Bastion Codex – Weekly Defender Brief (2026-07-06)


This weekly defender brief summarizes vulnerability movement observed over the past 7 and 30 days.

The goal is simple: highlight signal that matters to frontline defenders — patch workload pressure, severity shifts, and KEV movement.


Bastion Codex – Weekly Defender Brief

Week of 2026-07-06

Executive Snapshot

  • 1794 CVEs observed in the last 7 days
  • 195 Critical
  • 598 High
  • 2 KEV-listed vulnerabilities in last 30 days

Week-over-Week Movement

  • Total CVEs: -158 (from 1952 to 1794, -8.1%)
  • Critical: 31 (from 164 to 195, 18.9%)
  • High: -216 (from 814 to 598, -26.5%)
  • Medium: 22 (from 655 to 677, 3.4%)
  • Low: 9 (from 50 to 59, 18.0%)
  • Unknown: -4 (from 269 to 265, -1.5%)

Defender Takeaways

  • Elevated volume of Critical vulnerabilities this week. Prioritize external-facing asset review.
  • Recently added KEV vulnerabilities detected. Review CISA remediation timelines.
  • High severity volume suggests increased patch workload. Focus on internet-exposed services first.

Severity Breakdown (7 Days)

  • Critical: 195
  • High: 598
  • Medium: 677
  • Low: 59
  • Unknown: 265

Top Vendors (30 Days)

  • PTC: 1
  • SimpleHelp: 1

Top Products (30 Days)

  • SimpleHelp: 1
  • Windchill and FlexPLM: 1

Priority Watchlist (Top 10)

  • CVE-2026-48558 | CVSS: 10.0 | KEV: True | SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication
  • CVE-2021-42237 | CVSS: 9.8 | KEV: True | Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achi
  • CVE-2022-26258 | CVSS: 9.8 | KEV: True | D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp.
  • CVE-2025-67038 | CVSS: 9.8 | KEV: True | An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user’s authanticatio
  • CVE-2026-42208 | CVSS: 9.8 | KEV: True | LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a datab
  • CVE-2026-12569 | CVSS: 9.8 | KEV: True | A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be ex
  • CVE-2021-25296 | CVSS: 8.8 | KEV: True | Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/confi
  • CVE-2021-25297 | CVSS: 8.8 | KEV: True | Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/confi
  • CVE-2021-25298 | CVSS: 8.8 | KEV: True | Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/confi
  • CVE-2025-31277 | CVSS: 8.8 | KEV: True | The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvO

Generated via Bastion Codex pipeline at 2026-07-06T19:22:33.106624+00:00