Threat Advisories - NVD Disclosed June 4, 2026

CVE-2026-20245

Cisco Catalyst SD-WAN Manager Local Privilege Escalation Vulnerability.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability in Cisco Catalyst SD-WAN Manager's CLI could allow an authenticated, local attacker to run commands as root by providing a malicious file. This could lead to command injection and privilege escalation on the affected system. The issue is due to insufficient input validation and requires netadmin privile

NVD published: June 4, 2026 • CISA KEV

CVE advisoryCRITICAL

CVE-2026-11029

Google Chrome for Android Drag and Drop Sandbox Escape

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

Insufficient validation in Chrome for Android's Drag and Drop feature allows a compromised renderer process to potentially escape the sandbox via a crafted HTML page. This could enable an attacker to execute code with higher privileges on a user's device. The relevance hinges on user interaction with malicious websites

NVD published: June 4, 2026

CVE advisoryKnown Exploit

CVE-2026-28318

SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

SolarWinds Serv-U is vulnerable to specially crafted POST requests that can cause the service to crash without authentication. This could lead to denial of service if the vulnerability is reached.

NVD published: June 4, 2026 • CISA KEV