CVE Watchtower

CVE-2026-13762NVD

Vulnerability Summary

Inconsistent interpretation of HTTP/2 requests in Amazon CloudFront with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via crafted HTTP/2 requests that fragment the request body across frames so that only a partial body is inspected.

This issue was remediated server-side. No customer action is required.

Severity Level

CRITICAL(9.8)

Published Date

Jun 29, 2026

Last Modified

Jun 29, 2026

Exploitation Status

No confirmed exploitation yet

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

N/A

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://aws.amazon.com/security/security-bulletins/2026-048-aws/

🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

CVE-2026-48558CVSS 10.0
SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication...
Admin intel🗓 Updated: Jun 29, 2026
CVE-2026-46817CVSS 9.8
Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected...
Admin intel🗓 Updated: Jun 29, 2026
CVE-2026-28496CVSS 9.4
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template...
Admin intel🗓 Updated: Jun 25, 2026
CVE-2026-20230CVSS 8.6
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified...
Admin intel🗓 Updated: Jun 22, 2026
CVE-2026-4020CVSS 7.5
The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and...
Admin intel🗓 Updated: Jun 17, 2026
CVE-2026-10735
Multiple plugins by ShapedPlugin contain a backdoor in various versions. This makes it possible for unauthenticated attackers to...
Admin intel🗓 Updated: Jun 16, 2026
CVE-2026-20262CVSS 6.5
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated,...
Admin intel🗓 Updated: Jun 15, 2026
CVE-2026-54420CVSS 8.5
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a...
Admin intel🗓 Updated: Jun 15, 2026