Bastion Codex – Weekly Defender Brief (2026-06-01)

This weekly defender brief summarizes vulnerability movement observed over the past 7 and 30 days.

The goal is simple: highlight signal that matters to frontline defenders — patch workload pressure, severity shifts, and KEV movement.

Bastion Codex – Weekly Defender Brief

Week of 2026-06-01

Executive Snapshot

  • 2084 CVEs observed in the last 7 days
  • 146 Critical
  • 724 High
  • 6 KEV-listed vulnerabilities in last 30 days

Week-over-Week Movement

  • Total CVEs: 1114 (from 970 to 2084, 114.8%)
  • Critical: 39 (from 107 to 146, 36.4%)
  • High: 419 (from 305 to 724, 137.4%)
  • Medium: 244 (from 383 to 627, 63.7%)
  • Low: 32 (from 39 to 71, 82.1%)
  • Unknown: 380 (from 136 to 516, 279.4%)

Defender Takeaways

  • Elevated volume of Critical vulnerabilities this week. Prioritize external-facing asset review.
  • Recently added KEV vulnerabilities detected. Review CISA remediation timelines.
  • High severity volume suggests increased patch workload. Focus on internet-exposed services first.

Severity Breakdown (7 Days)

  • Critical: 146
  • High: 724
  • Medium: 627
  • Low: 71
  • Unknown: 516

Top Vendors (30 Days)

  • Daemon: 1
  • LiteSpeed: 1
  • Microsoft: 1
  • Nx: 1
  • Palo Alto Networks: 1
  • TanStack: 1

Top Products (30 Days)

  • Daemon Tools Lite: 1
  • Defender: 1
  • Nx Console: 1
  • PAN-OS: 1
  • TanStack: 1
  • cPanel Plugin: 1

Priority Watchlist (Top 10)

  • CVE-2026-8398 | CVSS: 9.8 | KEV: True | A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434)
  • CVE-2026-48172 | CVSS: 9.8 | KEV: True | LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detectio
  • CVE-2026-48027 | CVSS: 9.8 | KEV: True | Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC a
  • CVE-2026-45321 | CVSS: 9.6 | KEV: True | On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm reg
  • CVE-2026-0257 | CVSS: 9.1 | KEV: True | Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to
  • CVE-2026-32201 | CVSS: 6.5 | KEV: True | Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
  • CVE-2026-32202 | CVSS: 4.3 | KEV: True | Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.
  • CVE-2026-45498 | CVSS: 4.0 | KEV: True | Microsoft Defender Denial of Service Vulnerability
  • CVE-2017-16651 | CVSS: None | KEV: True | Roundcube Webmail contains a file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment
  • CVE-2009-3953 | CVSS: None | KEV: True | Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution.

Generated via Bastion Codex pipeline at 2026-06-01T15:34:30.929786+00:00