By Jordan Polasek · July 17, 2026

Good morning. I'm Jordan Polasek with BVTech, and this week has been a heavy one for the KEV catalog. CISA added ten confirmed exploited vulnerabilities over the past few days, and several of them hit software that Texas small businesses actually run every day — SharePoint, Fortinet appliances, Oracle E-Business Suite, and SonicWall remote access boxes. Let me walk you through what matters and what to do about it.

SharePoint: Two Separate Problems, Both Being Exploited

There are two SharePoint entries on the list, and I want you to treat both seriously. CVE-2026-58644 is a deserialization of untrusted data vulnerability in Microsoft SharePoint, added July 16 with a federal remediation deadline of July 19. Deserialization flaws are a favorite of attackers because they can lead to remote code execution — meaning someone can run their own commands on your server.

The second one, CVE-2026-56164, affects SharePoint Server and is a missing authentication for a critical function. That was added July 14 with a federal due date of July 17 — which is today. In plain English, that means a function that should require a login doesn't, so an attacker can reach it without credentials.

If you run an on-premises SharePoint Server, this is your top priority. Apply the latest Microsoft security updates immediately and confirm your server is reachable only through what it needs to be.

Fortinet FortiSandbox: Two Command Injection Flaws

CVE-2026-25089 and CVE-2026-39808 are both OS command injection vulnerabilities in Fortinet FortiSandbox, added July 16 with a July 19 federal deadline. Command injection means an attacker can trick the device into running operating system commands it was never meant to run. Update FortiSandbox OS to the fixed version Fortinet has published, and if you have a support contract, ask your reseller to confirm you're on a patched build.

SonicWall SMA1000: Patch Today

Two SonicWall SMA1000 appliance flaws are on the list with a July 17 deadline — today. CVE-2026-15409 is a server-side request forgery vulnerability, and CVE-2026-15410 is a code injection vulnerability. These appliances sit at the edge of your network handling remote access, so a compromise here is a direct path inside. Apply SonicWall's firmware update now and review your VPN and remote access logs for anything unusual.

Oracle, Microsoft ADFS, KNX, and Cisco IOS

Rounding out the additions:

What To Do Right Now

Here's my priority order for a small business: patch anything internet-facing first — SonicWall SMA1000, on-prem SharePoint, and FortiSandbox. Next, get your Oracle EBS and ADFS updates scheduled this week. Finally, take an honest look at old gear like that Cisco IOS entry; if a device is out of support, plan to replace it.

Federal agencies have deadlines on these, but the exploitation is happening in the wild against everyone, not just the government. If patching feels overwhelming or you're not sure whether you're exposed, reach out to us at BVTech. I'd rather spend twenty minutes helping you confirm you're safe than clean up a breach later. Stay safe out there.