{"vulnerability": "cve-2026-0826", "sightings": [{"uuid": "65fa0886-7e5f-4903-b13d-297dab233850", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0826", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mnctia4deu2a", "content": "Critical flaw CVE-2026-0826 in HP Poly Voice phones can allow root-level RCE via malicious SIP/SDP traffic. Affects VVX and Trio devices with ICE enabled. #HPPolyVoice #HPVVX #VoIPPhones", "creation_timestamp": "2026-06-02T14:45:24.331777Z"}, {"uuid": "24e8f36e-907b-402b-a655-18d71b137631", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0826", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnagtc27vi26", "content": "CVE-2026-0826 - Poly Voice \u2013 Possible Remote Control of Certain Poly Devices\nCVE ID : CVE-2026-0826\n \n Published : June 1, 2026, 2:55 p.m. | 18\u00a0minutes ago\n \n Description : In certain scenarios when the admin has enabled Interactive Connectivity Establishment (ICE), a buffer o...", "creation_timestamp": "2026-06-01T15:53:36.816340Z"}, {"uuid": "c1afd445-fe81-4ee7-bcbc-ee642135bfd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-0826", "type": "seen", "source": "https://bsky.app/profile/vritrasecnews.bsky.social/post/3mnbjd3riw42f", "content": "Overview Rapid7 Labs conducted a zero-day research project against an HP Poly VVX 450 Voice over Internet Protocol (VoIP) phone. This research resulted in t...\n\n\ud83d\udd17 https://www.rapid7.com/blog/post/ve-cve-2026-0826-critical-unauthenticated-stack-buffer-overflow-hp-poly-vvx-trio-voip-phones-fixed", "creation_timestamp": "2026-06-02T02:10:54.351495Z"}, {"uuid": "32af1031-9600-48cc-a1c8-b742e719338e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-0826", "type": "seen", "source": "https://infosec.exchange/users/AAKL/statuses/116681580971206273", "content": "Rapid7, posted yesterday: CVE-2026-0826: How an Old Bug Can Feed AI-Powered Impersonation https://www.rapid7.com/blog/post/ve-cve-2026-0826-how-an-old-bug-can-feed-ai-powered-impersonation/ @Rapid7Official #infosec #vulnerability", "creation_timestamp": "2026-06-02T17:00:34.533341Z"}, {"uuid": "10290fdc-744e-489b-b709-c68bede51782", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0826", "type": "seen", "source": "https://bsky.app/profile/deafnews-auto.bsky.social/post/3mne4soiou42b", "content": "CVE-2026-0826: Root RCE Vulnerability Hits HP Poly Enterprise VoIP Phones", "creation_timestamp": "2026-06-03T03:04:58.197889Z"}, {"uuid": "ef5a4d8d-9612-4545-a80f-2fbf910335ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0826", "type": "seen", "source": "https://bsky.app/profile/eyalestrin.bsky.social/post/3mnjkjj3dxi2g", "content": "CVE-2026-0826: Critical unauthenticated stack buffer overflow in HP Poly VVX and Trio VoIP Phones #patchmanagement", "creation_timestamp": "2026-06-05T06:53:42.042424Z"}, {"uuid": "8de7ad51-21fd-448a-9500-71a56f24ee6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0826", "type": "seen", "source": "https://t.me/P0x3k_1N73LL1G3NC3/362", "content": "CVE-2026-0826: Unauthenticated stack buffer overflow in HP Poly VVX and Trio VoIP Phones (RCE as root)\n\nVulnerable: VVX 150, VVX 250, VVX 350, and VVX 450), as well as Trio IP Conference series (Trio 8800, Trio 8500, and Trio 8300).\n\nBlog: https://www.rapid7.com/blog/post/ve-cve-2026-0826-critical-unauthenticated-stack-buffer-overflow-hp-poly-vvx-trio-voip-phones-fixed/", "creation_timestamp": "2026-06-05T06:38:36.000000Z"}, {"uuid": "1f53824f-5eb6-47f7-8ae2-c85913a1c6af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0826", "type": "seen", "source": "https://bsky.app/profile/aegisbot.bsky.social/post/3mnrn2eexu22h", "content": "\ud83d\udd0d Top signals this week:\n\nCVEs: CVE-2026-0257, CVE-2026-0826, CVE-2025-48595, CVE-2026-20245, CVE-2026-41089\nActors: Apt, Play, Ransomware\n\nFull intel: https://matlock.ca/cybersecnews", "creation_timestamp": "2026-06-08T12:00:12.281604Z"}, {"uuid": "6b5a6237-43cd-4d6e-a86e-2127902a9299", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0826", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/poly_unauth_rce_cve_2026_0826.rb", "content": "{\"aliases\": [], \"arch\": \"cmd\", \"author\": [\"sfewer-r7\"], \"autofilter_ports\": [], \"autofilter_services\": [], \"check\": true, \"default_credential\": false, \"description\": \"CVE-2026-0826 is a critical unauthenticated stack-based buffer overflow vulnerability affecting all\\n          models in the VVX series (VVX 150, VVX 250, VVX 350, and VVX 450), as well as three models from the Trio IP\\n          Conference series (Trio 8800, Trio 8500, and Trio 8300). A remote attacker can leverage CVE-2026-0826 to achieve\\n          unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability is present\\n          in the device's parsing of Session Description Protocol (SDP) attributes for Interactive Connectivity Establishment\\n          (ICE). The ICE feature, which is not enabled by default, must be enabled for the device to be exploitable by a\\n          remote attacker.\", \"disclosure_date\": \"2026-06-01\", \"fullname\": \"exploit/linux/misc/poly_unauth_rce_cve_2026_0826\", \"is_install_path\": true, \"mod_time\": \"2026-06-05 11:39:49 +0000\", \"name\": \"HP Poly Voice Unauthenticated Remote Code Execution\", \"needs_cleanup\": null, \"notes\": {\"Reliability\": [\"repeatable-session\"], \"SideEffects\": [\"ioc-in-logs\"], \"Stability\": [\"crash-os-restarts\"]}, \"path\": \"/modules/exploits/linux/misc/poly_unauth_rce_cve_2026_0826.rb\", \"platform\": \"Unix\", \"post_auth\": false, \"rank\": 500, \"ref_name\": \"linux/misc/poly_unauth_rce_cve_2026_0826\", \"references\": [\"CVE-2026-0826\", \"URL-https://support.hp.com/us-en/document/ish_15052661-15052687-16/hpsbpy04083\", \"URL-https://www.rapid7.com/blog/post/ve-cve-2026-0826-critical-unauthenticated-stack-buffer-overflow-hp-poly-vvx-trio-voip-phones-fixed/\"], \"rport\": 5060, \"session_types\": false, \"targets\": [\"Automatic\"], \"type\": \"exploit\"}", "creation_timestamp": "2026-06-18T17:57:26.000000Z"}, {"uuid": "88c79444-756c-4969-966f-e4b58b102ccc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0826", "type": "seen", "source": "https://bsky.app/profile/bugxhunter.bsky.social/post/3mndlukeafl2b", "content": "\ud83d\udd34 HP Poly VoIP Vulnerability CVE-2026-0826\n\n\ud83d\udcdd A critical buffer ov...\n\nhttps://www.csoonline.com/article/4180223/hp-poly-voip-vulnerability-sets-the-stage-for-executive-voice-deepfakes.html\n\n\ud83d\udcf0 HP Poly VoIP vulnerability sets the stage for executive voice deepfakes | CSO Online\n\n#CVE #RedTeam", "creation_timestamp": "2026-06-02T22:01:46.920439Z"}, {"uuid": "c1a7fcf3-ba4d-45e8-bba0-03584634f58e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0826", "type": "seen", "source": "https://t.me/true_secator/8277", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u043d\u0438\u043c\u0438 \u0443\u0433\u0440\u043e\u0437\u044b:\n\n1. Acer \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u0430, \u0447\u0442\u043e \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043d\u0430\u0434 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0435\u043c \u0434\u0432\u0443\u0445 0-day \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 \u0435\u0435 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430\u0445 \u0441 mesh-\u0441\u0435\u0442\u044c\u044e Wave 7, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0435 \u043f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0438 \u0432\u0435\u0440\u0441\u0438\u0438 T7c_GBL_1.01.000055 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u0439.\n\n\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u043f\u0440\u0438\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0413\u0435\u0440\u0433\u043e \u041f\u0430\u043f. \u041f\u0435\u0440\u0432\u0430\u044f CVE-2026-49200 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u0447\u0435\u0442\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0432\u0438\u0434\u0435, \u0445\u0440\u0430\u043d\u044f\u0449\u0438\u043c\u0441\u044f \u0432 \u0430\u0440\u0445\u0438\u0432\u0430\u0445 \u0436\u0443\u0440\u043d\u0430\u043b\u043e\u0432.\n\n\u0412\u0442\u043e\u0440\u0430\u044f CVE-2026-49201 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0436\u0435\u0441\u0442\u043a\u043e \u0437\u0430\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u0438\u043c \u043a\u043b\u044e\u0447\u043e\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0431\u0435\u0437 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0443 \u0447\u0435\u0440\u0435\u0437 \u0431\u044d\u043a\u0434\u043e\u0440.\n\n2. \u0425\u0430\u043a\u0435\u0440\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 (CVE-2026-8206) \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 Kirki - Freeform Page Builder, Website Builder &amp; Customizer \u0434\u043b\u044f WordPress \u0434\u043b\u044f \u0437\u0430\u0445\u0432\u0430\u0442\u0430 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u043e\u0432.\n\n\u0410\u0442\u0430\u043a\u0438 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b Defiant, \u0447\u0435\u0439 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u044d\u043a\u0440\u0430\u043d Wordfence \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043b \u0431\u043e\u043b\u0435\u0435 222 \u043f\u043e\u043f\u044b\u0442\u043e\u043a\u00a0\u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c \u0437\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 24 \u0447\u0430\u0441\u0430. CVE-2026-8206 \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0439 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u0438 REST API \u0434\u043b\u044f \u0441\u0431\u0440\u043e\u0441\u0430 \u043f\u0430\u0440\u043e\u043b\u044f \u0447\u0435\u0440\u0435\u0437 \u0444\u0443\u043d\u043a\u0446\u0438\u044e 'handle_forgot_password()'.\n\n\u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f, \u0447\u0442\u043e \u043f\u0440\u043e\u0434\u0432\u0438\u043d\u0443\u0442\u044b\u0439 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u0434\u043b\u044f \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u0442\u0435\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c \u043d\u0430 500 000 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u043e\u0432, \u043e\u0431\u044a\u0435\u043c\u044b \u0440\u0430\u0431\u043e\u0442\u044b \u0443 \u043a\u0438\u0431\u0435\u0440\u043f\u043e\u0434\u043f\u043e\u043b\u044c\u044f \u0438\u043c\u0435\u044e\u0442\u0441\u044f. \n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c\u00a0Wordfence, \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0432\u043e\u0437\u043d\u0438\u043a\u043b\u0430 \u0432 \u043d\u0435\u0434\u0430\u0432\u043d\u0435\u043c \u043a\u0440\u0443\u043f\u043d\u043e\u043c \u0440\u0435\u043b\u0438\u0437\u0435, \u0432\u0435\u0440\u0441\u0438\u0438 6.0.0, \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 \u043f\u043b\u0430\u0433\u0438\u043d\u0430 \u0434\u043e 6.0.6 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e, \u043a\u043e\u0442\u043e\u0440\u044b\u0435, \u0441\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0435 \u0437\u0430\u0433\u0440\u0443\u0437\u043e\u043a\u00a0\u0441 WordPress, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u043f\u043e\u0447\u0442\u0438 40% \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043f\u043b\u0430\u0433\u0438\u043d\u0430.\n\n3. \u0422\u0435\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0435\u043c, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u043d\u043e\u0432\u0430\u044f 0-day \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Microsoft \u0431\u0435\u0437 \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u044f. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0410\u043c\u043c\u0430\u0440 \u0410\u0441\u043a\u0430\u0440 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 (GitHub), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0439 \u043e\u0434\u043d\u0438\u043c \u0449\u0435\u043b\u0447\u043a\u043e\u043c \u043c\u044b\u0448\u0438 \u0443\u043a\u0440\u0430\u0441\u0442\u044c \u0442\u043e\u043a\u0435\u043d\u044b GitHub \u0447\u0435\u0440\u0435\u0437 \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440 Visual Studio Code.\n\n\u041f\u0440\u0438\u0447\u0435\u043c, \u043a\u0430\u043a \u043e\u0442\u043c\u0435\u0447\u0430\u0435\u0442 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c, \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f \u043e\u0431 \u043e\u0448\u0438\u0431\u043a\u0430\u0445 \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Microsoft \u0431\u044b\u043b\u0438 \u043f\u0440\u043e\u0438\u0433\u043d\u043e\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0431\u0435\u0437 \u043a\u0430\u043a\u0438\u0445-\u043b\u0438\u0431\u043e \u0432\u043e\u0437\u043d\u0430\u0433\u0440\u0430\u0436\u0434\u0435\u043d\u0438\u0439 \u0438\u043b\u0438 \u043f\u0440\u0438\u0437\u043d\u0430\u043d\u0438\u044f.\n\n4. BishopFox \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0438\u00a0\u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f CVE-2026-22557, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0449\u0435\u0439 \u0441\u043e\u0431\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0443 \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438 \u043f\u0440\u0438 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 Ubiquiti UniFi.\n\n5. HP \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0438 \u0434\u043b\u044f \u0441\u0432\u043e\u0438\u0445 VoIP-\u0442\u0435\u043b\u0435\u0444\u043e\u043d\u043e\u0432 \u0441\u0435\u0440\u0438\u0438 VVX, \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-0826, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u0430\u0445 \u0431\u0435\u0437 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Rapid7, \u043e\u043d\u0430 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0442\u043e\u043b\u044c\u043a\u043e \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445, \u0433\u0434\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0444\u0443\u043d\u043a\u0446\u0438\u044f \u0438\u043d\u0442\u0435\u0440\u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f.\n\n6. Positive Technologies \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u0441\u0432\u043e\u0439 \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0439 \u043c\u0430\u0439\u0441\u043a\u0438\u0439 \u0434\u0430\u0439\u0434\u0436\u0435\u0441\u0442 \u0412 \u0442\u0440\u0435\u043d\u0434\u0435 VM, \u0443\u043a\u0430\u0437\u0430\u0432 \u0433\u0440\u043e\u043c\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Linux (CVE-2026-31431), ActiveMQ (CVE-2026-34197), SharePoint (CVE-2026-32201) \u0438 Acrobat Reader (CVE-2026-34621).\n\n7. CISA \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u043e\u0431 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u044f\u0434\u0440\u0430 Linux CVE-2022-0492 (CVSS 7,8) \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0432\u044b\u0445\u043e\u0434\u0443 \u0438\u0437 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u043e\u0432. \u041e\u043d\u0430 \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u0430\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u043e\u0431\u043e\u0439\u0442\u0438 \u0438\u0437\u043e\u043b\u044f\u0446\u0438\u044e \u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0441\u0442\u0432\u0430 \u0438\u043c\u0435\u043d.\n\n8. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0442\u0438\u043f\u0430 HTTP/2 Bomb \u0432\u044b\u0432\u043e\u0434\u0438\u0442 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u044b \u0438\u0437 \u0441\u0442\u0440\u043e\u044f \u0437\u0430 \u0441\u0447\u0438\u0442\u0430\u043d\u043d\u044b\u0435 \u0441\u0435\u043a\u0443\u043d\u0434\u044b.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Calif \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442, \u0447\u0442\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0435 \u043c\u0435\u0442\u043e\u0434\u044b DoS-\u0430\u0442\u0430\u043a \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u043e\u0431\u044a\u0435\u0434\u0438\u043d\u0435\u043d\u044b \u0432 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u0432 \u043d\u043e\u0432\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\nHTTP/2 Bomb \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e Codex \u043e\u0442 OpenAI \u0438 \u0441\u043e\u0447\u0435\u0442\u0430\u0435\u0442 \u0432 \u0441\u0435\u0431\u0435 \u0431\u043e\u043c\u0431\u0443 \u0441\u0436\u0430\u0442\u0438\u044f, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u0443\u044e \u043d\u0430 \u0441\u0445\u0435\u043c\u0443 \u0441\u0436\u0430\u0442\u0438\u044f \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u043e\u0432 HTTP/2 (HPACK), \u0441 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u043e\u043c \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u0432 \u0441\u0442\u0438\u043b\u0435 Slowloris, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u0435\u043f\u044f\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044e \u043f\u0430\u043c\u044f\u0442\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c.\n\n\u0410\u0442\u0430\u043a\u0430 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 880 000 \u0441\u0430\u0439\u0442\u043e\u0432, \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u044e\u0449\u0438\u0445 HTTP/2 \u0438 \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0445 \u043f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0445 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0439 NGINX, Apache HTTPD, Microsoft IIS, Envoy \u0438\u043b\u0438 Cloudflare Pingora.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0441\u043e\u0432\u0435\u0440\u0448\u0435\u043d\u0430 \u0441 \u0434\u043e\u043c\u0430\u0448\u043d\u0435\u0433\u043e \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430 \u043f\u0440\u0438 \u0441\u043a\u043e\u0440\u043e\u0441\u0442\u0438 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f 100 \u041c\u0431\u0438\u0442/\u0441 \u0438 \u0432 \u0441\u0447\u0438\u0442\u0430\u043d\u043d\u044b\u0435 \u0441\u0435\u043a\u0443\u043d\u0434\u044b \u0432\u044b\u0432\u0435\u0441\u0442\u0438 \u0438\u0437 \u0441\u0442\u0440\u043e\u044f \u043b\u044e\u0431\u043e\u0439 \u0438\u0437 \u044d\u0442\u0438\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432.", "creation_timestamp": "2026-06-03T18:30:06.000000Z"}, {"uuid": "74d52dad-2beb-48c5-9add-b824b56d497e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0826", "type": "seen", "source": "https://mastodon.social/ap/users/115426718704364579/statuses/116688008248578556", "content": "\ud83d\udcf0 Critical RCE Flaw (CVE-2026-0826) in HP Poly VoIP Phones Allows Root Takeover\n\ud83d\udce2 CRITICAL FLAW: A 9.2 CVSS RCE bug (CVE-2026-0826) affects HP Poly VoIP phones. The flaw allows unauthenticated root access. HP has released patches. Update now! #CVE #Vulnerability #RCE #VoIP #PatchNow\n\ud83c\udf10 cyber[.]netsecops[.]io\n\ud83d\udd17 https://cyber.netsecops.io/articles/critical-rce-flaw-hp-poly-voip-phones-actively-exploitable/?utm_source=mastodon&amp;utm_medium=social&amp;utm_campaign=daily", "creation_timestamp": "2026-06-03T20:15:22.812706Z"}, {"uuid": "2c416bc2-b225-49f8-a017-36959b4a9475", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0826", "type": "seen", "source": "https://bsky.app/profile/netsecio.bsky.social/post/3mnfwfgbff32f", "content": "\ud83d\udce2 CRITICAL FLAW: A 9.2 CVSS RCE bug (CVE-2026-0826) affects HP Poly VoIP phones. The flaw allows unauthenticated root access. HP has released patches. Update now! #CVE #Vulnerability #RCE #VoIP #PatchNow\n\n\ud83c\udf10 cyber[.]netsecops[.]io", "creation_timestamp": "2026-06-03T20:15:30.233031Z"}, {"uuid": "3f7d5ced-1780-44f2-9a69-f3d4788e8006", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-0826", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mngaedulh22h", "content": "Why an HP Poly VoIP Phones Bug Could Become an Enterprise Foothold\n\nRapid7 details a critical unauthenticated overflow in HP Poly VoIP phones that can lead to root RCE, with patches available for affected models. Rapid7\u2019s latest disclosure on CVE-2026-0826 should get serious atten\u2026\n#hackernews #news", "creation_timestamp": "2026-06-03T23:13:51.807963Z"}]}