OpenSSL 多個漏洞

發佈日期: 2026年06月11日

風險: 中度風險

類型: 保安軟件及應用設備 - 保安軟件及應用設備

於 OpenSSL 中發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發仿冒、遠端執行任意程式碼、阻斷服務狀況、繞過保安限制及敏感資料洩露。

---

影響

• 阻斷服務
• 遠端執行程式碼
• 資料洩露
• 繞過保安限制
• 仿冒

---

受影響之系統或技術

• OpenSSL 1.0.2 版本
• OpenSSL 1.1.1 版本
• OpenSSL 3.0 版本
• OpenSSL 3.4 版本
• OpenSSL 3.5 版本
• OpenSSL 3.6 版本
• OpenSSL 4.0 版本

---

解決方案

在安裝軟體之前，請先瀏覽軟體供應商之網站，以獲得更多詳細資料。

 

• 對於 1.0.2 版本，更新至 1.0.2zq 版本
• 對於 1.1.1 版本，更新至 1.1.1zh 版本
• 對於 3.0 版本，更新至 3.0.21 版本
• 對於 3.4 版本，更新至 3.4.6 版本
• 對於 3.5 版本，更新至 3.5.7 版本
• 對於 3.6 版本，更新至 3.6.3 版本
• 對於 4.0 版本，更新至 4.0.1 版本

---

漏洞識別碼

• CVE-2026-7383
• CVE-2026-9076
• CVE-2026-34180
• CVE-2026-34181
• CVE-2026-34182
• CVE-2026-34183
• CVE-2026-35188
• CVE-2026-42764
• CVE-2026-42765
• CVE-2026-42766
• CVE-2026-42767
• CVE-2026-42768
• CVE-2026-42769
• CVE-2026-42770
• CVE-2026-42771
• CVE-2026-45445
• CVE-2026-45446
• CVE-2026-45447

---

資料來源

• OpenSSL

---

相關連結

• https://openssl-library.org/news/secadv/20260609.txt

OpenSSL Multiple Vulnerabilities

Release Date: 11 Jun 2026

RISK: Medium Risk

TYPE: Security software and application - Security Software & Appliance

Multiple vulnerabilities were identified in OpenSSL. A remote attacker could exploit some of these vulnerabilities to trigger spoofing, remote code execution, denial of service condition, security restriction bypass and sensitive information disclosure on the targeted system.

---

Impact

• Denial of Service
• Remote Code Execution
• Information Disclosure
• Security Restriction Bypass
• Spoofing

---

System / Technologies affected

• OpenSSL version 1.0.2
• OpenSSL version 1.1.1
• OpenSSL version 3.0
• OpenSSL version 3.4
• OpenSSL version 3.5
• OpenSSL version 3.6
• OpenSSL version 4.0

---

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

 

• For version 1.0.2, upgrade to version 1.0.2zq
• For version 1.1.1, upgrade to version 1.1.1zh
• For version 3.0, upgrade to version 3.0.21
• For version 3.4, upgrade to version 3.4.6
• For version 3.5, upgrade to version 3.5.7
• For version 3.6, upgrade to version 3.6.3
• For version 4.0, upgrade to version 4.0.1

---

Vulnerability Identifier

• CVE-2026-7383
• CVE-2026-9076
• CVE-2026-34180
• CVE-2026-34181
• CVE-2026-34182
• CVE-2026-34183
• CVE-2026-35188
• CVE-2026-42764
• CVE-2026-42765
• CVE-2026-42766
• CVE-2026-42767
• CVE-2026-42768
• CVE-2026-42769
• CVE-2026-42770
• CVE-2026-42771
• CVE-2026-45445
• CVE-2026-45446
• CVE-2026-45447

---

Source

• OpenSSL

---

Related Link

• https://openssl-library.org/news/secadv/20260609.txt

Adobe 每月保安更新 (2026年6月)

發佈日期: 2026年06月10日

風險: 中度風險

類型: 用戶端 - 辦公室應用

Adobe已為產品提供本月保安更新：

 

受影響產品	風險程度	影響	備註	詳情（包括 CVE）
Adobe Experience Manager	中度風險	跨網站指令碼 遠端執行程式碼 繞過保安限制		APSB26-56
Adobe Experience Manager Forms	中度風險	跨網站指令碼 遠端執行程式碼		APSB26-57
Adobe InDesign	中度風險	遠端執行程式碼 阻斷服務 資料洩露		APSB26-58
Adobe InCopy	中度風險	遠端執行程式碼		APSB26-59
Substance 3D Sampler	中度風險	遠端執行程式碼		APSB26-60
Content Credentials SDK	中度風險	阻斷服務 篡改		APSB26-61
Adobe Dreamweaver	中度風險	遠端執行程式碼 資料洩露		APSB26-62
Adobe Acrobat Reader	中度風險	遠端執行程式碼 阻斷服務		APSB26-63
Adobe ColdFusion	中度風險	遠端執行程式碼 繞過保安限制 權限提升 資料洩露 跨網站指令碼		APSB26-64
Adobe Format Plugins	中度風險	遠端執行程式碼		APSB26-65
Adobe Campaign Classic	中度風險	遠端執行程式碼		APSB26-66

 

「極高度風險」產品數目：0

「高度風險」產品數目：0

「中度風險」產品數目：11

「低度風險」產品數目：0

整體「風險程度」評估：中度風險

---

影響

• 遠端執行程式碼
• 繞過保安限制
• 阻斷服務
• 跨網站指令碼
• 篡改
• 權限提升
• 資料洩露

---

受影響之系統或技術

• Adobe Experience Manager (AEM) AEM Cloud Service (CS)
• Adobe Experience Manager (AEM) 6.5 LTS SP1 及以前版本
• Adobe Experience Manager (AEM) SP24 及以前版本
• Adobe Experience Manager 6.5 LTS SP1 及以前版本
• Adobe Experience Manager 6.5 6.5.24.0 及以前版本
• Adobe InDesign ID21.3 及以前版本
• Adobe InDesign ID20.5.3 及以前版本
• Adobe InCopy  21.3 及以前版本
• Adobe InCopy  20.5.3 及以前版本
• Adobe Substance 3D Sampler 6.0.0 及以前版本
• Content Credentials JS SDK @contentauth/c2pa-web@0.7.1 及以前版本
• Content Credentials Rust SDK c2pa-v0.80.1 及以前版本
• Adobe Dreamweaver  21.7 及以前版本
• Adobe Acrobat 26.001.21651 及以前版本
• Acrobat Reader 26.001.21651 及以前版本
• Acrobat 2024 24.001.30365 及以前版本
• ColdFusion 2025 Update 8 及以前版本
• ColdFusion 2023 Update 19 及以前版本
• Adobe Format Plugins 1.1.2 及以前版本
• Adobe Campaign Classic ACC v7: 7.4.3 build 9394 及以前版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

• 安裝供應商提供的修補程式。個別產品詳情可參考上表「詳情」一欄或執行軟件更新。

---

漏洞識別碼

• https://www.cvedetails.com/vulnerability-list.php?vendor_id=53&year=2026&month=06

---

資料來源

• Adobe

---

相關連結

• https://helpx.adobe.com/security.html/security/security-bulletin.html

Adobe Monthly Security Update (June 2026)

Release Date: 10 Jun 2026

RISK: Medium Risk

TYPE: Clients - Productivity Products

Adobe has released monthly security update for their products:

 

Vulnerable Product	Risk Level	Impacts	Notes	Details (including CVE)
Adobe Experience Manager	Medium Risk	Cross-site Scripting Remote Code Execution Security Restriction Bypass		APSB26-56
Adobe Experience Manager Forms	Medium Risk	Cross-site Scripting Remote Code Execution		APSB26-57
Adobe InDesign	Medium Risk	Remote Code Execution Denial of Service Information Disclosure		APSB26-58
Adobe InCopy	Medium Risk	Remote Code Execution		APSB26-59
Substance 3D Sampler	Medium Risk	Remote Code Execution		APSB26-60
Content Credentials SDK	Medium Risk	Denial of Service Data Manipulation		APSB26-61
Adobe Dreamweaver	Medium Risk	Remote Code Execution Information Disclosure		APSB26-62
Adobe Acrobat Reader	Medium Risk	Remote Code Execution Denial of Service		APSB26-63
Adobe ColdFusion	Medium Risk	Remote Code Execution Security Restriction Bypass Elevation of Privilege Information Disclosure Cross-site Scripting		APSB26-64
Adobe Format Plugins	Medium Risk	Remote Code Execution		APSB26-65
Adobe Campaign Classic	Medium Risk	Remote Code Execution		APSB26-66

 

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 0

Number of 'Medium Risk' product(s): 11

Number of 'Low Risk' product(s): 0

Evaluation of overall 'Risk Level': Medium Risk

---

Impact

• Remote Code Execution
• Security Restriction Bypass
• Denial of Service
• Cross-Site Scripting
• Data Manipulation
• Elevation of Privilege
• Information Disclosure

---

System / Technologies affected

• Adobe Experience Manager (AEM) AEM Cloud Service (CS)
• Adobe Experience Manager (AEM) 6.5 LTS SP1 and earlier versions
• Adobe Experience Manager (AEM) SP24 and earlier versions
• Adobe Experience Manager 6.5 LTS SP1 and earlier versions
• Adobe Experience Manager 6.5 6.5.24.0 and earlier versions
• Adobe InDesign ID21.3 and earlier versions
• Adobe InDesign ID20.5.3 and earlier versions
• Adobe InCopy  21.3 and earlier versions
• Adobe InCopy  20.5.3 and earlier versions
• Adobe Substance 3D Sampler 6.0.0 and earlier versions
• Content Credentials JS SDK @contentauth/c2pa-web@0.7.1 and earlier versions
• Content Credentials Rust SDK c2pa-v0.80.1 and earlier versions
• Adobe Dreamweaver  21.7 and earlier versions
• Adobe Acrobat 26.001.21651 and earlier versions
• Acrobat Reader 26.001.21651 and earlier versions
• Acrobat 2024 24.001.30365 and earlier versions
• ColdFusion 2025 Update 8 and earlier versions
• ColdFusion 2023 Update 19 and earlier versions
• Adobe Format Plugins 1.1.2 and earlier versions
• Adobe Campaign Classic ACC v7: 7.4.3 build 9394 and earlier versions

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

• Apply fixes issued by the vendor. Please refer to 'Details' column in the above table for details of individual product update or run software update.

---

Vulnerability Identifier

• https://www.cvedetails.com/vulnerability-list.php?vendor_id=53&year=2026&month=06

---

Source

• Adobe

---

Related Link

• https://helpx.adobe.com/security.html/security/security-bulletin.html

微軟每月保安更新 (2026年6月)

發佈日期: 2026年06月10日

風險: 中度風險

類型: 操作系統 - 視窗操作系統

微軟已為產品提供本月保安更新：

 

受影響產品	風險程度	影響	備註
Apps	中度風險	權限提升 仿冒 繞過保安限制 遠端執行程式碼 資料洩露
Azure	中度風險	資料洩露 遠端執行程式碼 仿冒 權限提升
瀏覽器	中度風險	資料洩露
開發者工具	中度風險	權限提升 篡改 繞過保安限制 阻斷服務 資料洩露
延伸安全性更新 (ESU)	中度風險	權限提升 仿冒 資料洩露 遠端執行程式碼 阻斷服務 繞過保安限制 篡改
微軟 Dynamics	中度風險	權限提升
微軟 Office	中度風險	仿冒 遠端執行程式碼 資料洩露 繞過保安限制 權限提升
Server Software	中度風險	仿冒 資料洩露 權限提升 遠端執行程式碼	CVE-2026-45585 的概念驗證碼已被公開。該漏洞可讓本地攻擊者繞過 Microsoft BitLocker 加密來存取資料。該漏洞又被稱爲「YellowKey」。
視窗	中度風險	權限提升 資料洩露 阻斷服務 遠端執行程式碼 仿冒 繞過保安限制 篡改	CVE-2026-45585 的概念驗證碼已被公開。該漏洞可讓本地攻擊者繞過 Microsoft BitLocker 加密來存取資料。該漏洞又被稱爲「YellowKey」。

 

「極高度風險」產品數目：0

「高度風險」產品數目：0

「中度風險」產品數目：9

「低度風險」產品數目：0

整體「風險程度」評估：中度風險

---

影響

• 仿冒
• 遠端執行程式碼
• 權限提升
• 繞過保安限制
• 資料洩露
• 篡改
• 阻斷服務

---

受影響之系統或技術

• Apps
• Azure
• 瀏覽器
• 開發者工具
• 延伸安全性更新 (ESU)
• 微軟 Dynamics
• 微軟 Office
• Server Software
• 視窗

---

解決方案

在安裝軟體之前，請先瀏覽軟體供應商之網站，以獲得更多詳細資料。

• 安裝軟件供應商提供的修補程式。

---

漏洞識別碼

• https://www.cvedetails.com/vulnerability-list.php?vendor_id=26&year=2026&month=06

---

資料來源

• Microsoft

---

相關連結

• https://msrc.microsoft.com/update-guide/releaseNote/2026-Jun

Microsoft Monthly Security Update (June 2026)

Release Date: 10 Jun 2026

RISK: Medium Risk

TYPE: Operating Systems - Windows OS

Microsoft has released monthly security update for their products:

 

Vulnerable Product	Risk Level	Impacts	Notes
Apps	Medium Risk	Elevation of Privilege Spoofing Security Restriction Bypass Remote Code Execution Information Disclosure
Azure	Medium Risk	Information Disclosure Remote Code Execution Spoofing Elevation of Privilege
Browser	Medium Risk	Information Disclosure
Developer Tools	Medium Risk	Elevation of Privilege Data Manipulation Security Restriction Bypass Denial of Service Information Disclosure
Extended Security Updates (ESU)	Medium Risk	Elevation of Privilege Spoofing Information Disclosure Remote Code Execution Denial of Service Security Restriction Bypass Data Manipulation
Microsoft Dynamics	Medium Risk	Elevation of Privilege
Microsoft Office	Medium Risk	Spoofing Remote Code Execution Information Disclosure Security Restriction Bypass Elevation of Privilege
Server Software	Medium Risk	Spoofing Information Disclosure Elevation of Privilege Remote Code Execution	Proof of Concept exploit code is publicly available for CVE-2026-45585. This vulnerability allows local attacker to bypass Microsoft BitLocker encryption to access data. This vulnerability is also known as "YellowKey".
Windows	Medium Risk	Elevation of Privilege Information Disclosure Denial of Service Remote Code Execution Spoofing Security Restriction Bypass Data Manipulation	Proof of Concept exploit code is publicly available for CVE-2026-45585. This vulnerability allows local attacker to bypass Microsoft BitLocker encryption to access data. This vulnerability is also known as "YellowKey".

 

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 0

Number of 'Medium Risk' product(s): 9

Number of 'Low Risk' product(s): 0

Evaluation of overall 'Risk Level': Medium Risk

---

Impact

• Spoofing
• Remote Code Execution
• Elevation of Privilege
• Security Restriction Bypass
• Information Disclosure
• Data Manipulation
• Denial of Service

---

System / Technologies affected

• Apps
• Azure
• Browser
• Developer Tools
• Extended Security Updates (ESU)
• Microsoft Dynamics
• Microsoft Office
• Server Software
• Windows

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

•  Apply fixes issued by the vendor.

---

Vulnerability Identifier

• https://www.cvedetails.com/vulnerability-list.php?vendor_id=26&year=2026&month=06

---

Source

• Microsoft

---

Related Link

• https://msrc.microsoft.com/update-guide/releaseNote/2026-Jun

Apache HTTP Server 多個漏洞

發佈日期: 2026年06月10日

風險: 中度風險

類型: 伺服器 - 網站伺服器

於 Apache 產品發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發權限提升、阻斷服務狀況、資料篡改、跨網站指令碼及敏感資料洩露。

---

影響

• 阻斷服務
• 跨網站指令碼
• 資料洩露
• 權限提升
• 篡改

---

受影響之系統或技術

• Apache HTTP Server 2.4.68 之前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

• Apache HTTP Server 2.4.68 版本

---

漏洞識別碼

• CVE-2026-29167
• CVE-2026-29170
• CVE-2026-34355
• CVE-2026-34356
• CVE-2026-42535
• CVE-2026-42536
• CVE-2026-43951
• CVE-2026-44119
• CVE-2026-44185
• CVE-2026-44186
• CVE-2026-44631
• CVE-2026-48913
• CVE-2026-49975

---

資料來源

• Apache

---

相關連結

• https://httpd.apache.org/security/vulnerabilities_24.html#2.4.68

Apache HTTP Server Multiple Vulnerabilities

Release Date: 10 Jun 2026

RISK: Medium Risk

TYPE: Servers - Web Servers

Multiple vulnerabilities were identified in Apache HTTP Server. A remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege, denial of service condition, data manipulation, cross-site scripting and sensitive information disclosure on the targeted system.

---

Impact

• Denial of Service
• Cross-Site Scripting
• Information Disclosure
• Elevation of Privilege
• Data Manipulation

---

System / Technologies affected

• Apache HTTP Server versions prior to 2.4.68

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• Apache HTTP Server version 2.4.68

---

Vulnerability Identifier

• CVE-2026-29167
• CVE-2026-29170
• CVE-2026-34355
• CVE-2026-34356
• CVE-2026-42535
• CVE-2026-42536
• CVE-2026-43951
• CVE-2026-44119
• CVE-2026-44185
• CVE-2026-44186
• CVE-2026-44631
• CVE-2026-48913
• CVE-2026-49975

---

Source

• Apache

---

Related Link

• https://httpd.apache.org/security/vulnerabilities_24.html#2.4.68

Microsoft Edge 多個漏洞

發佈日期: 2026年06月10日

風險: 中度風險

類型: 用戶端 - 瀏覽器

於 Microsoft Edge 發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發遠端執行任意程式碼、阻斷服務狀況、權限提升、繞過保安限制及敏感資料洩露。

 

---

影響

• 資料洩露
• 阻斷服務
• 遠端執行程式碼
• 權限提升
• 繞過保安限制

---

受影響之系統或技術

• Microsoft Edge 149.0.4022.53 之前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

安裝軟件供應商提供的修補程式：

• 更新至 149.0.4022.53 或之後版本

---

漏洞識別碼

• CVE-2026-10883
• CVE-2026-10892
• CVE-2026-10923
• CVE-2026-10929
• CVE-2026-10934
• CVE-2026-10953
• CVE-2026-10959
• CVE-2026-10967
• CVE-2026-10984
• CVE-2026-11007
• CVE-2026-11010
• CVE-2026-11012
• CVE-2026-11019
• CVE-2026-11029
• CVE-2026-11034
• CVE-2026-11035
• CVE-2026-11045
• CVE-2026-11064
• CVE-2026-11065
• CVE-2026-11072
• CVE-2026-11077
• CVE-2026-11080
• CVE-2026-11082
• CVE-2026-11097
• CVE-2026-11108
• CVE-2026-11119
• CVE-2026-11127
• CVE-2026-11131
• CVE-2026-11145
• CVE-2026-11148
• CVE-2026-11163
• CVE-2026-11167
• CVE-2026-11172
• CVE-2026-11175
• CVE-2026-11178
• CVE-2026-11188
• CVE-2026-11215
• CVE-2026-11226
• CVE-2026-11247
• CVE-2026-11263
• CVE-2026-11270
• CVE-2026-11278
• CVE-2026-11287
• CVE-2026-11290
• CVE-2026-11291
• CVE-2026-11295
• CVE-2026-11297

---

資料來源

• Microsoft Edge

---

相關連結

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-10883
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-10892
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-10923
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-10929
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-10934
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-10953
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-10959
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-10967
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-10984
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11007
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11010
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11012
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11019
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11029
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11034
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11035
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11045
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11064
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11065
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11072
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11077
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11080
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11082
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11097
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11108
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11119
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11127
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11131
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11145
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11148
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11163
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11167
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11172
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11175
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11178
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11188
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11215
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11226
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11247
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11263
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11270
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11278
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11287
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11290
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11291
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11295
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11297

Microsoft Edge Multiple Vulnerabilities

Release Date: 10 Jun 2026

RISK: Medium Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, denial of service condition, elevation of privilege, security restriction bypass and sensitive information disclosure on the targeted system.

---

Impact

• Information Disclosure
• Denial of Service
• Remote Code Execution
• Elevation of Privilege
• Security Restriction Bypass

---

System / Technologies affected

• Microsoft Edge version prior to 149.0.4022.53

---

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

• Update to version 149.0.4022.53 or later

---

Vulnerability Identifier

• CVE-2026-10883
• CVE-2026-10892
• CVE-2026-10923
• CVE-2026-10929
• CVE-2026-10934
• CVE-2026-10953
• CVE-2026-10959
• CVE-2026-10967
• CVE-2026-10984
• CVE-2026-11007
• CVE-2026-11010
• CVE-2026-11012
• CVE-2026-11019
• CVE-2026-11029
• CVE-2026-11034
• CVE-2026-11035
• CVE-2026-11045
• CVE-2026-11064
• CVE-2026-11065
• CVE-2026-11072
• CVE-2026-11077
• CVE-2026-11080
• CVE-2026-11082
• CVE-2026-11097
• CVE-2026-11108
• CVE-2026-11119
• CVE-2026-11127
• CVE-2026-11131
• CVE-2026-11145
• CVE-2026-11148
• CVE-2026-11163
• CVE-2026-11167
• CVE-2026-11172
• CVE-2026-11175
• CVE-2026-11178
• CVE-2026-11188
• CVE-2026-11215
• CVE-2026-11226
• CVE-2026-11247
• CVE-2026-11263
• CVE-2026-11270
• CVE-2026-11278
• CVE-2026-11287
• CVE-2026-11290
• CVE-2026-11291
• CVE-2026-11295
• CVE-2026-11297

---

Source

• Microsoft Edge

---

Related Link

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-10883
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-10892
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-10923
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-10929
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-10934
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-10953
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-10959
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-10967
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-10984
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11007
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11010
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11012
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11019
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11029
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11034
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11035
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11045
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11064
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11065
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11072
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11077
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11080
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11082
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11097
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11108
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11119
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11127
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11131
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11145
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11148
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11163
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11167
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11172
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11175
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11178
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11188
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11215
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11226
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11247
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11263
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11270
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11278
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11287
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11290
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11291
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11295
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11297

Check Point 產品多個漏洞

發佈日期: 2026年06月09日

風險: 中度風險

類型: 保安軟件及應用設備 - 保安軟件及應用設備

於 Check Point 產品發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發繞過保安限制。

 

注意：

CVE-2026-50751 正在被廣泛利用。攻擊者可以利用遠端存取和行動存取憑證驗證中的邏輯流程缺陷繞過使用者身份驗證，並在沒有有效使用者密碼的情況下建立遠端存取 VPN 連線。利用此漏洞必須符合多項前置條件。因此，此漏洞的風險等級被評為中度風險。

---

影響

• 繞過保安限制

---

受影響之系統或技術

• Security Gateways
• Spark Firewalls

對於 CVE-2026-50751

• 易受攻擊的配置
  版本：
  • Security Gateways:
    • R82.10 Jumbo Hotfix Take 19 或以下
    • R82 Jumbo Hotfix Take 103 或以下
    • R81.20 Jumbo Hotfix Take 141 或以下
    • R81.10 (EOS)
    • R81 (EOS)
    • R80.40 (EOS)
  • Spark Firewalls: R80.20.X (EOS), R81.10.X, R82.00.X
  滿足以下前置條件時（必需全部符合）：
  1. VPN Remote Access 或 Mobile Access 已啟用
  2. IKEv1 已啟用以進行遠端訪問
  3. 網關接受舊版遠端存取用戶端
  4. 網關連線不需要機器證書

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

安裝軟件供應商提供的修補程式或緩解措施：

• https://support.checkpoint.com/results/sk/sk185033/
• https://support.checkpoint.com/results/sk/sk185035/

---

漏洞識別碼

• CVE-2026-50751
• CVE-2026-50752

---

資料來源

• Check Point

---

相關連結

• https://blog.checkpoint.com/security/check-point-releases-important-hotfix-for-vulnerabilities-in-deprecated-ikev1-vpn-protocol/
• https://support.checkpoint.com/results/sk/sk185033/
• https://support.checkpoint.com/results/sk/sk185035/

Check Point Products Multiple Vulnerabilities

Release Date: 9 Jun 2026

RISK: Medium Risk

TYPE: Security software and application - Security Software & Appliance

Multiple vulnerabilities were identified in Check Point Products. A remote attacker could exploit some of these vulnerabilities to trigger security restriction bypass on the targeted system.

 

Note: 

CVE-2026-50751 is being exploited in the wild. An attacker can bypass user authentication by exploiting a logic flow weakness in the Remote Access and Mobile Access certificate validation and establish a remote access VPN connection without a valid user password. Successful exploitation requires multiple preconditions to be met. Hence, the risk level is rated as Medium Risk.

---

Impact

• Security Restriction Bypass

---

System / Technologies affected

• Security Gateways
• Spark Firewalls

For CVE-2026-50751

• Vulnerable Configurations
  Versions:
  • Security Gateways:
    • R82.10 Jumbo Hotfix Take 19 or below
    • R82 Jumbo Hotfix Take 103 or below
    • R81.20 Jumbo Hotfix Take 141 or below
    • R81.10 (EOS)
    • R81 (EOS)
    • R80.40 (EOS)
  • Spark Firewalls: R80.20.X (EOS), R81.10.X, R82.00.X
  When (all required) :
  1. VPN Remote Access or Mobile Access is enabled
  2. IKEv1 is enabled for remote access
  3. Gateways accept legacy Remote Access clients
  4. Gateways do not demand a machine certificate for connections

---

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes or mitigations issued by the vendor:

• https://support.checkpoint.com/results/sk/sk185033/
• https://support.checkpoint.com/results/sk/sk185035/

---

Vulnerability Identifier

• CVE-2026-50751
• CVE-2026-50752

---

Source

• Check Point

---

Related Link

• https://blog.checkpoint.com/security/check-point-releases-important-hotfix-for-vulnerabilities-in-deprecated-ikev1-vpn-protocol/
• https://support.checkpoint.com/results/sk/sk185033/
• https://support.checkpoint.com/results/sk/sk185035/

Google Chrome 多個漏洞

發佈日期: 2026年06月09日

風險: 極高度風險

類型: 用戶端 - 瀏覽器

於 Google Chrome 發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發遠端執行任意程式碼、阻斷服務狀況、權限提升、繞過保安限制及敏感資料洩露。

 

注意：

CVE-2026-11645 正在被廣泛利用。遠端攻擊者可以利用此漏洞，透過特製的 HTML 頁面在沙箱環境中執行任意程式碼。因此，此漏洞的風險等級被評為極高度風險。

---

影響

• 資料洩露
• 阻斷服務
• 遠端執行程式碼
• 權限提升
• 繞過保安限制

---

受影響之系統或技術

• Google Chrome 149.0.7827.102 (Linux) 之前的版本
• Google Chrome 149.0.7827.102/.103 (Mac) 之前的版本
• Google Chrome 149.0.7827.102/.103 (Windows) 之前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

安裝軟件供應商提供的修補程式：

• 更新至 149.0.7827.102 (Linux) 或之後版本
• 更新至 149.0.7827.102/.103 (Mac) 或之後版本
• 更新至 149.0.7827.102/.103 (Windows) 或之後版本

---

漏洞識別碼

• CVE-2026-11628
• CVE-2026-11629
• CVE-2026-11630
• CVE-2026-11631
• CVE-2026-11632
• CVE-2026-11633
• CVE-2026-11634
• CVE-2026-11635
• CVE-2026-11636
• CVE-2026-11637
• CVE-2026-11638
• CVE-2026-11639
• CVE-2026-11640
• CVE-2026-11641
• CVE-2026-11642
• CVE-2026-11643
• CVE-2026-11644
• CVE-2026-11645
• CVE-2026-11646
• CVE-2026-11647
• CVE-2026-11648
• CVE-2026-11649
• CVE-2026-11650
• CVE-2026-11651
• CVE-2026-11652
• CVE-2026-11653
• CVE-2026-11654
• CVE-2026-11655
• CVE-2026-11656
• CVE-2026-11657
• CVE-2026-11658
• CVE-2026-11659
• CVE-2026-11660
• CVE-2026-11661
• CVE-2026-11662
• CVE-2026-11663
• CVE-2026-11664
• CVE-2026-11665
• CVE-2026-11666
• CVE-2026-11667
• CVE-2026-11668
• CVE-2026-11669
• CVE-2026-11670
• CVE-2026-11671
• CVE-2026-11672
• CVE-2026-11673
• CVE-2026-11674
• CVE-2026-11675
• CVE-2026-11676
• CVE-2026-11677
• CVE-2026-11678
• CVE-2026-11679
• CVE-2026-11680
• CVE-2026-11681
• CVE-2026-11682
• CVE-2026-11683
• CVE-2026-11684
• CVE-2026-11685
• CVE-2026-11686
• CVE-2026-11687
• CVE-2026-11688
• CVE-2026-11689
• CVE-2026-11690
• CVE-2026-11691
• CVE-2026-11692
• CVE-2026-11693
• CVE-2026-11694
• CVE-2026-11695
• CVE-2026-11696
• CVE-2026-11697
• CVE-2026-11698
• CVE-2026-11699
• CVE-2026-11700
• CVE-2026-11701

---

資料來源

• Google Chrome

---

相關連結

• https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html