Three Actively Exploited Vulns, HPE's AI Networking Push, and Why Your Wi-Fi 7 Router Is Lying to You

It's a patch-heavy Tuesday — two of today's vulnerabilities are already being weaponized in the wild, and a third has a federal deadline two days out.

Cisco SD-WAN Is Getting Hammered — Again (CVE-2026-20262)

Two weeks ago we covered Cisco's first Catalyst SD-WAN Manager exploit of the summer. Today there's a second one. CVE-2026-20262 has been confirmed by Cisco's own PSIRT as actively exploited, which means this isn't theoretical — attackers are already running playbooks against unpatched infrastructure.

SD-WAN Manager is a high-value target by design: compromise it and you potentially have visibility into — and control over — your entire WAN fabric. If you're managing Catalyst SD-WAN in any capacity, this is a drop-everything situation.

What to do right now:

• Pull the Cisco Security Advisory and confirm your SD-WAN Manager version against the fixed releases
• Check your audit logs for anomalous API calls or unexpected administrative sessions
• If you can't patch immediately, review Cisco's workaround guidance and restrict management-plane access to trusted source IPs only

Two critical SD-WAN CVEs in fourteen days is a pattern, not a coincidence. Cisco's SD-WAN Manager attack surface is clearly under active research by threat actors. If your organization has been deferring patching cycles on this platform, that calculus needs to change today.

SimpleHelp RMM Has a Rogue Technician Problem (CVE-2026-48558)

This one is particularly nasty for MSPs. CVE-2026-48558 in SimpleHelp RMM allows an attacker to create a new Technician-level account without authorization, then use that account to remote into any endpoint under management. If you run SimpleHelp, that's not just your infrastructure at risk — it's every client machine you manage.

The attack chain here is straightforward and devastating: exploit the flaw, spin up a fake tech account, pivot to endpoints. No lateral movement required. No credential theft needed. The RMM is the weapon.

What to do right now:

• Update SimpleHelp to the patched version immediately — check the SimpleHelp release notes for the fixed build
• Audit your Technician account list right now for any accounts you don't recognize
• Review session logs for remote connections initiated outside of normal business hours or from unfamiliar IP ranges
• If you can't patch today, consider taking the SimpleHelp server offline or firewall-restricting it to known technician IPs as a stopgap

MSPs are a force-multiplier target. One compromised RMM server can cascade into dozens of client environments within hours. Treat this with the same urgency you'd give a ransomware alert.

CISA's LiteSpeed cPanel Flaw Has a 48-Hour Deadline (CVE-2026-54420)

CISA added CVE-2026-54420 to the Known Exploited Vulnerabilities catalog today with a remediation deadline of June 18, 2026 — that's this Wednesday — for federal agencies. The flaw lives in the LiteSpeed cPanel plugin and allows privilege escalation to root. Full stop.

If you're not a federal agency, the mandate doesn't technically apply to you — but CISA doesn't add things to the KEV catalog for fun. Active exploitation is confirmed, and root escalation on a web server is as bad as it sounds.

Who needs to act:

• Anyone running cPanel with the LiteSpeed plugin installed, whether on a VPS, dedicated server, or homelab web stack
• Hosting providers and MSPs managing cPanel environments for clients

What to do:

• Update the LiteSpeed cPanel plugin immediately through WHM or manually via the LiteSpeed admin panel
• If you're on a managed host, open a ticket now and confirm they've patched — don't assume
• Check for signs of post-exploitation: unexpected cron jobs, new root-level SSH keys, or unfamiliar processes running as root

Wednesday is not a lot of runway. Get this done today.

HPE Discover 2026: Juniper + Aruba Is Starting to Look Like a Real Platform

HPE used Discover 2026 to pull back the curtain on a new wave of networking hardware aimed squarely at AI workloads — new switches, tighter Juniper/Aruba integration, and what sounds like a more coherent unified portfolio than we've seen since the Juniper acquisition closed.

The interesting angle here isn't any single product — it's the integration story. HPE has been sitting on two best-of-breed networking brands for a while now, and the question has always been whether they'd let them cannibalize each other or actually build something cohesive. The Discover announcements suggest the latter is finally happening: shared management planes, AI-optimized fabric designs, and hardware built around the bandwidth and latency profiles that GPU clusters actually demand.

What this means for you:

• If you're in a refresh cycle for core or distribution switching, HPE's combined Juniper/Aruba portfolio is worth a serious look — the integration work makes multi-vendor management less painful
• The AI workload focus isn't just marketing; the switch specs (high port density, low-latency fabrics) are legitimately useful for any high-throughput environment, not just hyperscalers
• Ubiquiti shops probably don't need to sweat this one, but enterprise architects evaluating 400G and beyond should get hands-on time with the new gear

I'll be watching to see how the management software story matures — that's historically been the weak link in both the Juniper and Aruba ecosystems.

Physics Called — Your Wi-Fi 7 Router Placement Is the Problem

You paid for Wi-Fi 7. You're getting Wi-Fi 5 performance. The culprit is almost certainly where the router is sitting.

This isn't a new problem, but Wi-Fi 7 makes it worse. The 6 GHz band and 320 MHz channel widths that give Wi-Fi 7 its headline speeds are also significantly more sensitive to physical obstructions than 2.4 or 5 GHz ever were. Walls, corners, and especially the classic "router shoved behind the TV cabinet" setup will absolutely gut your throughput before a single packet hits your ISP.

The XDA piece lays this out well: moving a Wi-Fi 7 router from a corner to a central, elevated, unobstructed position can recover hundreds of megabits of real-world throughput. That's not a firmware update. That's physics.

Practical checklist for UniFi and prosumer router users:

• Central placement beats edge placement every time — aim for geometric center of your coverage area
• Elevation matters: routers on desks outperform routers on floors; ceiling-mounted APs outperform both
• Keep the router away from microwaves, cordless phones, and dense metal objects (yes, that includes your NAS sitting six inches away)
• If you're running UniFi, use the RF environment scanner in the controller to visualize interference before you commit to a mounting location
• For multi-story homes, a ceiling-mounted U7 Pro on each floor will beat one powerful router in the basement every time

The best Wi-Fi 7 upgrade you can make this week costs nothing — just move the router.

Want this in your inbox? Subscribe here · Follow on LinkedIn · Join the Discord