Published June 16, 2026 | By Sanjay Seth — Cybersecurity Expert, Delhi NCR

This week has been brutal for security teams. Between a Cisco SD-WAN Manager flaw under active attack, Microsoft’s record-breaking 206-patch Tuesday, and a Chrome zero-day being exploited in the wild — the pace of disclosures is outstripping most teams’ ability to respond.

Here’s everything you need to know, prioritized by what actually matters for Indian enterprises and managed service providers.

1. ⚠️ Cisco SD-WAN Manager (CVE-2026-20262) — Actively Exploited

Severity: Medium (CVSS 6.5) | Status: Active exploitation in the wild

Cisco confirmed that CVE-2026-20262, a path traversal flaw in Catalyst SD-WAN Manager (formerly vManage), is under active exploitation. An authenticated attacker can create or overwrite any file on the filesystem by sending crafted HTTP requests to an API endpoint — and escalate to root privileges.

Who’s affected: Any organisation running Cisco SD-WAN with Catalyst SD-WAN Manager. If you’re managing SD-WAN deployments in India using Cisco, this is a patch-today item.

Action: Update to the latest Cisco SD-WAN Manager release immediately. Restrict API endpoint access to trusted IPs.

Need help assessing your SD-WAN security posture? Our team at P J Networks provides Cisco SD-WAN hardening and managed NOC services for enterprises across Delhi NCR and India. Get in touch →

2. 🔴 Microsoft Patch Tuesday — Record 206 Flaws, 3 Zero-Days

Severity: 39 Critical, 167 Important | Zero-days: 3 publicly disclosed

Microsoft’s June 2026 Patch Tuesday broke records with 206 vulnerabilities patched. Among them:

  • CVE-2026-45657 (CVSS 9.8): Use-after-free in Windows Kernel — remote code execution. This is the headline fix.
  • 3 publicly disclosed zero-days: One in Windows Kernel, one in Windows LDAP, and one in Windows DHCP — all with known exploit paths.
  • 56 RCE bugs across the stack (Windows, Office, Edge, SharePoint, Exchange).

For Indian enterprises running hybrid environments, the Windows Kernel RCE is especially concerning — it doesn’t require authentication and can be triggered remotely. If your patching cycle is monthly, this is the month to accelerate.

Struggling with patch management at scale? P J Networks SOC services include continuous vulnerability monitoring, patch validation, and SIEM correlation. Talk to us →

3. 🚨 Chrome Zero-Day (CVE-2026-11645) — Exploited in the Wild

Severity: High (CVSS 8.8) | Component: V8 JavaScript Engine

Google patched 74 Chrome vulnerabilities in its June update, including CVE-2026-11645 — an out-of-bounds memory access in V8 with active exploits. Combined with the Microsoft patch dump, endpoint teams are looking at a heavy update cycle this week.

4. 🔥 Oracle PeopleSoft Zero-Day (CVE-2026-35273, CVSS 9.8) — ShinyHunters

Severity: Critical (CVSS 9.8) | Status: Exploited by ShinyHunters against universities

The ShinyHunters extortion crew exploited an unpatched Oracle PeopleSoft flaw — CVE-2026-35273 — as a zero-day, breaching university systems through the Environment Management Hub (PSEMHUB). No authentication needed, just HTTP access. If you have PeopleTools 8.61 or 8.62 exposed to the internet, lock it down today.

5. 🛡️ Langflow (CVE-2026-5027) — Path Traversal Under Active Attack

Severity: High (CVSS 8.8) | Status: Active exploitation

An unpatched path traversal vulnerability in Langflow, an open-source low-code AI platform, is being actively exploited. The POST /api/v2/files endpoint doesn’t sanitise the filename parameter, allowing arbitrary file writes via path traversal sequences.

What This Means for Indian Enterprises

Here’s the pattern I’ve seen across 1,000+ organisations I’ve worked with in Delhi NCR and across India:

  1. Patch velocity is the new competitive advantage. With AI-powered vulnerability discovery (Anthropic’s Mythos model alone found 10,000+ critical CVEs in a month), the gap between disclosure and exploitation is now hours, not months.
  2. Your WAF is only as good as its rule set. Cisco SD-WAN Manager, Langflow, and PeopleSoft all share a common thread: exposed management interfaces. A properly tuned WAF with virtual patching buys you time while permanent fixes are deployed.
  3. Network segmentation is your last line of defence. When a zero-day hits, your firewall rules, micro-segmentation, and NOC visibility determine whether a single CVE becomes a full-blown incident. This is where NMS/SIEM convergence matters most.

Need a security architecture review for your Delhi NCR or pan-India deployment? Sanjay Seth — cybersecurity expert in Delhi NCR — provides independent consulting on firewall hardening, WAF tuning, NOC/SOC design, and zero-trust architecture. Book a working session →

Summary Action Plan for CISOs

CVE / Issue Priority Action
Cisco SD-WAN Manager 🔴 Critical Patch immediately; restrict API access
Microsoft Patch Tuesday (206 flaws) 🔴 Critical Prioritise Windows Kernel RCE (CVE-2026-45657)
Chrome 0-Day (CVE-2026-11645) 🟠 High Force browser update across endpoints
Oracle PeopleSoft (CVE-2026-35273) 🔴 Critical Air-gap PSEMHUB; patch if exposed
Langflow (CVE-2026-5027) 🟠 High Disable or isolate Langflow instances
LiteLLM Chain (CVSS 9.9) 🟠 High Upgrade to v1.83.14-stable

Related Services from P J Networks

Based in Delhi NCR, P J Networks provides managed security services including:

  • Fortinet Firewall Deployment & Hardening — NSE-certified engineers for Security Fabric architecture
  • 24×7 NOC Services — Real-time monitoring with proactive alerting and SLA-backed response
  • SOC / SIEM Services — MITRE ATT&CK-aligned threat detection with 180-day log retention (CERT-In compliant)
  • Vulnerability Assessment & Patch Management — Continuous scanning with prioritised remediation

Sanjay Seth is a cybersecurity expert in Delhi NCR with 30+ years of experience securing enterprise networks. He is the CEO of P J Networks, a Fortinet MSSP-level partner serving organisations across India. Contact him here →