CVE-2026-51287

5/8 Action 4: Apply Critical Patches (24-Hour Priority) • Okta Identity Cloud CVE-2026-51287: Critical authentication bypass actively exploited April 18–19, 2026; affects workforce and customer identity flows. Patch all tenants per CISA directive issued April 19. • Elastic Stack (Elasticsearch + Kibana): Two unauthenticated RCE flaws added to CISA KEV catalog on April 19, 2026. • Microsoft Exchange Online: Apply follow-on patches from yesterday’s (April 18) disclosure; monitor hybrid environments for secondary exploitation. Immediate steps: • Deploy patches immediately. • Enable just-in-time admin access across identity platforms. • Audit Elastic/Kibana deployments. Reference: CISA KEV catalog (April 19, 2026) + NIST vulnerability guidelines.