
June set a record nobody wanted. Microsoft shipped fixes for 208 CVEs in a single Patch Tuesday, the largest release since anyone started counting, and the wider month added a Check Point VPN bypass, a Splunk pre-auth file write, an AI-gateway RCE, and a Defender privilege-escalation bug that quietly graduated into ransomware tooling. Volume like that is its own kind of noise. A CVSS list of 208 entries does not tell you where to start.
So we did not rank by CVSS. We ranked by what was being exploited, what had a public proof-of-concept, and what sits on assets you actually expose. Five flaws clear that bar for June. Each one is live on the Strobes Vulnerability Intelligence platform with EPSS, KEV status, and exploit availability tracked in real time. Start with the VPN, because it is the cleanest example of the gap between a score and a breach.
CVE-2026-50751 lets an unauthenticated attacker reach a Check Point Remote Access VPN and log in without a password. That is the whole story, and it is enough. The flaw is a certificate-validation logic error in the deprecated IKEv1 key exchange used by Remote Access and Mobile Access. An attacker who can reach the gateway establishes a VPN session as a real user, no credentials required.
Look at the score Strobes VI carries: CVSS 0.0 from NVD at the time of writing, EPSS 71%. If you triaged on CVSS alone, this one never reaches your queue. The trend is marked rising, and the reason is the company you keep on the other end. Check Point observed exploitation going back to May 7, with a spike in early June, across several dozen organizations. At least one incident is linked to a Qilin ransomware affiliate, and Rapid7 attributed two cases with high confidence. CISA added it to the Known Exploited Vulnerabilities catalog on June 9.
VPN gateways are the classic ransomware front door, and an authentication bypass turns one internet-reachable box into access across everything behind the identity layer. Four of the nine affected version branches (R80.20.x, R80.40, R81, R81.10) are already end of support, so plenty of exposed gateways have no clean upgrade path.
CVE-2026-20253 is an unauthenticated file write in Splunk Enterprise that becomes remote code execution. The PostgreSQL sidecar service endpoint that ships with Splunk has no authentication on it, so any network-reachable user can create or truncate arbitrary files on the host. From there, writing to the right path is a short hop to code execution.
This is the highest EPSS on the list at 88%, and Strobes VI flags it critical priority on the combination that matters: high EPSS, exploit exists, active exploitation. Splunk PSIRT confirmed limited exploitation in June. watchTowr published a write-up and PoC on June 12 showing the file write chains into RCE, and CISA followed with a KEV listing and a patch-by-Sunday deadline. Shadowserver was tracking more than 1,400 internet-exposed Splunk instances when the advisory dropped.
Splunk is the system your SOC trusts. An unauthenticated write into that box does not just compromise a server, it compromises the telemetry you would use to detect the compromise. That is why a “low severity 0.0” label is so misleading here, and why prioritization that ignores CVSS in favor of real signals is the only sane way to read a month like this.
CVE-2026-47291 is an unauthenticated, network RCE in Windows HTTP.sys that runs in kernel mode. HTTP.sys is the kernel driver under IIS, WinRM, WCF, and a long list of Windows HTTP services. An integer overflow in its request-parsing logic, triggered by a crafted request crossing 65,535 bytes, wraps the allocation size and overflows the heap in kernel memory. Success means code execution as SYSTEM with no privilege boundary above it.

This was the headline bug in a 208-CVE Patch Tuesday, and Microsoft put it on the “exploitation more likely” list. Strobes VI tracks it at CVSS 9.8 with EPSS 22% and a public PoC already on GitHub. There is one nuance that decides whether you are exposed: servers running the default MaxRequestBytes value of 16,384 bytes are not affected. Only hosts where that value was explicitly raised above 65,535 are in range. That single registry setting is the difference between “patch on the normal cycle” and “patch tonight,” and you cannot know which servers are affected without checking.
It is the same unauthenticated-plus-kernel-mode-plus-integer-overflow class that produced PrintNightmare and the 2021 HTTP.sys scare. Each time, that combination proved devastating. Microsoft has not called this one wormable, but the raw capability is there.
CVE-2026-42271 lets any authenticated LiteLLM user, including a low-privilege internal key, run arbitrary commands on the proxy host. LiteLLM is a popular gateway that sits in front of model providers. Two endpoints used to preview an MCP server before saving it, POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list, accepted a full stdio server config and spawned the supplied command as a subprocess with the proxy’s privileges. The endpoints checked for a valid API key but skipped the role check the save endpoint enforced.
Strobes VI tracks it at EPSS 75%, with public PoCs and a Nuclei template already published. This is the June flaw most worth your attention if you are building anything agentic. The AI gateway holds the keys to every model provider and tool it brokers, and a missing role check on a debug endpoint turns that gateway into a command-execution primitive. As MCP servers and AI tooling spread across engineering orgs, this class of bug, an over-permissioned internal endpoint, is going to define the next wave of exposure. It is exactly the kind of chained, reasoned flaw agentic pentesting is built to surface before an attacker does.
CVE-2026-33825, the “BlueHammer” bug, escalates a local unprivileged user to SYSTEM by abusing Microsoft Defender’s own remediation engine. It is a time-of-check to time-of-use race condition. Defender performs privileged file operations during malware cleanup without re-validating the target path at write time. The exploit uses an opportunistic lock to pause Defender mid-operation, drops an NTFS junction to redirect the write into C:\Windows\System32, and lets Defender finish the job with SYSTEM privileges. The endpoint security tool becomes the escalation path.

This one earns its place for a June-specific reason. BlueHammer was disclosed and patched back in April, exploited in the wild as a zero-day before the fix shipped. On June 30, CISA updated the KEV entry to confirm the flaw is now being used in ransomware campaigns. A 7.8 that you may have deprioritized in April is, two months later, part of an active ransomware playbook. That is the entire argument for re-prioritizing on a rolling basis instead of treating a patch cycle as done. Strobes VI flags it zero-day with exploit and patch both available, and the trend is one to watch.
Five products with nothing in common except that the score on the label told you almost nothing about the risk in the wild.
| CVE | Product | CVSS | Type | Exploited | Fix |
|---|---|---|---|---|---|
| CVE-2026-47291 | Windows HTTP.sys | 9.8 | Unauth network RCE (kernel) | PoC public, EPSS 22% | June Patch Tuesday |
| CVE-2026-50751 | Check Point VPN | Crit | Unauth VPN auth bypass | In KEV, Qilin ransomware | Check Point hotfix |
| CVE-2026-20253 | Splunk Enterprise | Crit | Unauth file write to RCE | In KEV, EPSS 88% | Splunk 10.2.4 / 10.0.7 |
| CVE-2026-42271 | LiteLLM (MCP proxy) | Crit | Authd command injection RCE | PoC public, EPSS 75% | LiteLLM 1.83.7 |
| CVE-2026-33825 | Microsoft Defender | 7.8 | Local priv-esc to SYSTEM | In KEV, now ransomware | April Patch Tuesday |
CVSS values reflect NVD data as carried on Strobes VI at time of writing; several were still 0.0 or unscored while EPSS and KEV already flagged active risk.
Patch by exposure and exploitation, not by severity score alone. In a month with 208 Microsoft CVEs, a raw severity list buries the bugs attackers actually reach for. The order that holds up puts CISA KEV entries with confirmed exploitation first (Check Point, Splunk, Defender), then high-EPSS flaws with public exploit code on assets you expose (LiteLLM, and the HTTP.sys hosts where MaxRequestBytes is raised), then everything else. That is the logic behind risk-based vulnerability management and the prioritization stage of a CTEM program.
The Strobes Vulnerability Intelligence platform tracks that live context for every CVE here, exploit availability, EPSS movement, KEV status, and real exposure. Start at strobes.co/vi.
Which June 2026 CVE should I patch first?
If you run Check Point Remote Access VPN, CVE-2026-50751 comes first: it is an unauthenticated bypass, it is in CISA KEV, and it is already tied to Qilin ransomware. After that, prioritize Splunk (CVE-2026-20253, EPSS 88%) and confirm your April Defender update closed BlueHammer (CVE-2026-33825), which is now in ransomware campaigns.
Is my Windows server affected by the HTTP.sys bug CVE-2026-47291?
Only if the MaxRequestBytes registry value was raised above 65,535. Servers on the default 16,384-byte value are not exploitable. Check that value across every host running IIS, WinRM, or WCF before assuming you are safe, then apply the June Patch Tuesday update.
Why does an AI gateway flaw like CVE-2026-42271 matter for security teams?
LiteLLM brokers credentials and tools for every model provider behind it. A missing role check on a debug endpoint let any authenticated key run host commands, turning the gateway into an unauthenticated-adjacent shell. As MCP servers and agentic tooling spread, over-permissioned internal endpoints like this are becoming a primary attack surface.
How does Strobes help with CVEs like these?
Strobes Vulnerability Intelligence tracks exploit availability, EPSS, and KEV status for every CVE in real time, and the platform validates which findings are actually reachable in your environment. That replaces raw CVSS sorting with risk-based prioritization, so a 208-CVE month becomes a short, ordered queue. See Adversarial Exposure Validation and RBVM.