_2026 - RunkIntel

# Vulnerabilidades - 2026 Cisco FMC zero-day ([[cve-2026-20131|CVE-2026-20131]], CVSS 10.0) explorado pelo [[interlock-ransomware|Interlock Ransomware]]. Microsoft Patch Tuesday com múltiplos críticos em SharePoint e Office. > [!danger] Cisco FMC Zero-Day > Destaque do ano com maior impacto operacional para organizações brasileiras e globais. --- ## CVEs Documentados %% ```dataview TABLE WITHOUT ID cve-id AS "CVE", cvss-score AS "CVSS", vendor AS "Fornecedor", product AS "Produto" FROM "vulnerabilities/2026" SORT cvss-score DESC ``` %%   | CVE | CVSS | Fornecedor | Produto | | ---------------------------------------------------------- | ---- | ------------------- | --------------------------------------------------------------------------------------- | | [[cve-2026-20131\|CVE-2026-20131]] | 10 | Cisco | Secure Firewall Management Center (FMC) | | [[cve-2026-20127\|CVE-2026-20127]] | 10 | Cisco | Cisco Catalyst SD-WAN Controller (vSmart) / SD-WAN Manager (vManage) | | [[cve-2026-21858\|CVE-2026-21858]] | 10 | n8n | n8n (workflow automation) | | [[cve-2026-22769\|CVE-2026-22769]] | 10 | Dell | RecoverPoint for VMs | | [[cve-2026-3587\|CVE-2026-3587]] | 10 | WAGO | Managed Switches (Lean e Industrial) | | [[cve-2026-21667\|CVE-2026-21667]] | 9.9 | Veeam | Backup & Replication | | [[cve-2026-21669\|CVE-2026-21669]] | 9.9 | Veeam | Backup & Replication | | [[cve-2026-21708\|CVE-2026-21708]] | 9.9 | Veeam | Backup & Replication | | [[cve-2026-1142\|CVE-2026-1142]] | 9.8 | Apple | iOS | | [[cve-2026-1281\|CVE-2026-1281]] | 9.8 | Ivanti | Ivanti Endpoint Manager Mobile (EPMM) | | [[cve-2026-1340\|CVE-2026-1340]] | 9.8 | Ivanti | Ivanti Endpoint Manager Mobile (EPMM) | | [[cve-2026-1731\|CVE-2026-1731]] | 9.8 | BeyondTrust | BeyondTrust Remote Support | | [[cve-2026-20122\|CVE-2026-20122]] | 9.8 | Cisco | Cisco IOS XE | | [[cve-2026-20963\|CVE-2026-20963]] | 9.8 | Microsoft | SharePoint | | [[cve-2026-21536\|CVE-2026-21536]] | 9.8 | Microsoft | Microsoft Devices Pricing Program (DPP) | | [[cve-2026-21668\|CVE-2026-21668]] | 9.8 | Veeam | Veeam Backup & Replication | | [[cve-2026-21992\|CVE-2026-21992]] | 9.8 | Oracle | Oracle Identity Manager / Oracle Web Services Manager | | [[cve-2026-24061\|CVE-2026-24061]] | 9.8 | GNU | Inetutils (telnetd) | | [[cve-2026-24858\|CVE-2026-24858]] | 9.8 | Fortinet | Fortinet FortiGate / FortiCloud SSO | | [[cve-2026-2930\|CVE-2026-2930]] | 9.8 | Tenda | A18 Router | | [[cve-2026-3044\|CVE-2026-3044]] | 9.8 | Tenda | AC8 Router | | [[cve-2026-32746\|CVE-2026-32746]] | 9.8 | GNU | InetUtils telnetd | | [[cve-2026-32968\|CVE-2026-32968]] | 9.8 | Desconhecido | com_mb24sysapi | | [[cve-2026-33017\|CVE-2026-33017]] | 9.8 | Langflow | Langflow | | [[cve-2026-33195\|CVE-2026-33195]] | 9.8 | Rails | Active Storage (DiskService) | | [[cve-2026-4001\|CVE-2026-4001]] | 9.8 | WordPress / Plugin | WooCommerce Custom Product Addons Pro | | [[cve-2026-4484\|CVE-2026-4484]] | 9.8 | Masteriyo | Masteriyo LMS (WordPress Plugin) | | [[cve-2026-4567\|CVE-2026-4567]] | 9.8 | Tenda | A15 Router | | [[cve-2026-4585\|CVE-2026-4585]] | 9.8 | Tiandy | Easy7 Integrated Management Platform | | [[cve-2026-4681\|CVE-2026-4681]] | 9.8 | PTC | Windchill PLM | | [[cve-2026-23760\|CVE-2026-23760]] | 9.3 | SmarterTools | SmarterMail | | [[cve-2026-3055\|CVE-2026-3055]] | 9.3 | Citrix | NetScaler ADC / NetScaler Gateway | | [[cve-2026-32913\|CVE-2026-32913]] | 9.3 | OpenClaw | OpenClaw | | [[cve-2026-21531\|CVE-2026-21531]] | 9.1 | Oracle | Oracle Access Manager | | [[cve-2026-25108\|CVE-2026-25108]] | 9.1 | Soliton Systems | FileZen | | [[cve-2026-33202\|CVE-2026-33202]] | 9.1 | Rails | Active Storage (DiskService) | | [[cve-2026-33409\|CVE-2026-33409]] | 9.1 | Parse Platform | Parse Server | | [[cve-2026-33297\|CVE-2026-33297]] | 9.1 | WWBN | AVideo | | [[cve-2026-4283\|CVE-2026-4283]] | 9.1 | LegalWeb | WP DSGVO Tools (GDPR) | | [[cve-2026-4600\|CVE-2026-4600]] | 9.1 | jsrsasign | jsrsasign | | [[cve-2026-4601\|CVE-2026-4601]] | 9.1 | jsrsasign | jsrsasign | | [[cve-2026-21385\|CVE-2026-21385]] | 9 | Qualcomm | GPU Driver (Android) | | [[cve-2026-26113\|CVE-2026-26113]] | 9 | Microsoft | Microsoft Office (Outlook) | | [[cve-2026-3564\|CVE-2026-3564]] | 9 | ConnectWise | ScreenConnect | | [[cve-2026-1145\|CVE-2026-1145]] | 8.9 | Apple | iOS | | [[cve-2026-1143\|CVE-2026-1143]] | 8.8 | Apple | iOS / iPadOS | | [[cve-2026-21262\|CVE-2026-21262]] | 8.8 | Microsoft | Microsoft SQL Server | | [[cve-2026-21510\|CVE-2026-21510]] | 8.8 | Microsoft | Windows Shell | | [[cve-2026-21513\|CVE-2026-21513]] | 8.8 | Microsoft | MSHTML (ieframe.dll / Windows) | | [[cve-2026-21248\|CVE-2026-21248]] | 8.8 | Microsoft | Windows | | [[cve-2026-21514\|CVE-2026-21514]] | 8.8 | Microsoft | Microsoft Office | | [[cve-2026-21525\|CVE-2026-21525]] | 8.8 | Oracle | Oracle WebLogic Server | | [[cve-2026-2441\|CVE-2026-2441]] | 8.8 | Google | Chrome | | [[cve-2026-26118\|CVE-2026-26118]] | 8.8 | Microsoft | Azure Model Context Protocol Server | | [[cve-2026-2941\|CVE-2026-2941]] | 8.8 | WordPress | Linksy Search and Replace (plugin) | | [[cve-2026-33634\|CVE-2026-33634]] | 8.8 | Aqua Security | Trivy | | [[cve-2026-34046\|CVE-2026-34046]] | 8.8 | Langflow / DataStax | Langflow | | [[cve-2026-3629\|CVE-2026-3629]] | 8.8 | WordPress | Plugin WordPress | | [[cve-2026-3909\|CVE-2026-3909]] | 8.8 | Google | Google Chrome (biblioteca Skia) | | [[cve-2026-3910\|CVE-2026-3910]] | 8.8 | Google | Chrome (Chromium V8 Engine) | | [[cve-2026-4529\|CVE-2026-4529]] | 8.8 | D-Link | DHP-1320 | | [[cve-2026-4534\|CVE-2026-4534]] | 8.8 | D-Link | D-Link Router (modelo afetado) | | [[cve-2026-4535\|CVE-2026-4535]] | 8.8 | D-Link | D-Link Router (modelo afetado) | | [[cve-2026-1146\|CVE-2026-1146]] | 8.7 | Apple | iOS | | [[cve-2026-1603\|CVE-2026-1603]] | 8.6 | Ivanti | Ivanti Endpoint Manager (EPM) | | [[cve-2026-1670\|CVE-2026-1670]] | 8.6 | Palo Alto Networks | PAN-OS | | [[cve-2026-1147\|CVE-2026-1147]] | 8.5 | Apple | iOS | | [[cve-2026-31993\|CVE-2026-31993]] | 8.5 | OpenClaw | OpenClaw (framework JavaScript) | | [[cve-2026-32013\|CVE-2026-32013]] | 8.5 | OpenClaw | OpenClaw (framework JavaScript) | | [[cve-2026-21533\|CVE-2026-21533]] | 8.4 | Microsoft | Windows Remote Desktop Services (RDS) | | [[cve-2026-26110\|CVE-2026-26110]] | 8.4 | Microsoft | Microsoft Office | | [[cve-2026-20045\|CVE-2026-20045]] | 8.2 | Cisco | Cisco Unified Communications Manager / IM & Presence / Unity Connection / Webex Calling | | [[cve-2026-20079\|CVE-2026-20079]] | 8.1 | Cisco | Secure Firewall Management Center (FMC) | | [[cve-2026-22719\|CVE-2026-22719]] | 8.1 | Broadcom (VMware) | VMware Aria Operations | | [[cve-2026-26114\|CVE-2026-26114]] | 8.1 | | | | [[cve-2026-26127\|CVE-2026-26127]] | 8.1 | Fortinet | FortiManager | | [[cve-2026-3818\|CVE-2026-3818]] | 8.1 | Mozilla | Firefox | | [[cve-2026-4599\|CVE-2026-4599]] | 8.1 | | | | [[cve-2026-1144\|CVE-2026-1144]] | 7.8 | Apple | iOS / iPadOS | | [[cve-2026-1602\|CVE-2026-1602]] | 7.8 | | | | [[cve-2026-20700\|CVE-2026-20700]] | 7.8 | Apple | Apple dyld (iOS, iPadOS, macOS, tvOS, watchOS, visionOS) | | [[cve-2026-21509\|CVE-2026-21509]] | 7.8 | Microsoft | Microsoft Office | | [[cve-2026-21519\|CVE-2026-21519]] | 7.8 | Microsoft | Windows Desktop Window Manager (DWM) | | [[cve-2026-22720\|CVE-2026-22720]] | 7.8 | Broadcom (VMware) | VMware Aria Operations 8.x | | [[cve-2026-24289\|CVE-2026-24289]] | 7.8 | Microsoft | Windows Kernel | | [[cve-2026-25187\|CVE-2026-25187]] | 7.8 | Microsoft | Windows Winlogon | | [[cve-2026-3334\|CVE-2026-3334]] | 7.8 | | | | [[cve-2026-3888\|CVE-2026-3888]] | 7.8 | Canonical | snapd | | [[cve-2026-4368\|CVE-2026-4368]] | 7.7 | Citrix | NetScaler ADC e Gateway | | [[cve-2026-1313\|CVE-2026-1313]] | 7.5 | Ivanti | Ivanti Connect Secure | | [[cve-2026-23668\|CVE-2026-23668]] | 7.5 | SAP | SAP NetWeaver | | [[cve-2026-24291\|CVE-2026-24291]] | 7.5 | | | | [[cve-2026-24294\|CVE-2026-24294]] | 7.5 | | | | [[cve-2026-26132\|CVE-2026-26132]] | 7.5 | Fortinet | FortiOS | | [[cve-2026-26144\|CVE-2026-26144]] | 7.5 | Microsoft | Microsoft Excel | | [[cve-2026-29058\|CVE-2026-29058]] | 7.5 | | | | [[cve-2026-21666\|CVE-2026-21666]] | 7.2 | Oracle | Oracle MySQL Server | | [[cve-2026-4314\|CVE-2026-4314]] | 7.2 | | | | [[cve-2026-22721\|CVE-2026-22721]] | 7.1 | Broadcom (VMware) | VMware Aria Operations 8.x | | [[cve-2026-20805\|CVE-2026-20805]] | 0 | | | | [[cve-2026-24423\|CVE-2026-24423]] | 0 | | | | [[vulnerabilities/2026/_2026.md\|_2026]] | \- | \- | \- | | [[cve-2026-32115\|CVE-2026-32115]] | \- | \- | \- | | [[cve-2026-2783\|CVE-2026-2783]] | \- | \- | \- | | [[cve-2026-4923\|CVE-2026-4923]] | \- | \- | \- | | [[cve-2026-29187\|CVE-2026-29187]] | \- | \- | \- | | [[cve-2026-31912\|CVE-2026-31912]] | \- | \- | \- | | [[cve-2026-31413\|CVE-2026-31413]] | \- | \- | \- | | [[cve-2026-21877\|CVE-2026-21877]] | \- | \- | \- | | [[cve-2026-20029\|CVE-2026-20029]] | \- | \- | \- | | [[cve-2026-23550\|CVE-2026-23550]] | \- | \- | \- | | [[cve-2026-20953\|CVE-2026-20953]] | \- | \- | \- | | [[cve-2026-20952\|CVE-2026-20952]] | \- | \- | \- |