Good morning. I'm Jordan Polasek with BVTech, and this week has been a heavy one for the KEV catalog. CISA added ten confirmed exploited vulnerabilities over the past few days, and several of them hit software that Texas small businesses actually run every day — SharePoint, Fortinet appliances, Oracle E-Business Suite, and SonicWall remote access boxes. Let me walk you through what matters and what to do about it.
SharePoint: Two Separate Problems, Both Being Exploited
There are two SharePoint entries on the list, and I want you to treat both seriously. CVE-2026-58644 is a deserialization of untrusted data vulnerability in Microsoft SharePoint, added July 16 with a federal remediation deadline of July 19. Deserialization flaws are a favorite of attackers because they can lead to remote code execution — meaning someone can run their own commands on your server.
The second one, CVE-2026-56164, affects SharePoint Server and is a missing authentication for a critical function. That was added July 14 with a federal due date of July 17 — which is today. In plain English, that means a function that should require a login doesn't, so an attacker can reach it without credentials.
If you run an on-premises SharePoint Server, this is your top priority. Apply the latest Microsoft security updates immediately and confirm your server is reachable only through what it needs to be.
Fortinet FortiSandbox: Two Command Injection Flaws
CVE-2026-25089 and CVE-2026-39808 are both OS command injection vulnerabilities in Fortinet FortiSandbox, added July 16 with a July 19 federal deadline. Command injection means an attacker can trick the device into running operating system commands it was never meant to run. Update FortiSandbox OS to the fixed version Fortinet has published, and if you have a support contract, ask your reseller to confirm you're on a patched build.
SonicWall SMA1000: Patch Today
Two SonicWall SMA1000 appliance flaws are on the list with a July 17 deadline — today. CVE-2026-15409 is a server-side request forgery vulnerability, and CVE-2026-15410 is a code injection vulnerability. These appliances sit at the edge of your network handling remote access, so a compromise here is a direct path inside. Apply SonicWall's firmware update now and review your VPN and remote access logs for anything unusual.
Oracle, Microsoft ADFS, KNX, and Cisco IOS
Rounding out the additions:
- CVE-2026-46817 — Oracle E-Business Suite improper privilege management (added July 15, due July 18). If you run Oracle EBS, apply the relevant Oracle Critical Patch Update.
- CVE-2026-56155 — Microsoft Active Directory Federation Services insufficient granularity of access control (added July 14, due July 28). ADFS handles your sign-ins, so patch and review access policies.
- CVE-2023-4346 — KNX Association KNX Protocol account lockout weakness (added July 15, due July 29). This affects building automation systems; relevant if you run smart building controls.
- CVE-2008-4128 — Cisco IOS cross-site request forgery (added July 13, due July 16). An old one, but still being exploited. If you have aging Cisco gear, this is your reminder that end-of-life hardware is a real risk.
What To Do Right Now
Here's my priority order for a small business: patch anything internet-facing first — SonicWall SMA1000, on-prem SharePoint, and FortiSandbox. Next, get your Oracle EBS and ADFS updates scheduled this week. Finally, take an honest look at old gear like that Cisco IOS entry; if a device is out of support, plan to replace it.
Federal agencies have deadlines on these, but the exploitation is happening in the wild against everyone, not just the government. If patching feels overwhelming or you're not sure whether you're exposed, reach out to us at BVTech. I'd rather spend twenty minutes helping you confirm you're safe than clean up a breach later. Stay safe out there.