Serial number: AV26-332
Date: April 8, 2026

On April 8, 2026, SonicWall published a security advisory to address vulnerabilities in the following products:

• SMA1000 – version 12.4.3-03245 (platform-hotfix) and prior
• SMA1000 – version 12.5.0-02283 (platform-hotfix) and prior

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• SonicWall SMA1000 Series Appliances Affected By Multiple Vulnerabilities
• SonicWall Security Advisories

Serial number: AV26-331
Date: April 8, 2026

On April 8, 2026, Palo Alto Networks published security advisories to address vulnerabilities in the following products:

• Autonomous Digital Experience Manager 5.11.0 – versions prior to 5.11.4
• Cortex XDR Agent 9.0 – versions prior to 9.0.1 without CU-2120 on Windows
• Cortex XDR Agent 8.9 – versions prior to 8.9.1 without CU-2120 on Windows
• Cortex XDR Agent 8.7-CE – versions prior to 8.7.101-CE without CU-2120 on Windows
• Cortex XDR Agent 8.3-CE – all without CI-2120 on Windows
• Cortex XDR Agent 7.9-CE – all without CI-2120 on Windows
• Cortex XSIAM Microsoft Teams Marketplace 1.5.0 – versions prior to 1.5.52
• Cortex XSOAR Microsoft Teams Marketplace 1.5.0 – versions prior to 1.5.52
• Prisma Browser – versions prior to 145.16.12.110

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations, and apply the necessary updates.

• CVE-2026-0234 Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration
• PAN-SA-2026-0004 Chromium: Monthly Vulnerability Update (April 2026)
• CVE-2026-0233 Autonomous Digital Experience Manager: Improper validation of ADEM certificate
• CVE-2026-0232 Cortex XDR Agent: Local Administrator can disable the agent on Windows
• Palo Alto Network Security Advisories

Serial number: AV26-330
Date: April 8, 2026

On April 8, 2026, Apache published a security advisory to address a vulnerability in the following products:

• Apache ActiveMQ Broker - versions prior to 5.19.4
• Apache ActiveMQ Broker - 6.0.0 versions prior to 6.2.3

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• CVE-2026-34197

Serial number: AV26-068
Date: January 29, 2026
Updated: April 8, 2026

On January 29, 2026, Ivanti published a security advisory to address critical vulnerabilities in the following product:

• Ivanti Endpoint Manager Mobile (EPMM) – version 12.5.0.0 and prior, 12.6.0.0 and prior, 12.7.0.0 and prior, version 12.5.1.0 and prior and 12.6.1.0 and prior

Update 1

On January 29, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-1281 to their Known Exploited Vulnerabilities (KEV) Database.

Update 2

On April 8, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-1340 to their Known Exploited Vulnerabilities (KEV) Database.

Ivanti has stated that vulnerabilities CVE-2026-1281 & CVE-2026-1340 have been exploited in the wild.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2026-1281 & CVE-2026-1340)
• Analysis Guidance Ivanti Endpoint Manager Mobile (EPMM) CVE-2026-1281 & CVE-2026-1340
• Ivanti Security Advisories
• CISA KEV: CVE-2026-1281
• CISA KEV: CVE-2026-1340

Serial number: AV26-329
Date: April 8, 2026

On April 7, 2026, OpenSSL published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• OpenSSL - versions 3.6.0 to versions prior to 3.6.2
• OpenSSL - versions 3.5.0 to versions prior to 3.5.6
• OpenSSL - versions 3.4.0 to versions prior to 3.4.5
• OpenSSL - versions 3.3.0 to versions prior to 3.3.7
• OpenSSL - versions 3.0.0 to versions prior to 3.0.20

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• OpenSSL Vulnerabilities

Serial number: AV26-328
Date: April 8, 2026

On April 7, 2026, Mitel published a security advisory to address vulnerabilities in the following product:

• MiCollab - version 10.2.0.24 and prior

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Mitel Product Security Advisory MISA-2026-0002
• Mitel Security Bulletins

Serial number: AV26-327
Date: April 8, 2026

On April 8, 2026, GitLab published a security advisory to address vulnerabilities in the following products:

• GitLab Community Edition (CE) - versions prior to 18.10.3, 18.9.5 and 18.8.9
• GitLab Enterprise Edition (EE) - versions prior to 18.10.3, 18.9.5 and 18.8.9

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• GitLab Patch GitLab Patch Release: 18.10.3, 18.9.5, 18.8.9
• GitLab Releases

Serial number: AV26-326
Date: April 8, 2026

On April 5, 2026, OpenPrinting published security advisories to address vulnerabilities in the following product:

• Common UNIX Printing Systems (CUPS) - version 2.4.16 and prior

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates once available.

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Spooler Alert: Remote Unauth'd RCE-to-root Chain in CUPS
• Local print admin token disclosure using temporary printers (CVE-2026-34990)
• Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network (CVE-2026-34980)

Serial number: AV26-325
Date: April 8, 2026

On April 7, 2026, HPE published a security advisory to address a vulnerability in the following product:

• HPE Aruba Networking Private 5G Core - version 1.25.3.0 and prior

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• HPESBNW05032 rev.1 - HPE Aruba Networking Private 5G Core On-Prem, Open Redirect Vulnerability
• HPE Security Bulletin Library

Serial number: AV26–324
Date: April 7, 2026

Between March 30 and April 5, 2026, CISA published ICS advisories to address vulnerabilities in the following products:

• Anritsu Remote Spectrum Monitor MS27100 – all versions
• Anritsu Remote Spectrum Monitor MS27101A – all versions
• Anritsu Remote Spectrum Monitor MS27102A – all versions
• Anritsu Remote Spectrum Monitor MS27103A – all versions
• Hitachi Energy Ellipse – version 9.0.50 and prior
• PX4 Autopilot – v1.16.0_SITL_latest_stable (CVE-2026-1579)
• Siemens CPCI85 Central Processing/Communication RTUM85 RTU Base – versions prior to V26.10
• Siemens CPCI85 Central Processing/Communication SICORE Base system – versions prior to V26.10
• Yokogawa CENTUM VP – multiple versions

The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.

• CISA ICS Advisories

Serial number: AV26-323
Date: April 7, 2026

On April 7, 2026, Mozilla published security advisories to address vulnerabilities in the following products:

• Firefox – versions prior to 149.0.2
• Firefox ESR – versions prior to 34.1
• Firefox ESR – versions prior to 9.1

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Security Vulnerabilities fixed in Firefox ESR 140.9.1
• Security Vulnerabilities fixed in Firefox ESR 115.34.1
• Security Vulnerabilities fixed in Firefox 149.0.2
• Mozilla Security Advisories

Serial number: AV26-322
Date: April 7, 2026

Between March 30 and April 5, 2026, Dell published security advisories to address vulnerabilities in multiple products:

• Dell Networking OS10 – versions prior to 10.6.11
• Connectrix Switches and Directors – versions prior to sannav_ova_9x_os_02_2026
• Elastic Cloud Storage – versions prior to 3.8.1.7
• ObjectScale - versions prior to 4.1.0.3 and 4.2.00
• Dell Data Protection Central – versions 19.9 to 19.12 with Data Protection Central OS Update prior to dpc-osupdate-1.1.26-1
• Dell PowerProtect DP Series Appliance – versions prior to 2.7.9 with Data Protection Central OS Update prior to dpc-osupdate-1.1.26-1
• Dell PowerProtect Data Manager – versions prior to 20.1.0.0
• Dell AppSync – versions prior to 4.6.0.4
• Dell APEX Cloud Platform for Microsoft Azure – versions prior to 01.07.01.00
• Unisphere for PowerMax Virtual Appliance – versions prior to 9.2.4.20
• Solutions Enabler – versions prior to 10.3.0.1 and 9.2.4.9
• Solutions Enabler Virtual Appliance – versions prior to 9.2.4.9
• Dell PowerMax EEM 5978 – versions prior to 5978.720.720.11249
• Dell PowerMax EEM 10.3.1.0 – versions prior to 10.3.1.0 patch 11248
• Dell PowerMaxOS 5978 – versions prior to 5978.720.720.11249
• Dell PowerMaxOS 10.3.0.1 – versions prior to 10.3.0.1 patch 11248
• PowerSwitch Z9664F-ON – versions prior to 3.54.5.1-11

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Dell Security advisories and notices

Serial number: AV26-321
Date: April 7, 2026

On April 7, 2026, Hitachi published security advisories to address vulnerabilities in the following products:

• Hitachi Ops Center Common Services (Japanese version) – versions prior to 11.0.8-00
• Hitachi Ops Center Common Services (English version) – versions prior to 11.0.8-00
• Hitachi Ops Center Viewpoint (Japanese version) – versions 11.0.2-00 to versions prior to 11.0.8-00
• Hitachi Ops Center Viewpoint data center proxy (Japanese version) – versions 11.0.2-00 to versions prior to 11.0.8-00
• JP1/IT Desktop Management (Manager) – multiple versions
• Job Management Partner 1/IT Desktop Management (Manager) – multiple versions
• JP1/IT Desktop Management 2 (Manager) – multiple versions
• JP1/IT Desktop Management 2 (Operations Director) – multiple versions
• Job Management Partner 1/IT Desktop Management 2 (Manager) – versions 10-50 to 10-50-11
• JP1/NETM/DM (Manager) – multiple versions
• JP1/NETM/DM (Client) – multiple versions
• Job Management Partner 1/Software Distribution (Manager) – multiple versions
• Job Management Partner 1/Software Distribution (Client) – multiple versions

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.

• Multiple Vulnerabilities in JP1/IT Desktop Management 2 and JP1/NETM/DM
• Multiple Vulnerabilities in Hitachi Ops Center Common Services
• Multiple Vulnerabilities in Hitachi Ops Center Viewpoint
• Hitachi Vulnerability Information

Serial number: AV26-320
Date: April 7, 2026

On April 7, 2026, Erlang published a security advisory to address a vulnerability in the following products:

• inets (OTP) – versions prior to 9.1.0.6, 9.3.2.4 and 9.6.2
• OTP – versions prior to 28.4.2, 27.3.4.10, and 26.2.5.19
• Public_key (OTP) – versions prior to 1.17.1.2 and 1.20.3
• ssl (OTP) – versions prior to 11.2.12.7 and 11.5.4

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• OCSP designated-responder authorization bypass — missing signature verification (RFC 6960 §4.2.2.2)
• ScriptAlias CGI targets bypass `directory` auth (mod_auth vs mod_cgi path mismatch)
• Erlang Security

Serial number: AV26-319
Date: April 7, 2026

On April 2, 2026, VMware published a security advisory to address critical vulnerabilities in the following products:

• VMware Tanzu Data Intelligence – versions prior to MySQL for Kubernetes 2.0.2
• VMware Tanzu Data Services – versions prior to MySQL for Kubernetes 2.0.2
• VMware Tanzu Data Services Pack – versions prior to MySQL for Kubernetes 2.0.2
• VMware Tanzu Data Services Solutions – versions prior to MySQL for Kubernetes 2.0.2
• VMware Tanzu Data Suite – versions prior to MySQL for Kubernetes 2.0.2
• VMware Tanzu for MySQL – versions prior to MySQL for Kubernetes 2.0.2
• VMware Tanzu Platform – versions prior to MySQL for Kubernetes 2.0.2
• Vmware Tanzu Platform SM – versions prior to MySQL for Kubernetes 2.0.2
• VMware Tanzu SQL – versions prior to MySQL for Kubernetes 2.0.2

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Product Release Advisory - VMware Tanzu for MySQL on Kubernetes 2.0.2
• Security Advisories – Tanzu

Serial number: AV26-318
Date: April 7, 2026

Between March 30 and April 5, 2026, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms
• Red Hat Enterprise Linux for Real Time - multiple versions and platforms

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Red Hat Security Advisories

Serial number: AV26-317
Date: April 7, 2026

Between March 30 and April 5, 2026, Ubuntu published security notices to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 18.04 LTS
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 25.10

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Ubuntu Security Notices

Serial number: AV26-316
Date: April 7, 2026

Between March 30 and April 5, 2026, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• API Connect V12 OnPrem - versions 12.1.0.0 and 12.1.0.1
• Automation Assets in IBM Cloud Pak for Integration (CP4I) - multiple versions
• DB2 Client and Server - versions 12.1.0 to 12.1.4
• EDB PGAI AI Factory - version 1.3.0.0
• EDB PGAI Analytics Accelarator - version 1.3.0.0
• EDB PGAI Hybrid Data Management - version 1.3.0.
• EDB PostgreSQL with IBM for IBM Cloud Pak for Data - version 5.3.0
• HMC - versions V10.3.1050.0 to V10.3.1063.1
• HMC - versions V11.1.1110.0 to V11.1.1111.4
• IBM App Connect Enterprise Certified Containers Operands - versions 13.0.6.0-r1 to 13.0.6.2-r1
• IBM App Connect Operator - versions 12.19.0 to 12.21.0
• IBM Business Automation Manager Open Editions - versions 9.0.0 to 9.3.1
• IBM Content Navigator - version 3.0.15, 3.1.0 and 3.2.0
• IBM DataPower Gateway - multiple versions
• IBM Guardium Data Security Center Platform On-prem - version 3.8.7
• IBM Guardium Unified Discovery and Classification (GUDC) - versions 1.0.0 to 1.1.0
• IBM Library Support for Spring - versions 3.4, 3.2.19 and 2.7.31
• IBM Maximo Application Suite IoT Component - version 9.1, 9.0, 8.8 and 8.7
• IBM OpenAPI SDK Generator (Node.js) - version 5.4.9
• IBM Process Mining - versions 2.1.0 IF002, 2.1.0 IF001 and 2.1.0
• IBM Rational Build Forge - versions 8.0.0 to 8.0.0.29
• IBM Security Verify Access - versions 10.0 to 10.0.9.1
• IBM Security Verify Access Container - versions 10.0 to 10.0.9.1
• IBM Storage Protect Plus Server - - versions 10.1.0 to 10.1.17
• IBM Tivoli Netcool Impact - versions 7.1.0.0 to 7.1.0.37
• IBM Verify Identity Access - versions 11.0 to 11.0.2
• IBM Verify Identity Access Container - versions 11.0 to 11.0.2
• IBM Verify Identity Access Digital Credentials - versions 24.06 to 25.12
• IBM watsonx Orchestrate Developer Edition - versions 1.4.0 to 2.6.0
• InfoSphere Information Server - versions 11.7.0.0 to 11.7.1.6
• Maximo AI Service - version 9.1
• Platform Navigator in IBM Cloud Pak for Integration (CP4I) - multiple versions
• UCR IBM DevOps Release - versions 7.0.0 to 7.0.0.6
• UCR IBM UrbanCode Release - versions 6.2.5 to 6.2.5.11

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• IBM Product Security Incident Response

Number: AL26-007
Date: April 7, 2026

Audience

This Alert is intended for IT professionals and managers.

Purpose

An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The Canadian Centre for Cyber Security ("Cyber Centre") is also available to provide additional assistance regarding the content of this Alert to recipients as requested.

Details

The Cyber Centre is aware of a critical vulnerability impacting Fortinet FortiClient Endpoint Management Server (EMS)¹. In response to the vendor advisory released on April 4, 2026, the Cyber Centre released AV26-313 on April 7, 2026^{Footnote 2}.

Tracked as CVE-2026-35616^{Footnote 3}, this vulnerability is an improper access control vulnerability (CWE-284)^{Footnote 4} in Fortinet FortiClientEMS 7.4.5 through 7.4.6 that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

Fortinet FortiClientEMS is a centralized security management solution for Fortinet's endpoint agents (FortiClient). It enables administrators to manage, deploy, and monitor security policies, Zero Trust Network Access (ZTNA) tags, and vulnerability scanning for Windows, macOS, and mobile endpoints, primarily designed for enterprise security.

Further information about the impacted versions of Fortinet instances can be found in the Fortinet advisory^{Footnote 1}.

This vulnerability was added to CISA's Known Exploited Vulnerabilities (KEV) catalog^{Footnote 5} on April 6, 2026.

Suggested actions

The Cyber Centre recommends that organizations using Fortinet FortiClientEMS, review the Fortinet security bulletin^{Footnote 1} and update or upgrade the affected instances to the following versions:

In addition, the Cyber Centre strongly recommends that organizations review and implement the Cyber Centre's Top 10 IT Security Actions with an emphasis on the following topics^{Footnote 8}.

• Patch operating systems and applications
• Harden operating systems and applications
• Isolate web-facing applications

Should activity matching the content of this alert be discovered, recipients are encouraged to report via My Cyber Portal or email contact@cyber.gc.ca.

References

Serial number: AV26-315
Date: April 7, 2026

On April 1, 2026, Microsoft published a security update to address vulnerabilities in the following product:

• Microsoft Edge Stable Channel - versions prior to 146.0.3856.97

Microsoft has indicated that CVE-2026-5281 has an available exploit.

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Microsoft Edge Stable Channel Release Notes

Serial number: AV26-314
Date: April 7, 2026

On April 6, 2026, Android published a security bulletin to address vulnerabilities affecting Android devices.

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Android Security Bulletin

Serial number: AV26-313
Date: April 7, 2026

On April 4, 2026, Fortinet published a security advisory to address a critical vulnerability in the following product:

• FortiClientEMS 7.4 – version 7.4.5 to 7.4.6

On April 6, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-35616 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• API authentication and authorization bypass
• CISA KEV: CVE-2026-35616
• Fortinet PSIRT Advisories

Serial number: AV26-312
Date: April 2, 2026

On April 2, 2026, OpenSSH published a security advisory to address vulnerabilities in the following product:

• OpenSSH - versions prior to 10.3

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• OpenSSH 10.3 Release Notes
• OpenSSH

Serial number: AV26-311
Date: April 2, 2026

On April 2, 2026, Cesanta published a security advisory to address vulnerabilities in the following product:

• Mongoose - versions 7.0 to 7.20

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Cesanta Mongoose
• Mongoose.ws

Serial number: AV26-310
Date: April 2, 2026

On April 2, 2026, Progress published a security advisory to address vulnerabilities in the following product:

• Progress ShareFile - versions prior to v5.12.4 and versions prior to v6

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Security Vulnerability Fix For ShareFile Storage Zones Controller 5.x (February 2026)

Serial number: AV26-309
Date: April 2, 2026

On April 1, 2026, WatchGuard published a security advisory to address a vulnerability in the following products:

• Fireware OS 2025-1 - versions 2025.1 to 2026.1.2

• Fireware OS 12.x - versions 12.6.1 to 12.11.8

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• WatchGuard Firebox Arbitrary File Write via Path Traversal in Fireware Web UI
• WatchGuard Security Advisories

Serial number: AV26-275
Date: March 24, 2026
Updated: April 2, 2026

On March 24, 2026, Apple published security updates to address vulnerabilities in the following products:

• iOS – versions prior to 18.7.7 and versions prior to 26.4
• iPadOS – versions prior to 18.7.7 and versions prior to 26.4
• macOS Sequoia – versions prior to 15.7.5
• macOS Sonoma – versions prior to 14.8.5
• macOS Tahoe – versions prior to 26.4
• tvOS – versions prior to 26.4
• visionOS – versions prior to 26.4
• watchOS – versions prior to 26.4

Update 1
On April 1, 2026 Apple expanded the availability of iOS 18.7.7 for more devices to protect from DarkSword iOS exploit kit web attacks.

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• About the security content of iOS 18.7.7 and iPadOS 18.7.7
• Apple Security Updates

Serial number: AV26-306
Date: April 1, 2026
Updated: April 1, 2026

On March 31, 2026, Google published a security advisory to address vulnerabilities in the following product:

• Stable Channel Chrome for Desktop – versions prior to 146.0.7680.177/178 (Windows/Mac) and 146.0.7680.177 (Linux)

Google is aware that an exploit for CVE-2026-5281 exists in the wild.

Update 1

On April 1, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-5281 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates, when available.

• Google Chrome Security Advisory
• CISA KEV: CVE-2026-5281

Serial number: AV26-308
Date: April 1, 2026

On April 1, 2026, Drupal published a security advisory to address a critical vulnerability in the following product :

• SAML SSO - Service Provider – versions prior to 3.1.4

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• SAML SSO - Service Provider - Critical - Authentication bypass - SA-CONTRIB-2026-031
• Drupal Security Advisories

Serial number: AV26-307
Date: April 1, 2026

On April 1, 2026, Cisco published security advisories to address vulnerabilities in the following products:

• Cisco NFVIS Release – multiple versions
• Cisco IMC Release – multiple versions
• Cisco Telemetry Broker Appliances – version 6.0(2.260044) (M6) and prior
• IEC6400 Edge Compute Appliances – version 4.3(6.260017) (M6) and prior
• Secure Endpoint Private Cloud Appliances – versions 4.3(2.260007) (M5) and 4.3(6.260017) (M6)
• Secure Firewall Management Center Appliances – versions 4.3(2.260007) (M5) and 4.3(6.260017) (M6)
• Secure Malware Analytics Appliances – versions 4.3(2.260007) (M5) and 4.3(6.260017) (M6)
• Secure Network Analytics Appliances – versions 4.3(2.260007) (M5) and 6.0(2.260044) (M6)
• Secure Network Server Appliances – multiple versions
• Cisco SSM On-Prem Release – version 9-202510 and prior
• Cisco EPNM Release – versions 8.0 and prior, version 8.1 and prior

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested recommendations, and apply the necessary updates when available.

• Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilities
• Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability
• Cisco Evolved Programmable Network Manager Improper Authorization Vulnerability
• Cisco Integrated Management Controller Authentication Bypass Vulnerability
• Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability
• Cisco Security Advisories

Serial number: AV26-305
Date: March 31, 2026

On March 31, 2026, HPE published a security advisory to address a critical vulnerability in the following product:

• HPE Telco Network Function Virtualization Orchestrator – version v7.5.0 and prior

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• HPESBNW05033 rev.1 - HPE Telco Network Function Virtual Orchestrator, Improper Input Validation in the Undertow HTTP Server Core
• HPE Security Bulletin Library

Serial number: AV26-304
Date: March 31, 2026

On March 30, 2026, Symantec published a security advisory to address a vulnerability in the following product:

• Symantec Data Loss Prevention (DLP) Windows Endpoint – versions prior to DLP 16.1 MP2 and DLP 25.1 MP1

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Symantec Data Loss Prevention Security Update

Serial number: AV26-303
Date: March 31, 2026

On March 31, 2026, ABB published a security advisory to address vulnerabilities in the following product:

• ABB 800xA History – version 7.0 and prior
• ABB Batch Management – version 6.2 and prior
• ABB Production Response Batch History – version 6.2 and prior
• ABB 800xA for Symphony Plus Harmony – version 6.2 and prior
• ABB 800xA for AC 870P Melody – version 6.2 and prior
• ABB Application Change Management – version 6.2 and prior

The Cyber Centre encourages users and administrators to review the provided web links and perform the suggested mitigations.

• System 800xA affected by 3rd party component Vulnerabilities (PDF)
• ABB Cyber security alerts and notifications

Serial number: AV26-302
Date: March 31, 2026

On March 30, 2026, Nokia published security advisories to address a vulnerability in the following products:

• Nokia GX G42, GX G31, GX G32, GX G34 – versions prior to GX r9.0

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• CVE-2026-34485 - CLI ACL Bypass in GX G42
• Nokia Product Security Advisory

Serial number: AV26-267
Date: March 23, 2026
Updated: March 30, 2026

On March 23, 2026, Citrix published a security advisory to address critical vulnerabilities in the following products:

• NetScaler ADC and NetScaler Gateway 14.1 – versions prior to 14.1-60.58
• NetScaler ADC and NetScaler Gateway 13.1 – versions prior to 13.1-62.23
• NetScaler ADC FIPS and NDcPP – versions prior to 13.1-37.262

Update 1

On March 30, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-3055 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links and perform the suggested mitigations.

• NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2026-3055 and CVE-2026-4368
• Citrix Security Advisories
• CISA KEV: CVE-2026-3055

Serial number: AV26-301
Date: March 30, 2026

On March 30, 2026, Docker published a security advisory to address a vulnerability in the following product:

• Docker Desktop – versions prior to 4.67.0

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Docker Desktop 4.67.0 security update: CVE-2026-33990

Serial number: AV26-300
Date: March 30, 2026

On March 29, 2026, Roundcube published security advisories to address vulnerabilities in the following product:

• Webmail – versions prior to 1.6.15
• Webmail – versions prior to 1.5.15
• Webmail – versions prior to 1.7 RC6

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Roundcube Webmail 1.6.15
• Roundcube Webmail 1.5.15
• Roundcube Webmail 1.7 RC6

Serial number: AV26-299
Date: March 30, 2026

On March 27, 2026, Hitachi published security advisories to address vulnerabilities in the following product:

• Hitachi Disk Array Systems – multiple versions and models

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.

• Security information for Hitachi Disk Array Systems
• Hitachi Vulnerability Information

Serial number: AV26-298
Date: March 30, 2026

Between March 23 and 29, 2026, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder – multiple versions and platforms
• Red Hat Enterprise Linux – multiple versions and platforms
• Red Hat Enterprise Linux Server – multiple versions and platforms
• Red Hat Enterprise Linux for Real Time – multiple versions and platforms

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Red Hat Security Advisories

Serial number: AV26-297
Date: March 30, 2026

Between March 23 and 29, 2026, CISA published ICS advisories to address vulnerabilities in the following products:

• Grassroots DICOM (GDCM) – version 3.2.2
• Pharos Controls Mosaic Show Controller – firmware version 2.15.3
• OpenCode Systems OC Messaging and USSD Gateway – version 6.32.2
• PTC Windchill Product Lifecycle Management – multiple versions and models
• Schneider Electric EcoStruxure Foxboro DCS – versions prior to CS8.1
• Schneider Electric Plant iT/Brewmaxx – version 9.60_and_above
• WAGO GmbH & Co. KG Industrial Managed Switches – multiple firmware version

The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.

• CISA ICS Advisories

Serial number: AV26-296
Date: March 30, 2026

Between March 23 and 29, 2026, Ubuntu published security notices to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 18.04 LTS
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 25.10

The Cyber Centre encourages users and administrators to review the web link provided and apply the necessary updates.

• Ubuntu Security Notices

Number: AL26-006
Date: March 30, 2026

Audience

This Alert is intended for IT professionals and managers.

Purpose

An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The Canadian Centre for Cyber Security ("Cyber Centre") is also available to provide additional assistance regarding the content of this Alert to recipients as requested.

Details

The Cyber Centre is aware of a critical vulnerability impacting NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway)^{Footnote 1}.

NetScaler ADC is an application delivery and security platform designed to optimize the performance, security, and scalability of applications.

NetScaler Gateway is a secure remote access solution developed by Citrix that provides single sign-on (SSO) capabilities for applications, enhancing user experience and security.

In response to the vendor advisory released on March 23, 2026, the Cyber Centre released AV26-267 on March 23, 2026^{Footnote 2}.

Tracked as CVE-2026-3055^{Footnote 3}, this vulnerability is an insufficient input validation vulnerability (CWE-125)^{Footnote 4} leading to a memory overread allowing a remote, unauthenticated attacker to access sensitive information stored in memory. Pre-conditions for this vulnerability are that the NetScaler ADC or NetScaler Gateway must be configured as a SAML IdP (Security Assertion Markup Language Identity Provider).

Further information about the impacted configurations of your appliance can be found in the Citrix advisory^{Footnote 1}.

This Alert only applies to customer-managed NetScaler ADC and NetScaler Gateway. The Citrix Cloud Software Group has already upgraded Citrix-managed cloud services and Citrix-managed Adaptive Authentication instances with the necessary software updates related to these vulnerabilities.

The Cyber Centre has observed open-source reporting indicating that the vulnerability is being exploited in the wild since March 27, 2026^{Footnote 5}.

Suggested actions

The Cyber Centre recommends that organizations using Citrix NetScaler ADC and NetScaler Gateway appliances (particularly for SAML IDP-configured appliances), review the Citrix security bulletin^{Footnote 1} and update or upgrade the affected systems to the following versions:

• NetScaler ADC and NetScaler Gateway 14.1-60.58 and later releases of 14.1
• NetScaler ADC and NetScaler Gateway 13.1-62.23 and later releases of 13.1
• NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.262 and later releases of 13.1-FIPS and 13.1-NDcPP

Citrix has provided steps to take if NetScaler ADC or NetScaler Gateway are suspected to be compromised^{Footnote 6}, which includes:

• Preserve evidence.
• If possible, avoid switching off the machine in order to preserve the traces needed for investigations.
• Completely isolate the machine concerned from the network, both from the Internet and from the internal network, in order to limit the risk of further unauthorized access and lateral movement.
• Revoke credentials and access.
• Examine all servers and systems to which the NetScaler ADC had connected for signs of compromise.
• Rebuild and restore.
• Rotate restored secrets.
• Harden the device.

In addition, the Cyber Centre strongly recommends that organizations review and implement the Cyber Centre’s Top 10 IT Security Actions with an emphasis on the following topics^{Footnote 7}.

• Patch operating systems and applications
• Harden operating systems and applications
• Isolate web-facing applications

Should activity matching the content of this alert be discovered, recipients are encouraged to report via My Cyber Portal or email contact@cyber.gc.ca.

References

Serial number: AV26-295
Date: March 30, 2026

Between March 23 and 29, 2026, Dell published security advisories to address vulnerabilities in multiple products:

• APEX Cloud Platform for Red Hat OpenShift – multiple versions
• APEX Cloud Platforms Solution Offerings – multiple versions
• APEX – multiple versions
• Dell Secure Connect Gateway Appliance – versions prior to 5.34.00.16
• Dell Storage Monitoring and Reporting – versions prior to 6.0.0.2
• Dell Storage Resource Manager – versions prior to 6.0.0.2

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• DSA-2026-152: Dell Secure Connect Gateway Security Update for Multiple Third-Party Component Vulnerabilities.
• DSA-2026-111: Dell Storage Resource Manager (SRM) and Dell Storage Monitoring and Reporting (SMR) Security Update for Multiple Third-Party Component Vulnerabilities
• DSA-2026-151: Security Update for Dell APEX Cloud Platform for Red Hat OpenShift for Multiple Third-Party Component Vulnerabilities
• Dell Security advisories and notices

Serial number: AV26-294
Date: March 30, 2026

Between March 23 and 29, 2026, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Communications Server for AIX – version 6.4
• Communications Server for Data Center Deployment – versions 7.0 to 7.1
• Communications Server for Linux on System z – version 6.4
• Communications Server for Linux – version 6.4
• DataPower Operations Dashboard – versions 1.0.23.1 to 1.0.23.2
• DataStage on Cloud Pak for Data – version 5.3.1
• IBM App Connect Enterprise Certified Containers Operands – multiple versions
• IBM App Connect Enterprise – versions 12.0.1.0 to 12.0.12.23
• IBM App Connect Enterprise – versions 13.0.1.0 to 13.0.6.2
• IBM App Connect Operator – multiple versions
• IBM CICS TX Standard – version 11.1
• IBM Common Licensing – multiple versions
• IBM DevOps Release – versions 7.0.0 to 7.0.0.5
• IBM Event Endpoint Management – versions 11.0.0 to 11.7.2
• IBM Industry Solutions Workbench – version 5.0.0.0 and 5.1.0.0
• IBM InfoSphere Optim Archive Viewer – versions 11.7 FixPack09 to 11.7 FixPack12
• IBM Knowledge Catalog Standard Cartridge – multiple versions
• IBM MQ Operator – multiple versions
• IBM Security QRadar Log Management AQL Plugin – versions 1.0.0 to 1.1.3
• IBM SPSS Modeler – multiple versions
• IBM Storage Protect Operations Center – version 8.2.0
• IBM WebSphere Automation – versions 1.11.0 to 1.11.1
• IBM supplied MQ Advanced container images – multiple versions
• IBM watsonx Code Assistant On Prem – multiple versions
• IBM webMethods BPM – version 11.1 and 10.15
• InfoSphere Information Server – versions 11.7.0.0 to 11.7.1.6
• SOAR App Host – multiple versions
• Sterling Connect:Direct FTP+ – versions 1.3.0.0 to 1.3.0.3
• UCB - IBM UrbanCode Build – version 6.1.7 to 6.1.7.9
• UCR - IBM UrbanCode Release – versions 6.2.5 to 6.2.5.11
• WebSphere Extreme Scale – version 8.6.1.0 to 8.6.1

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• IBM Product Security Incident Response

Serial number: AV26-096
Date: February 9, 2026
Updated: March 30, 2026

On February 6, 2026, Fortinet published a security advisory to address a critical vulnerability in the following product:

• FortiClientEMS 7.4 – version 7.4.4

Update 1

Open-source reporting indicates that CVE-2026-21643 is being exploited in the wild.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• SQLi in administrative interface – FG-IR-25-1142 (CVE-2026-21643)
• CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
• Fortinet PSIRT Advisories

Serial number: AV25-669
Date: October 15, 2025
Updated: March 27, 2026

On October 15, 2025, F5 published a security advisory to address vulnerabilities in the following products:

• BIG-IP (all modules) – versions 17.5.0 to 17.5.1, versions 17.1.0 to 17.1.2, versions 16.1.0 to 16.1.6, versions 15.1.0 to 15.1.10
• BIG-IP AFM – version 17.5.0, versions 17.1.0 to 17.1.2, versions 15.1.0 to 15.1.10
• BIG-IP APM – versions 17.5.0 to 17.5.1, versions 17.1.0 to 17.1.2, versions 16.1.0 to 16.1.6, versions 15.1.0 to 15.1.10
• BIG-IP APM, APM with SWG, SSL Orchestrator, SSL Orchestrator with SWG – version 17.5.0, versions 17.1.0 to 17.1.2, versions 16.1.0 to 16.1.6, versions 15.1.0 to 15.1.10
• BIG-IP ASM – versions 17.1.0 to 17.1.2, versions 16.1.0 to 16.1.5
• BIG-IP Advanced WAF/ASM – versions 17.5.0 to 17.5.1, versions 17.1.0 to 17.1.2, versions 16.1.0 to 16.1.6, versions 15.1.0 to 15.1.10
• BIG-IP Next CNF – versions 2.0.0 to 2.1.0, versions 1.1.0 to 1.4.1
• BIG-IP Next SPK – versions 2.0.0 to 2.1.0, versions 1.7.0 to 1.9.2
• BIG-IP Next for Kubernetes – versions 2.0.0 to 2.1.0
• BIG-IP PEM – version 17.5.0, versions 17.1.0 to 17.1.2, versions 16.1.0 to 16.1.6, versions 15.1.0 to 15.1.10
• BIG-IP SSL Orchestrator – version 17.5.0, versions 17.1.0 to 17.1.2, versions 16.1.0 to 16.1.5, versions 15.1.0 to 15.1.10
• F5OS-A – versions 1.8.0 to 1.8.1, versions 1.5.1 to 1.5.3
• F5OS-C – version 1.8.0 to 1.8.1, versions 1.6.0 to 1.6.2
• NGINX App Protect WAF – versions 4.5.0 to 4.6.0

On October 15, 2025, F5 also published security incident K000154696 advising that threat actors exfiltrated files from BIG-IP products and they are not aware of active exploitation of any undisclosed F5 vulnerabilities.

Update 1

F5 indicates that CVE-2025-53521 has been exploited.

On March 27, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-53521 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users/administrators to review the links provided below, to identify F5 BIG-IP products, evaluate and address any potential compromise on any networked managed interface exposed to the public internet and apply F5 security updates.

• K000156741: BIG-IP APM vulnerability CVE-2025-53521
• K000160486: Indicators of Compromise for c05d5254
• CISA KEV: CVE-2025-53521
• K000154696: F5 Security Incident
• K53108777: Hardening your F5 system
• F5 Quarterly Security Notification (October 2025)

Serial number: AV26-293
Date: March 27, 2026

On March 26, 2026, Microsoft published a security update to address vulnerabilities in the following product:

• Microsoft Edge Stable Channel – versions prior to 146.0.3856.84

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update.

• Microsoft Edge Stable Channel Release Notes

Serial number: AV26-292
Date: March 27, 2026

On March 25, 2026, Ericsson published a security advisory to address vulnerabilities in the following product:

• Ericsson Indoor Connect 8855 – versions prior to 2025.Q3

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates if available.

• Security Bulletin – Ericsson Indoor Connect 8855, March, 2026
• Ericsson Security Advisories

Serial number: AV26-291
Date: March 27, 2026

Between March 25 and 26, 2026, FreeBSD published security advisories to address vulnerabilities in the following products:

• FreeBSD – version 14.x
• FreeBSD – version 15.0
• FreeBSD – version 13.5

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• TCP: remotely exploitable DoS vector (mbuf leak) (CVE-2026-4247)
• Remote denial of service via null pointer dereference (CVE-2026-4652)
• Remote code execution via RPCSEC_GSS packet validation (CVE-2026-4747)
• pf silently ignores certain rules (CVE-2026-4748)
• FreeBSD Security Advisories

Serial number: AV26-290
Date: March 27, 2026

On March 26, 2026, Siemens published a security advisory to address vulnerabilities in the following products. Included were updates for the following products:

• CPCI85 Central Processing/Communication – versions prior to V26.10
• RTUM85 RTU Base – versions prior to V26.10
• SICORE Base system – versions prior to V26.10.0

The Cyber Centre encourages users and administrators to review the web links provided, perform the suggested mitigations and apply the necessary updates.

• SSA-246443: Multiple Vulnerabilities in SICAM 8 Products
• Siemens Security Advisories