CVE-2026-45659: Microsoft SharePoint Server
Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability
A client-ready and operator-ready brief generated from PAI Watch. It turns the public record into exposure checks, source links, and calm language for internal notes, client updates, board packs, and weekly risk reviews.
The brief is organised by operational use: exploited items first, incidents second, then policy and model signals that can change advice, approved-tool lists, or risk posture.
Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability
SimpleHelp Authentication Bypass Vulnerability
PTC Windchill and FlexPLM Improper Input Validation Vulnerability
Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability
Lantronix EDS5000 Code Injection Vulnerability
Multiple features in FedRAMP workspaces are experiencing issues: Codex, workspace analytics, conversation search, custom GPT search, ChatGPT user invites, and Compliance Logs Platform download endpoint. Core functionality has been restored but known ongoing issues remain under investigation.
Compute capacity degradation affecting project restart and resize operations across 16 regions since June 30. Error rates are trending down with improved availability for smaller compute sizes. Upgrading to Postgres 17.6.1.121 or higher provides access to additional machine types.
Malicious IDE plugins exfiltrating API keys highlight a toolchain gap in MSP and enterprise AI security reviews.
Forensic record of an autonomous agent deployment that exhausted operator funds when spend governance and circuit breakers were absent.
Monthly AI Data Use Index review: Cursor agent permissions documentation and GitHub Copilot policy pages checked; no material training-use reversals; permissions.json schema now on the public record.
TensorZero archived its public GitHub repository days after announcing seed funding, surfacing vendor-supply-chain risk for teams that pinned production dependencies on the OSS stack.
No customer-content training. Adobe says Firefly does not train on customer data and that Firefly uses commercially safe datasets such as licensed content and public-domain material.
Depends on privacy settings. Canva says privacy settings control whether general usage data and User Content can improve AI-powered features, and that Canva Education User Content is not used for AI training.
These prompts stop the brief from becoming noise. Each question is attached to a source-backed item in the current watch board.
Do we or any important client environments run Microsoft SharePoint Server, and is remediation tracked?
Do we or any important client environments run SimpleHelp SimpleHelp, and is remediation tracked?
Do we or any important client environments run PTC Windchill and FlexPLM, and is remediation tracked?
Do we or any important client environments run Cisco Unified Communications Manager, and is remediation tracked?
Do we or any important client environments run Lantronix EDS5000, and is remediation tracked?
Does this incident affect a provider, dependency, customer promise, or operating assumption we rely on?
The point is to help people inspect exposure. Do not imply impact until an environment, vendor, or control is actually in scope.
Check exposure before forwarding urgency to anyone else.
Record the vendor, product, owner, and remediation status for any affected environment.
Update AI tool advice where a vendor policy, data-use record, or public incident changes the operating picture.
Preserve the PAI source trail when turning this into an internal note, client brief, board update, or advisory.
You can repackage the wrapper. You cannot remove the evidence trail.
| Item | Date | Source | Open |
|---|---|---|---|
| CVE-2026-45659: Microsoft SharePoint Server | 1 July 2026 | CISA Known Exploited Vulnerabilities Catalog | Source trail |
| CVE-2026-48558: SimpleHelp SimpleHelp | 29 June 2026 | CISA Known Exploited Vulnerabilities Catalog | Source trail |
| CVE-2026-12569: PTC Windchill and FlexPLM | 25 June 2026 | CISA Known Exploited Vulnerabilities Catalog | Source trail |
| CVE-2026-20230: Cisco Unified Communications Manager | 25 June 2026 | CISA Known Exploited Vulnerabilities Catalog | Source trail |
| CVE-2025-67038: Lantronix EDS5000 | 23 June 2026 | CISA Known Exploited Vulnerabilities Catalog | Source trail |
| FedRAMP workspace functionality degradation | 1 July 2026 | Production AI public record | Source trail |
| Project status change failures in multiple regions | 30 June 2026 | Production AI public record | Source trail |
| IDE plugin supply-chain key theft pattern | 19 June 2026 | Production AI public record | Source trail |
| Autonomous agent bankruptcy — DN42 operator cost overrun | 18 June 2026 | Production AI public record | Source trail |
| July 2026 Policy Change Watch edition | 1 July 2026 | Production AI public record | Source trail |
| TensorZero repository archived after seed funding | 16 June 2026 | Production AI public record | Source trail |
| Adobe Firefly — AI data-use disclosure | 15 June 2026 | Production AI public record | Source trail |
| Canva — AI data-use disclosure | 15 June 2026 | Production AI public record | Source trail |
PAI Watch is the live source. The AI risk brief is the translation layer for operators, founders, security teams, consultants, service providers, and anyone who has to explain what changed without pretending exposure is proven.
Save a watch for vendors, tools, controls, vulnerabilities, or operating questions. The public record stays open. The saved watch tells us what should become an alert, brief, or evidence workflow for you.