The Week in Vulnerabilities: SharePoint, Fortinet, OpenClaw, and GPL Odorizers

MITRE Techniques

• [T1190 ] Exploit Public-Facing Application – Remote code execution and other vulnerabilities were actively exploited in internet-facing services and platforms. (‘A remote code execution vulnerability in ShowDoc… saw a sharp rise in exploitation’ / ‘CVE-2026-32201 is an actively exploited vulnerability’).
• [T1505.003 ] Web Shell – Attackers deployed web shells on unpatched servers to seize control of documentation and web environments. (‘attackers are reportedly targeting unpatched servers to deploy web shells and seize control of documentation environments’).
• [T1059 ] Command and Scripting Interpreter – Deployed web shells and malicious payloads allowed remote command execution and control. (‘deploy web shells and seize control’ / ‘malicious payload execution’).
• [T1078 ] Valid Accounts – Exposed plaintext authentication data and credential harvesting enabled use of valid accounts for follow-on access. (‘expose sensitive configuration and authentication data in plaintext’ / ‘harvest credentials’).
• [T1021 ] Remote Services – Threat actors moved laterally through connected systems using remote service access after initial compromise. (‘move laterally through connected systems’ / ‘pivot deeper into OT networks’).
• [T1068 ] Exploitation for Privilege Escalation – Vulnerabilities and harvested credentials were used to escalate privileges rapidly within affected environments. (‘an attacker with minimal access could harvest credentials and escalate privileges rapidly’).
• [T1566 ] Phishing – Exploitation of Outlook desktop client could enable or enhance phishing campaigns and delivery of malicious payloads. (‘exploitation may enable phishing enhancement, malicious payload execution’).