure (Windows Server 2022/2019, Active Directory, Microsoft 365).
- TAKTISCH Rapid7 Cybersecurity BlogCritical Buffer Overflow in Palo Alto Networks PAN-OS User-ID Authentication Portal (CVE-2026-0300)
CL-STA-1132, a likely state-sponsored threat cluster, actively exploits CVE-2026-0300 and deploys open-source tunneling tools and Active Directory enumeration following initial compromise.
→ CVE-2026-0300 is a critical unauthenticated buffer overflow in Palo Alto Networks PAN-OS affecting PA-Series and VM-Series firewalls; Joel Traber AG operates Fortinet FortiGate firewalls, not Palo Alto Networks, but the vulnerability affects critical network infrastructure widely deployed in DACH manufacturing environments and is actively exploited by state-sponsored threat actors.
Research Deep Dives
View all →- RAPID7 CYBERSECURITY BLOG 13/05/2026Patch Tuesday - May 2026
Microsoft's May 2026 Patch Tuesday addresses 137 vulnerabilities, including critical remote code execution (RCE) flaws in Windows Netlogon and DNS Client. The most severe, CVE-2026-41089, is a stack buffer overflow in Netlogon that grants SYSTEM privileges on domain controllers. Another critical RCE in the DNS Client (CVE-2026-41096) provides a network foothold, while a critical elevation of privilege in an Atlassian plugin (CVE-2026-41103) bypasses Entra ID authentication. No active exploitation is currently reported, but immediate patching is strongly recommended.
- RAPID7 CYBERSECURITY BLOG 06/05/2026Critical Buffer Overflow in Palo Alto Networks PAN-OS User-ID Authentication Portal (CVE-2026-0300)
A critical buffer overflow vulnerability (CVE-2026-0300) in the Palo Alto Networks PAN-OS User-ID Authentication Portal allows unauthenticated attackers to execute arbitrary code with root privileges. The vulnerability is being actively exploited in the wild, but no patches are available yet. PA-Series and VM-Series firewalls with the portal enabled are affected, which could be relevant for many manufacturing companies in the DACH region. Organizations should immediately apply the provided workarounds and prioritize patching as soon as fixes are released.
- RAPID7 CYBERSECURITY BLOG 14/05/2026CVE-2026-0265: Authentication Bypass in Palo Alto Networks PAN-OS
CVE-2026-0265 is an authentication bypass vulnerability in Palo Alto Networks PAN-OS that occurs when Cloud Authentication Service (CAS) is enabled and attached to a login interface. Affected platforms include PA-Series, VM-Series firewalls, and Panorama appliances, though the configuration is non-default but common. Although no active exploitation has been confirmed, the ease of exploitability and expected disclosure of technical details make emergency patching critical. Patches were partially released on May 13, 2026, with additional fixes due by May 28.
Top vendors
- Google 76
- Microsoft 35
- Synology 10
- Linux 8
- Canon 5
- Fortinet 5
Top CVEs
- CVE-2026-0265 CVE-2026-0265: Authentication Bypass in Palo Alto Networks P 9.8
- CVE-2026-0300 Critical Buffer Overflow in Palo Alto Networks PAN-OS User-I 9.8
- CVE-2026-7451 CVE-2026-7451 ist eine Out-of-Bounds-Write-Schwachstelle in Autodesk 3ds Max, die durch das Parsen einer manipulierten TIF-Datei ausgelöst wird. 7.8
- CVE-2026-7452 CVE-2026-7452 ist eine Memory-Corruption-Schwachstelle in Autodesk 3ds Max, die durch das Parsen manipulierter WRL-Dateien (VRML-Format) ausgelöst wird. 7.8
- CVE-2026-7454 CVE-2026-7454 ist eine Speichercorruption-Schwachstelle in Autodesk 3ds Max, die durch das Parsing einer böswillig manipulierten WRL-Datei (VRML-Format) ausgelöst wird. 7.8
- CVE-2025-12686 CVE-2025-12686 ist eine Buffer-Overflow-Anfälligkeit in Synology BeeStation Manager und BeeStation OS vor Version 1.3.2-65648, die es Angreifern ermöglicht, per Remote Code Execution auszuführen. 9.8