Top/Articles/July 8, 2026 Security Vulnerability Roundup: Plesk, ArcGIS, Self-Hosted AI Tools and More — Does It Affect You?
cve-digest-2026-07-08-cover-en

July 8, 2026 Security Vulnerability Roundup: Plesk, ArcGIS, Self-Hosted AI Tools and More — Does It Affect You?

A one-day roundup of the July 8, 2026 vulnerabilities we did not cover individually. Eleven items including 9Router and Plesk, organized so you can judge relevance by whether a login is required. Actively exploited and KEV-listed items are flagged, and we explain what ordinary users must act on now.

NewsPublished July 8, 2026 Updated today
Table of contents
Key takeaways

A one-day roundup of the July 8, 2026 vulnerabilities we did not cover individually. Eleven items including 9Router and Plesk, organized so you can judge relevance by whether a login is required. Actively exploited and KEV-listed items are flagged, and we explain what ordinary users must act on now.

This article rounds up, in one place, the vulnerabilities disclosed on July 8, 2026 in the global vulnerability database (NVD) and Japan's JVN that we chose not to cover as standalone breaking news. We left them out of individual articles because most of them cannot be abused indiscriminately against ordinary users: they require a specific privilege, or only affect people who self-host a particular product. Even so, they can cause real harm when the conditions line up. Check here whether a product you use is on the list.

Note that the broadly impactful, "patch now" flaws found on the same day each got their own article: the takeover flaws in two Joomla page-building tools, and the Adobe ColdFusion flaw being formally added to KEV. Below are the rest — the "dangerous under certain conditions" flaws.

July 8 vulnerability list

The "attack prerequisite" column doubles as your "does this affect me?" guide. No-login items are broad in reach; those needing a privilege or local access affect a limited set. Severity is out of 10.

CVEProductTypeSeverityPrerequisiteStatus
CVE-2026-598009RouterCommand injection9.8No loginExploited・PoC
CVE-2026-13019Esri Portal
for ArcGIS
Missing auth9.8No loginNo exploit seen
CVE-2026-58473CogneeMissing auth9.1No loginNo exploit seen
CVE-2026-59706mem0Missing auth9.3No loginNo exploit seen
CVE-2026-59707LocalAISSRF8.6No loginNo exploit seen
CVE-2026-55418FastGPTAuthorization bypass8.6No loginNo exploit seen
CVE-2026-56843PleskCredential exposure9.9Login
(co-tenant)
No exploit seen
CVE-2026-55255LangflowCross-user
execution
9.9LoginKEV listed
CVE-2026-23697Vtiger CRMUnrestricted
file upload
8.8LoginPoC exists
CVE-2026-46354CoderSignature check flaw9.1Insider infoNo exploit seen
CVE-2026-55429CoderAuthorization bypass8.7High privilegeNo exploit seen
CVE-2026-56437
+1 more
Fuji Electric
Pupsman
DLL loading flaw8.4Local file
on the PC
No exploit seen

Exploitable without a login (low bar)

These can be launched without the attacker logging in. Still, every target here is someone who stands up and runs a server or tool themselves. The everyday apps and web services ordinary consumers use are not directly at risk.

CVE-2026-59800: routing software "9Router" already under attack

9Router is software for network route control, with an integration for the VPN service Tailscale. The install endpoint for that integration takes the contents of a password field and runs them straight as a server command (OS command injection, CWE-78), exploitable with no login. Rated 9.8, it is the only item in today's list already seen under real attack (the monitoring group Shadowserver observed exploitation on July 4, 2026, and PoC code exists). If you run 9Router on a public server, update to the latest version as the top priority. Few run it, but its nature is the most dangerous here.

CVE-2026-13019: missing auth in mapping platform "Esri Portal for ArcGIS"

ArcGIS is a geographic information system (GIS) widely used by local governments, public infrastructure, and enterprises to handle map data. Its portal feature (version 12.1 and earlier) has a weak password-recovery mechanism (CWE-640) that lets an unauthenticated attacker reach an API that should be protected. Severity is 9.8. No exploitation has been reported yet, but organizations running an internet-facing ArcGIS Portal should check whether they are in scope. Mapping platforms are highly public; a takeover could mean tampered data or exposed internal information.

CVE-2026-58473 / 59706 / 59707 / 55418: missing auth in four self-hosted AI tools

These four are open-source AI development tools you run on your own server, all sharing the same class of flaw: an entry point that should be protected has no login check. Cognee (an AI memory/knowledge-graph framework, CVE-2026-58473) lets an unauthenticated attacker overwrite the LLM provider setting, redirecting AI operations to a system they control. mem0 (an AI memory layer, CVE-2026-59706) leaks LLM API keys in plaintext from an unauthenticated API. LocalAI (a self-hosted inference server, CVE-2026-59707) has an SSRF that uses the server as a relay to arbitrary destinations, and FastGPT (an internal Q&A; platform, CVE-2026-55418) lets attackers read other teams' stored files. The people at risk are the AI developers and internal teams who self-host these. If an API key leaks, it can rack up charges or open a path to internal data. All are fixed in each tool's latest release. This continuing wave against open-source AI infrastructure is worth reading alongside OSS supply-chain trends.

Requires a privilege or special condition

The following need a valid account, a special privilege, or specific insider knowledge to succeed. The severity numbers are high, but they don't fall to indiscriminate scanning — the main threat is an insider or a co-tenant.

CVE-2026-56843: on hosting panel "Plesk," a co-tenant can steal others' data

Plesk is the control panel that hosting customers use to manage sites and email — a staple alongside cPanel. This flaw (CVE-2026-56843, severity 9.9) lets a low-privileged customer sharing the same server reach domains they don't own, steal other customers' FTP passwords in plaintext, and impersonate them. It is not an indiscriminate attack — it assumes a "malicious co-tenant on the same server" — but on shared hosting that is a realistic threat. Hosting providers, and customers on shared plans, should check the vendor's update. Because Plesk is as widely used as cPanel, we may cover it standalone if exploitation spreads.

CVE-2026-55255: cross-user execution in AI tool "Langflow" (KEV listed)

Langflow builds AI processing flows by connecting components. This flaw (CVE-2026-55255, severity 9.9) lets a logged-in user run someone else's flow by supplying its ID, and it is on the U.S. CISA Known Exploited Vulnerabilities (KEV) catalog. Although it is a KEV item, exploitation requires a login, and the target is an organization running Langflow exposed to the outside. Several techniques hit the same entry point; Langflow users need to update (to 1.9.2 or later).

CVE-2026-23697: takeover via file upload in CRM "Vtiger CRM"

Vtiger CRM is open-source software for managing customer and sales activity. This flaw (CVE-2026-23697, severity 8.8) lets a logged-in user slip a dangerous file past the extension check and run commands on the server (CWE-434). Proof-of-concept code exists. Exploitation needs a valid account and a specific server configuration, but if you run Vtiger internally, update to v8.4.0 or later.

CVE-2026-46354 / 55429: two in dev-environment platform "Coder"

Coder provisions developer work environments on a server. Two items landed on July 8. CVE-2026-46354 (severity 9.1) forges a VM identity token via a signature-check flaw, but success needs knowledge of the target VM's identifier and typically prior access. CVE-2026-55429 (severity 8.7) is an authorization bypass only a high-privilege user such as a template author can reach. Neither hits indiscriminately; the main threat is inside a team that self-hosts Coder. Affected-version users should check for updates.

A local-attack, Japan-specific case (Fuji Electric Pupsman)

CVE-2026-56437 / CVE-2026-57895: the installer of UPS management software

Pupsman is Fuji Electric's software for managing a UPS (an uninterruptible power supply that provides power during outages). These two items, reported via Japan's JVN, are in the software's installer: placing a crafted file (a DLL) in the same folder gets it loaded (CWE-427), and if it works, commands run with administrator-level privilege. But the attack succeeds on the local PC, not over the internet, and assumes the attacker can already place a file on that machine. Staff at companies and plants that run a UPS should install version 3.9.0 or later. It's from a Japanese vendor, but the scope is industrial use only.

Bottom line: what an ordinary user must act on today

Despite the high severity numbers, most of the flaws bundled on July 8 target people who self-host a specific product, not the phones and web services ordinary consumers use. For everyday users, there is basically nothing to do right now because of this list.

For those who operate servers or tools, it's different. The already-exploited 9Router (CVE-2026-59800) and the KEV-listed Langflow (CVE-2026-55255) are the top priorities — update today if they apply. You can track actively exploited flaws on the U.S. CISA warning list (KEV dashboard). For the more broadly impactful Joomla page-building tools and Adobe ColdFusion, see their dedicated articles as well.

References

avatar-m-1

Makoto Horikawa

Backend Engineer / AWS / Django