Serial number: AV26-541
Date: June 2, 2026

On May 29, 2026, JetBrains published security advisories to address vulnerabilities in the following products:

• JetBrains IntelliJ IDEA – versions prior to 2026.1.1
• JetBrains TeamCity – versions prior to 2026.1.1 and 2025.11.5
• JetBrains YouTrack – versions prior to 2026.1.13162

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• JetBrains – Fixed security issues

Serial number: AV26-540
Date: June 2, 2026

On June 2, 2026, Siemens published a security advisory to address critical vulnerabilities in the following product:

• RUGGEDCOM RST2428P (6GK6242-6PA00) – versions prior to V4.0

The Cyber Centre encourages users and administrators to review the web links provided, perform the suggested mitigations and apply the necessary updates.

• SSA-253495: Multiple Vulnerabilities in SINEC OS before V4.0
• Siemens Security Advisories

Serial number: AV26-538
Date: June 2, 2026

On June 1, 2026, Android published a security bulletin to address vulnerabilities affecting Android devices.

The vendor indicates that CVE-2025-48595 may be under limited, targeted exploitation.

Update 1
On June 2, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-48595 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Android Security Bulletin
• CISA KEV: CVE-2025-48595

Serial number: AV26-539
Date: June 2, 2026

On June 1, 2026, HP published a security advisory to address a critical vulnerability in the following products:

• HP Poly VVX – versions prior to UCS 6.4.8 – Pending
• HP Poly Trio 8300 – versions prior to UCS 8.1.7
• HP Poly Trio 8500 – versions prior to UCS 7.2.8
• HP Poly Trio 8800 – versions prior to UCS 7.2.8

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates, once available.

• Poly Voice – Possible Remote Control of Certain Poly Devices

Serial number: AV26-537
Date: June 2, 2026

On June 2, 2026, Samsung published a security update to address vulnerabilities in the following product:

• Samsung mobile devices – versions prior to SMR-JUN-2026

The most recent security update resolves multiple identified vulnerabilities.

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update.

• Samsung Security Updates

Serial number: AV26-536
Date: June 1, 2026

On May 29, 2026, Broadcom published a security advisory to address vulnerabilities in the following product. Included were critical updates for the following:

• VMware Tanzu for Valkey – versions prior to 7.2.13
• VMware Tanzu for Valkey – versions prior to 8.0.9
• VMware Tanzu for Valkey – versions prior to 8.1.7
• VMware Tanzu for Valkey – versions prior to 9.0.4

The Cyber Centre encourages users and administrators to review the web links provided and apply the necessary updates.

• Product Release Advisory - VMware Tanzu for Valkey 7.2.13, 8.0.9, 8.1.7, 9.0.4
• Security Advisories - VMware Cloud Foundation

Serial number: AV26-535
Date: June 1, 2026

On June 1, 2026, Qualcomm published a security bulletin to address vulnerabilities affecting Qualcomm products.

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Qualcomm Security Bulletin – June

Serial number: AV24-401
Date: July 17, 2024
Updated: June 1, 2026

On July 16, 2024, Oracle published a security advisory to address vulnerabilities in multiple products. Included were critical updates for the following:

• Oracle Analytics
• Oracle Communications Applications
• Oracle Communications
• Oracle Financial Services Application
• Oracle Fusion Middleware
• Oracle MySQL
• Oracle Siebel CRM

Update 1

On June 1, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2024-21182 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Oracle Critical Patch Update Advisory – July 2024
• CISA KEV: CVE-2024-21182

Serial number: AV26-534
Date: June 1, 2026

On May 27, 2026, Plesk published a security advisory to address a vulnerability in the following product:

• Plesk for Linux – versions prior to 18.0.75.1
• Plesk for Linux – versions prior to 18.0.76.2

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Vulnerability CVE-2026-44962 in Plesk's APS Catalog
• Plesk Support

Serial number: AV26-533
Date: June 1, 2026

On June 1, 2026, Ivanti published a security advisory to address a vulnerability in the following products:

• Ivanti Neurons for ITSM (On-Premises) – version 2025.4 and prior
• Ivanti Neurons for ITSM (Cloud) – version 2026.1 and prior

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Security Advisory Ivanti Neurons for ITSM (CVE-2026-9614)
• Ivanti Security Advisories

Serial number: AV26-532
Date: June 1, 2026

On June 1, 2026, Mozilla published a security advisory to address vulnerabilities in the following product:

• Firefox for iOS – versions prior to 151.2

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Mozilla Foundation Security Advisory 2026-53
• Mozilla Security Advisories

Serial number: AV26-531
Date: June 1, 2026

Between May 25 and 31, 2026, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder – multiple versions and platforms
• Red Hat Enterprise Linux – multiple versions and platforms
• Red Hat Enterprise Linux Server – multiple versions and platforms
• Red Hat Enterprise Linux for Real Time – multiple versions and platforms

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Red Hat Security Advisories

Serial number: AV26–530
Date: June 1, 2026

Between May 25 and 31, 2026, CISA published ICS advisories to address vulnerabilities in the following products:

• ABB AC500 V2 – versions prior to 2.5.2 and 2.5.3
• ABB Ability Camera Connect – versions prior to 1.5.0.14 and 1.5.0.15
• ABB Ability Zenon – versions 7.50 to 14
• ABB B&R Automation Runtime – versions prior to 6.3 and Q4.93
• ABB EIBPORT V3 KNX (2CLA963710W1001) / (2CSM256242R2001) – versions prior to 3.9.2
• ABB EIBPORT V3 KNX GSM (2CLA963720W1001) – versions prior to 3.9.2
• ABB LVS MConfig – versions 1.4.9.21 and prior
• CP Plus 8 Ch. Network Video Recorder – multiple versions
• Eppendorf BioFlo 320 – all versions
• Frontier X Android application – versions prior to v15.0.0
• Frontier X IOS application– versions prior to v25.0.0
• Frontier X2 – all versions
• Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter – version 7.03T.07
• KMW CCTV Security Cameras – versions KM-IP521 IPCAM_V4.04.91.230307 and KM-IP421 IPCAM_V4.04.53.210416
• MacGregor Voyage Data Recorder (VDR) G4e – versions prior to V5.250
• Schneider Electric EcoStruxure Machine Expert HVAC – versions prior to 1.10.0
• Switch Actuator 4 DU – all versions
• Switch Actuator, door/light 4 DU – all versions
• Terra AC Wallbox – multiple versions and models
• XCharge C6 – version C6

The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.

• CISA ICS Advisories

Serial number: AV26-529
Date: June 1, 2026

Between May 25 and 31, 2026, Ubuntu published security notices to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 25.10

The Cyber Centre encourages users and administrators to review the web links provided and apply the necessary updates.

• USN-8305-2: Linux kernel (Low Latency) vulnerabilities
• USN-8305-1: Linux kernel (Intel IoTG Real-time) vulnerabilities
• USN-8310-1: Linux kernel (Azure) vulnerabilities
• Ubuntu Security Notices

Serial number: AV26-528
Date: June 1, 2026

Between May 25 and 31, 2026, Dell published security advisories to address vulnerabilities in multiple products:

• PowerEdge Server Chipset Driver – multiple applications and versions
• Data Lakehouse – versions prior to 1.8.0.0
• Dell Enterprise SONiC Distribution – versions prior to 4.5.2
• Dell Unity – versions prior to 5.5.4

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• DSA-2026-232: Security Update for AMD-based PowerEdge Server Chipset Driver Vulnerabilities
• DSA-2026-199: Security Update for Dell Data Lakehouse Multiple Third-Party Component Vulnerabilities
• DSA-2026-241: Security Update for Dell Enterprise SONiC Distribution Vulnerabilities
• DSA-2026-211 -: Security Update for Dell Unity, Dell UnityVSA and Dell Unity XT Security Update for Multiple Vulnerabilities
• Dell Security advisories and notices

Serial number: AV26-527
Date: June 1, 2026

Between May 25 and 31, 2026, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• IBM Aspera Enterprise WebApps – versions 1.0.0 to 1.0.2.1
• IBM Business Automation Workflow containers and traditional – multiple versions
• IBM Cloud Pak for Business Automation – multiple versions
• IBM Cloud Pak for Security – versions 1.10.0.0 to 1.10.11.0
• IBM Control Center – multiple versions
• IBM DataStax Enterprise – versions 5.1, 6.7, 6.8 and 6.9
• IBM Edge Application Manager – multiple versions
• IBM Engineering Lifecycle Management - Jazz Foundation – multiple versions
• IBM Library Support for Spring – version 3.3
• IBM License Metric Tool – versions 9.2.0 to 9.2.43
• IBM Maximo Application Suite - Monitor Component – version 9.1.0.0
• IBM Observability with Instana (Agent) – versions Build 1.0.303 to 1.0.318
• IBM Process Mining – versions 2.0.0 to 2.1.1 IF001
• IBM Security SOAR – multiple versions
• IBM Tivoli Application Dependency Discovery Manager – versions 7.3.0.0 to 7.3.0.12
• QRadar Suite Software – versions 1.10.12.0 to 1.11.10.0
• WebSphere Service Registry and Repository – version 8.5

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• IBM Product Security Incident Response

Serial number: AV26-456
Date: May 12, 2026
Updated: June 1, 2026

On May 12, 2026, Microsoft published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products:

• .NET 10.0 installed on Linux
• .NET 10.0 installed on Mac OS
• .NET 10.0 installed on Windows
• .NET 8.0 installed on Linux
• .NET 8.0 installed on Mac OS
• .NET 8.0 installed on Windows
• .NET 9.0 installed on Linux
• .NET 9.0 installed on Mac OS
• .NET 9.0 installed on Windows
• Azure AI Foundry
• Azure Cloud Shell
• Azure Connected Machine Agent
• Azure DevOps
• Azure Logic Apps
• Azure Machine Learning
• Azure Managed Instance for Apache Cassandra
• Azure Monitor Action Group notification system
• Azure Monitor Agent
• Azure Monitor Agent Metrics Extension
• Azure SDK for Java
• Copilot Chat (Microsoft Edge)
• Dynamics 365 Customer Insights
• M365 Copilot for Desktop
• Microsoft .NET Framework 3.5
• Microsoft .NET Framework 3.5 AND 4.7.2
• Microsoft .NET Framework 3.5 AND 4.8
• Microsoft .NET Framework 3.5 AND 4.8.1
• Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
• Microsoft .NET Framework 4.8
• Microsoft 365
• Microsoft 365 Copilot for Android
• Microsoft 365 Copilot's Business Chat
• Microsoft Confluence SAML SSO plugin
• Microsoft Data Formulator
• Microsoft Dynamics 365
• Microsoft Dynamics 365 Business Central
• Microsoft Edge (Chromium-based)
• Microsoft Enterprise Security Token Service (ESTS)
• Microsoft Excel 2016
• Microsoft Excel for Android
• Microsoft JIRA SAML SSO plugin
• Microsoft Office 2016
• Microsoft Office 2019
• Microsoft Office LTSC 2021
• Microsoft Office LTSC 2024
• Microsoft Office LTSC for Mac 2021
• Microsoft Office LTSC for Mac 2024
• Microsoft Office for Android
• Microsoft Outlook for iOS
• Microsoft Partner Center
• Microsoft PowerPoint for Android
• Microsoft SQL Server 2016
• Microsoft SQL Server 2017
• Microsoft SQL Server 2019
• Microsoft SQL Server 2022
• Microsoft SQL Server 2025
• Microsoft SharePoint Enterprise Server 2016
• Microsoft SharePoint Server 2019
• Microsoft SharePoint Server Subscription Edition
• Microsoft Teams
• Microsoft Teams for Android
• Microsoft Visual Studio 2017
• Microsoft Visual Studio 2019
• Microsoft Visual Studio 2022
• Microsoft Visual Studio 2026
• Microsoft Word 2016
• Microsoft Word for Android
• Office Online Server
• Power Automate for Desktop
• Visual Studio Code
• Visual Studio Code - Live Preview extension
• Windows 10
• Windows 11
• Windows Admin Center
• Windows Admin Center in Azure Portal
• Windows Server 2012
• Windows Server 2016
• Windows Server 2019
• Windows Server 2025

Update 1

On May 21, 2026, Microsoft published an out-of-band (OOB) security update to address CVE-2026-45659, an additional vulnerability impacting Microsoft SharePoint Enterprise Server 2019, Microsoft SharePoint Server 2016 and Microsoft SharePoint Server Subscription Edition. The CVE was inadvertently omitted from the May 2026 Security Updates.

Update 2

Open-source reporting indicates that CVE-2026-41089 is being exploited in the wild.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• May 2026 Security Updates
• Security Update Guide
• Microsoft SharePoint Remote Code Execution Vulnerability CVE-2026-45659
• Windows Netlogon Remote Code Execution Vulnerability CVE-2026-41089

Serial number: AV26-462
Date: May 13, 2026
Updated: May 29, 2026

On May 13, 2026, Palo Alto Networks published security advisories to address vulnerabilities in the following products:

• PAN-OS 12.1 – versions prior to 12.1.4-h5
• PAN-OS 12.1 – versions prior to 12.1.7
• PAN-OS 11.2 – multiple versions
• PAN-OS 11.1 – multiple versions
• PAN-OS 10.2 – multiple versions

Update 1

On May 29, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-0257 to their Known Exploited Vulnerabilities (KEV) Database.

Impacted products for CVE-2026-0257:

• PAN-OS 12.1 – versions prior to 12.1.4-h6
• PAN-OS 12.1 – versions prior to 12.1.7
• PAN-OS 11.2 – multiple versions
• PAN-OS 11.1 – multiple versions
• PAN-OS 10.2 – multiple versions
• Prisma Access 11.2.0 – versions prior to 11.2.7-h13
• Prisma Access 10.2.0 – versions prior to 10.2.10-h36

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.

• CVE-2026-0265 PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled
• CVE-2026-0264 PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution
• CVE-2026-0263 PAN-OS: Remote Code Execution (RCE) in IKEv2 Processing
• Palo Alto Network Security Advisories
• CVE-2026-0257 PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
• CISA KEV: CVE-2026-0257

Number: AL26-013
Date: May 29, 2026

Audience

This Alert is intended for IT professionals and managers.

Purpose

An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The Canadian Centre for Cyber Security ("Cyber Centre") is also available to provide additional assistance regarding the content of this Alert to recipients as requested.

Details

On May 18, 2026, GitHub detected unauthorized access to its internal systems originating from a compromised employee device^{Footnote 1}. The intrusion was facilitated by a maliciously modified version of the Nx Console Visual Studio Code extension (version 18.95.0)^{Footnote 2}. The attacker successfully exfiltrated approximately 3,800 internal GitHub repositories, containing proprietary source code and internal configuration data. GitHub Enterprise Server customers are advised to follow vendors recommendations. No action is required for GitHub Enterprise Cloud clients.

In response to this security incident, and the release of the GitHub Security Notification, the Cyber Centre released AV26-512 on May 27, 2026^{Footnote 3}.

The purpose of this alert is to increase awareness of the reported incident and to take necessary measures.

Suggested actions

The Cyber Centre suggests the following actions:

• Monitor for compromise by reviewing CI/CD (Continuous Integration/Continuous Deployment) logs for unexpected repository access/cloning, unauthorized admin actions, authentication/access control changes, unauthorized pushes or orphan commits, and suspicious commits after May 18, 2026 — especially from bot/service accounts (e.g., ci-bot, build-bot).
• Remove Nx Console v18.95.0 from all environments and downgrade/upgrade to a known good version (18.94.0 or 18.96.0+).
• If the malicious version of Nx Console is present:
  • Check macOS systems for ~/.local/share/kitty/cat.py and related persistence (launch agents)
  • Immediately rotate all credentials (AWS, GCP, Azure, GitHub, npm) exposed on developer machines between May 11–20, 2026.
• Strengthen controls by disabling IDE extension auto-updates in high-security environments and enforcing an approved allowlist of developer tools.
• Rotate GitHub Enterprise Server GPG (GNU Privacy Guard) public keys per vendor guidance, as future patches/releases require the new key before installation.

In addition, the Cyber Centre strongly recommends that organizations review and implement the Cyber Centre’s Top 10 IT Security Actions with an emphasis on the following topics^{Footnote 4}.

• Patch operating systems and applications
• Harden operating systems and applications
• Isolate web-facing applications

Should activity matching the content of this alert be discovered, recipients are encouraged to report via My Cyber Portal, or email contact@cyber.gc.ca.

Serial number: AV26-526 
Date: May 29, 2026

On May 28, 2026, Oracle published a security advisory to address critical vulnerabilities in the following products:

• Oracle Communications Unified Assurance - versions 6.1.1 to 7.0.0
• Oracle Database Server - versions 23.4.0 to 23.26.2
• Oracle E-Business Suite - versions 12.2.3 to 12.2.15
• Oracle Hospitality OPERA 5 Property Services - versions 5.6.19.24, 5.6.22, 5.6.25.19, 5.6.27.6 and 5.6.28
• Oracle REST Data Services - versions 24.2.0 to 26.1.0

The Cyber Centre encourages users and administrators to review the provided web links and perform the suggested mitigations.

• Oracle Critical Security Patch Update Advisory - May 2026
• Oracle Critical Patch Updates, Security Alerts and Bulletins

Serial number: AV26-525
Date: May 29, 2026

On May 28, 2026, Microsoft published a security update to address vulnerabilities in the following product:

• Microsoft Edge Stable Channel – versions prior to 148.0.3967.96

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update.

• Microsoft Edge Stable Channel Release Notes

Serial number: AV26-524
Date: May 28, 2026

On May 28, 2026, Mitel published a security advisory to address vulnerabilities in the following products:

• Mitel Standard Linux – versions 12.x and prior
• MiVoice 5000 – versions 8.x and prior
• MiVoice Border Gateway – versions 11.6.x, 12.x and prior
• MiVoice Business – versions 10.1.x to 10.5.x
• MiVoice Business Solution Virtual Instance – versions 2.x and prior
• MiVoice MX-ONE – versions 7.3 to 7.8 and version 8.x and prior
• OpenScape 4000 – versions V10 R1.x, V11 R0.22, V11 R1.26 and prior
• OpenScape Branch – versions V10.3 and V11.x and prior
• OpenScape SBC – versions V10.3 and V11.x and prior
• OpenScape Voice Server – versions V9R3 JITC, V10, V11 and prior
• MiCollab – versions 10.x and prior
• MiCloud Management Portal – versions 6.3.x and prior
• Mitel Open Integration Gateway – versions 4.3.x and prior
• Mitel Performance Analytics MPA – versions 3.6x and prior
• OpenScape Contact Media Service (used by Mitel CX and OpenScape Contact Center) – versions V12Rx and prior
• Mitel SIP DECT – versions 9.1, 9.2, 10.0, 10.1 and prior
• OpenScape Xpert Clients 6010P – versions V7, V8 and prior

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Linux Kernel Local Privilege Escalation Vulnerabilities "Dirty Frag" (CVE-2026-43284, CVE-2026-43500)
• Mitel Security Bulletins

Serial number: AV26-523
Date: May 28, 2026

On May 27, 2026, Tanium published security advisories to address vulnerabilities in the following products:

• Connect 2024H2 – versions prior to Update 25 (v5.26.191)
• Connect 2025H1 – versions prior to Update 19 (v5.29.237)
• Connect 2025H2 – versions prior to Update 9 (v5.37.140)

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Tanium Security Advisories - TAN-2026-015
• Tanium Security Advisories - TAN-2026-014
• Tanium Security Advisories

Serial number: AV26-522
Date: May 28, 2026

On May 27, 2026, Erlang published security advisories to address vulnerabilities in the following products:

• OTP – versions prior to 29.0.1, 28.5.0.1, 27.3.4.12 and 26.2.5.21
• Public_key (OTP) – versions prior to 1.21.1, 1.20.3.1, 1.17.1.3 and 1.15.1.7

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Name Constraints and Subject CommonName Fallback in TLS hostname Verification
• public_key Accepts non-CA Certificate as Intermediate Issuer, Enabling Chain Forgery
• OCSP Responder Certificate Accepted After Expiry in public_key
• Erlang Security

Serial number: AV26-521
Date: May 28, 2026

On May 26, 2026, Notepad++ published a security advisory to address vulnerabilities in the following product:

• Notepad++ – versions prior to v8.9.6.1

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Notepad++ v8.9.6.1 release
• Notepad++ community

Serial number: AV26-520
Date: May 28, 2026

On May 28, 2026, Zimbra published a security advisory to address vulnerabilities in the following product:

• Zimbra Daffodil – versions prior to v10.1.17

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Zimbra Daffodil (v10.1.17) Patch Release
• Zimbra Patch Release Updates

Serial number: AV26-519
Date: May 28, 2026

On May 27, 2026, Veeam published security advisories to address vulnerabilities in the following products:

• Veeam Backup for AWS 10.1 – versions prior to 10.1.0.40
• Veeam Backup for Google Cloud 7.0.1 – versions prior to 7.0.1.4
• Veeam Backup for Microsoft Azure 8.1 Patch 2 – versions prior to 8.0.236
• Veeam Recovery Orchestrator – versions prior to 13.0.2.27

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• List of Security Fixes and Improvements in Veeam Recovery Orchestrator
• Release Information for Veeam Backup for AWS 10.1
• Release Information for Veeam Backup for Google Cloud 7.0.1
• Release Information for Veeam Backup for Microsoft Azure 8.1 Patch 2
• Veeam Knowledge Base

Serial number: AV26-518
Date: May 28, 2026

On May 27, 2026, Drupal published a security advisory to address a critical vulnerability in the following product:

• Drupal AlternativeCommerce (Basket) – versions prior to 2.1.17

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates or perform the suggested mitigations.

• Drupal AlternativeCommerce (Basket) - Highly critical - Arbitrary PHP code execution - SA-CONTRIB-2026-038
• Drupal Security Advisories

Serial number: AV26-517
Date: May 27, 2026

On May 27, 2026, Google published a security advisory to address vulnerabilities in the following product:

• Stable Channel Chrome for Desktop – versions prior to0.7778.216/217 (Windows), 148.0.7778.215/216 (Mac) and 148.0.7778.215 (Linux)

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates, when available.

• Google Chrome Security Advisory

Serial number: AV26-516
Date: May 27, 2026

On May 27, 2026, GitLab published a security advisory to address vulnerabilities in the following products:

• GitLab Community Edition (CE) – versions prior to 19.0.1, 18.11.4, 18.10.7
• GitLab Enterprise Edition (EE) – versions prior to 19.0.1, 18.11.4, 18.10.7

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• GitLab Patch Release: 19.0.1, 18.11.4, 18.10.7
• GitLab Releases

Serial number: AV26-515
Date: May 27, 2026

On May 27, 2026, Jenkins published a security advisory to address vulnerabilities in the following products:

• Active Directory Plugin – version 2.4.1 and prior
• AppSpider Plugin – version 1.0.17 and prior
• Bitbucket OAuth Plugin – version 0.17 and prior
• buildgraph-view Plugin – version 1.8 and prior
• Credentials Binding Plugin – version 720.v3f6decef43ea_ and prior
• Email Extension Plugin – version 1933.v45cec755423f and prior
• GitHub Integration Plugin – version 0.7.3 and prior
• Job Import Plugin – version 143.v044a_2e819b_27 and prior
• LDAP Plugin – version 807.v7d7de30930cf and prior
• Pipeline: Groovy Libraries Plugin – version 797.v90ea_a_9b_e45a_0 and prior
• Multijob Plugin – version 662.vd2e0001f6b_b_d and prior

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Jenkins Security Advisory 2026-05-27
• Jenkins Security Advisories

Serial number: AV26-514
Date: May 27, 2026

On May 27, 2026, Phoenix Contact published a security advisory to address vulnerabilities in the following products:

• AXC F – multiple models and versions prior to 2026.0.3
• BCP 9102S – versions prior to 2026.0.3
• EPC 1522 – versions prior to 2026.0.3
• RFC 4072R – versions prior to 2026.0.3
• RFC 4072S – versions prior to 2026.0.3
• VL3 UPC 2440 EDGE – versions prior to 2026.0.3
• VPLCNEXT CONTROL – multiple models and versions prior to 2026.0.3

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates, once available.

• VDE-2026-050: Phoenix Contact: PLCnext Firmware Security Issues Related to APPs and Configuration Files (PDF)
• Phoenix Contact Security Advisories

Serial number: AV26-513
Date: May 27, 2026

On May 27, 2026, Veeam published security advisories to address vulnerabilities in the following products:

• Veeam Backup & Replication – 13 versions prior to 13.0.2.29
• Veeam ONE – versions prior to 13.0.2.6723
• Veeam Service Provider Console – 9.2 versions prior to 9.2.1.33875

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Vulnerabilities Resolved in Veeam Backup & Replication 13.0.2
• List of Security Fixes and Improvements in Veeam Service Provider Console
• List of Security Fixes and Improvements in Veeam ONE
• Vulnerability Resolved in Veeam Service Provider Console 9.2.1
• Veeam Knowledge Base

Serial number: AV26-512
Date: May 27, 2026

On May 26, 2026, GitHub published security advisories to address vulnerabilities in the following products:

• GitHub Enterprise Server – versions 3.20.x prior to 3.20.3
• GitHub Enterprise Server – versions 3.19.x prior to 3.19.7
• GitHub Enterprise Server – versions 3.18.x prior to 3.18.10
• GitHub Enterprise Server – versions 3.17.x prior to 3.17.16
• GitHub Enterprise Server – versions 3.16.x prior to 3.16.19

GitHub has stated that future patches and releases will be signed with a new public key, and customers will need to rotate to the new key before those patches and releases can be installed.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Enterprise Server 3.20.3
• Enterprise Server 3.19.7
• Enterprise Server 3.18.10
• Enterprise Server 3.17.16
• Enterprise Server 3.16.19
• Investigation update: GitHub Enterprise Server signing key rotation

Serial number: AV26-511
Date: May 27, 2026

On May 26, 2026, Hitachi published security advisories to address vulnerabilities in the following products:

• Cosminexus Developer's Kit for Java
• Hitachi Automation Director – all versions
• Hitachi Configuration Manager – all versions
• Hitachi Compute Systems Manager – all versions
• Hitachi Developer's Kit for Java
• Hitachi Device Manager – all versions
• Hitachi Dynamic Link Manager – versions prior to 9.0.0-00
• Hitachi Global Link Manager – all versions
• Hitachi Infrastructure Analytics Advisor (English version) – multiple components and versions
• Hitachi Ops Center Administrator (English version) – all versions
• Hitachi Ops Center Analyzer (English Version) – multiple components and versions
• Hitachi Ops Center Analyzer Common Services – all versions
• Hitachi Ops Center Analyzer Viewpoint (English version) – versions 10.8.1-00 to versions prior to 11.0.8-00
• Hitachi Ops Center API Configuration Manager – all versions
• Hitachi Ops Center Automator – all versions
• Hitachi Ops Center Viewpoint (Japanese version) – all versions
• Hitachi Replication Manager – versions prior to 9.0.0-00
• Hitachi Tiered Storage Manager – all versions
• Hitachi Tuning Manager – all versions

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.

• Vulnerability in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer and Hitachi Ops Center Analyzer viewpoint
• Multiple Vulnerabilities in Cosminexus
• Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center
• Hitachi Vulnerability Information

Serial number: AV26-510
Date: May 26, 2026

On May 26, 2026, ABB published a security advisory to address a vulnerability in the following product:

• PPT30 Operating System – versions prior to 1.8.0

The Cyber Centre encourages users and administrators to review the provided web links and perform the suggested mitigations.

• PPT30 OPC-UA Server has issues handling concurrent connections (CVE-2025-11482) (PDF)
• ABB Cyber security alerts and notifications

Serial number: AV26-509
Date: May 26, 2026

On May 26, 2026, Moxa published a security advisory to address vulnerabilities in the following products:

• UC-1200A/2200A/3400A/4400A/8600A/8200 Series – multiple versions and models
• V1200 Series – version MIL3 v1.2.0 and prior
• V3200 Series – version MIL3 v1.1 and prior
• V3400 Series – version MIL3 v1.1 and prior
• VM-1220 Series – version MIL3 v1.1.0 and prior
• ioThinx 4530 Series – version MIL3 v2.1 and prior
• AIG-302 Series – version v1.4.0 and prior
• AIG-502 Series – version v1.0.0
• BXP-A100 Series – version Debian 11 V1.0
• BXP-A101 Series – version Debian 12 V1.0
• DRP-A100 Series – version Debian 11 V1.0
• RKP-A110 Series – version Debian 11 V1.0
• RKP-C110 Series – version Debian 12 V1.0

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• CVE-2026-31431, CVE-2026-43284, CVE-2026-43500: Copy Fail and Dirty Frag Vulnerabilities in Linux Kernel
• Moxa Security Advisories

Serial number: AV26-508
Date: May 25, 2026                               

On May 22, 2026, cPanel published a security advisory to address a vulnerability in the following products:

• ea-nginx – version v1.31.0
• ea-nginx-passenger – version v6.1.2

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Security: CVE-2026-9256 ea-nginx v1.31.1 Security Release - May 22, 2026
• cPanel Security

Serial number: AV26-507
Date: May 25, 2026

Between May 18 and 24, 2026, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder – multiple versions and platforms
• Red Hat Enterprise Linux – multiple versions and platforms
• Red Hat Enterprise Linux Server – multiple versions and platforms
• Red Hat Enterprise Linux for Real Time – multiple versions and platforms

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Red Hat Security Advisories

Serial number: AV26–506
Date: May 25, 2026

[Control systems] CISA ICS security advisories (AV26–506)

Between May 18 and 24, 2026, CISA published ICS advisories to address vulnerabilities in the following products:

• ABB B&R Automation Runtime – versions prior to 6.4
• ABB B&R Automation Studio – versions prior to 6.5
• ABB B&R PCs – multiple versions and models
• ABB CoreSense HM – version 2.3.1 and prior
• ABB CoreSense M10 – version 1.4.1.12 and prior
• ABB Terra AC Wallbox (JP) – versions 1.8.33 and prior
• Abb B&R Automation Studio – versions prior to 6.5
• Hitachi Energy GMS600 – versions 1.3.0 to 1.3.1
• Kieback & Peter DDC Building Controllers – multiple versions and models
• ScadaBR – version 1.2.0
• Siemens RUGGEDCOM APE1808 – all versions
• ZKTeco CCTV Cameras – firmware version prior to V5.0.1.2.20260421

The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.

• CISA ICS Advisories

Serial number: AV26-505
Date: May 25, 2026

Between May 18 and 24, 2026, Ubuntu published security notices to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 18.04 LTS
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 25.10

The Cyber Centre encourages users and administrators to review the web link provided and apply the necessary updates.

• Ubuntu Security Notices

Serial number: AV26-504
Date: May 25, 2026 

Between May 18 and 24, 2026, Dell published security advisories to address vulnerabilities in multiple products:

• Dell Networking OS10 – versions prior to 10.5.6.13
• SmartFabric Storage Software – versions prior to 1.4.5
• Dell Container Storage Modules – versions 1.6.0 to 1.16.3
• Dell Container Storage Modules – versions 1.11.0 to 1.16.3

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• DSA-2026-161: Security Update for Dell Networking OS10 Vulnerabilities
• DSA-2026-235: Security Update for Dell Networking SmartFabric Storage Software Vulnerabilities
• DSA-2026-234: Security Update for Dell Container Storage Modules Hard-coded Credentials Vulnerability
• Dell Security advisories and notices

Serial number: AV26-503
Date: May 25, 2026

On May 24, 2026, Roundcube published security advisories to address vulnerabilities in the following product: 

• Roundcube Webmail – versions prior to 1.6.16
• Roundcube Webmail – versions prior to 1.7.1

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Roundcube Webmail 1.6.16
• Roundcube Webmail 1.71
• Roundcube Open Source Webmail Software

Serial number: AV26-502
Date: May 25, 2026

Between May 18 and 24, 2026, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• API Connect – versions V10.0.8.0 to 10.0.8.8
• Analyst Workflow – versions 2.0.0 to 3.0.0
• Data Cataloging – versions 2.1.8 to 2.5.1
• DevOps Test Performance – versions 11.0 to 11.0.6
• IBM App Connect Enterprise Certified Containers Operands – multiple versions
• IBM App Connect Enterprise – versions 12.0.1.0 to 12.0.12.25
• IBM App Connect Enterprise – versions 13.0.1.0 to 13.0.7.1
• IBM App Connect Operator – multiple versions
• IBM App Connect for Manufacturing – versions 13.0.0.0 to 13.0.1.0
• IBM Aspera High-Speed Transfer Endpoint – versions 3.7.4 to 4.4.7 Fix Pack 1
• IBM Aspera High-Speed Transfer Server – versions 3.7.4 to 4.4.7 Fix Pack 1
• IBM Cognos Analytics Mobile – versions 1.1.0 to 1.1.25
• IBM Data Studio client – version 4.2.2
• IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data – multiple versions
• IBM DevOps Code ClearCase – version 11.0
• IBM Fusion HCI – versions 2.10.0 to 2.12.1
• IBM Fusion – versions 2.9.0 to 2.12.1
• IBM Guardium Data Protection – versions 12.0, 12.1 and 12.2
• IBM Library Support for Spring – versions 3.2 to 3.2.25
• IBM Library Support for Spring – version 3.4 to 3.4.16
• IBM MQ Agent – version v1.0.0
• IBM Rational ClearCase – version 10.0.0
• IBM Rational ClearCase – version 9.1
• IBM SPSS Analytic Server – multiple versions
• IBM Security Verify Access OIDC Provider – versions 22.09 to 26.03
• IBM Sterling Transformation Extender – versions 11.0.1.1 and 11.0.2.0
• IBM Storage Defender - Data Protect – versions 2.0.0 to 2.1.3
• IBM Storage Defender - Resiliency Service – versions 2.0.0 to 2.1.3
• IBM Watson Speech Services Cartridge – versions 4.0.0 to 5.3.1
• IBM voice-gateway/media-relay – version 1.0.8.31
• IBM voice-gateway/sip-orchestrator – version 1.0.8.25
• IBM voice-gateway/sms-gateway – version 1.0.8.19
• IBM voice-gateway/stt-adapter – version 1.0.8.20
• IBM voice-gateway/tts-adapter – version 1.0.8.20
• IBM watsonx Code Assistant On Prem – multiple versions
• IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data – versions 4.8.4 to 4.8.5
• IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data – versions 5.0.0 to 5.3.1
• IBM watsonx Orchestrate Developer Edition – versions 1.4.0 to 2.9.0
• Langflow OSS – versions 1.0.0 to 1.9.1
• Rational Business Developer (RBD) – versions 9.6 to 9.6.1.1
• Rational Business Developer (RBD) – versions 9.7 to 9.7.1
• Rational Performance Tester – multiple versions
• SPSS Collaboration and Deployment Services – multiple versions
• z/Transaction Processing Facility – version 1.1

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• IBM Product Security Incident Response

Serial number: AV26-492
Date: May 20, 2026
Updated: May 22, 2026

On May 20, 2026, Drupal published a security advisory to address a critical vulnerability in the following product:

• Drupal Core – multiple versions

Update 1

Drupal has indicated that exploit attempts for CVE-2026-9082 are now being detected in the wild.

Update 2

On May 22, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-9082 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates or perform the suggested mitigations.

• Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
• Drupal Security Advisories
• CISA KEV: CVE-2026-9082

Serial number: AV26-501
Date: May 22, 2026

On May 22, 2026, F5 published a security advisory to address a critical vulnerability in the following products:

• NGINX Plus – multiple versions
• NGINX Open Source – multiple versions
• NGINX Instance Manager – versions 2.17.0 to 2.22.0
• F5 WAF for NGINX – versions 5.9.0 to 5.13.0
• NGINX App Protect WAF – multiple versions
• F5 DoS for NGINX – version 4.9.0
• NGINX App Protect DoS – versions 4.3.0 to 4.7.0
• NGINX Gateway Fabric – multiple versions
• NGINX Ingress Controller – multiple versions

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• K000161377: NGINX ngx_http_rewrite_module vulnerability CVE-2026-9256
• MyF5

Serial number: AV26-500
Date: May 22, 2026

On May 22, 2026, HPE published a security advisory to address vulnerabilities in the following product:

• HPE Telco Universal SLA Management – version 4.6 and prior.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• HPESBNW05058 rev.1 - HPE Telco Universal SLA Management, Multiple Vulnerabilities
• HPE Security Bulletin Library

Serial number: AV26-499
Date: May 22, 2026

On May 21, 2026, cPanel published security advisories to address vulnerabilities in the following products:

• cPanel & WebHost Manager (WHM) software – version 11.126.0.63 and later, version 11.134.0.30 and later, version 11.136.0.14 and later, WP Squared 11.138.1.1 and later
• EasyApache4 – versions prior to v25.62

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Security: CVE-2026-33278 cpanel-unbound 1.25.1 Security Release - May 21, 2026
• Security: EasyApache4 v25.62 Security Release - May 21, 2026
• cPanel Security

Serial number: AV26-498
Date: May 22, 2026

On May 21, 2026, Ubiquiti published a security advisory to address vulnerabilities in the following products. Included were critical updates for the following:

• Express – version 4.0.13 and prior
• UCG-Industrial – version 5.0.13 and prior
• UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, EFG, UDW, UDR, UDR7, Express 7, UNVR, UNVR-Pro, UNVR-Instant, ENVR, UCG-Ultra, UCG-Max and UCG-Fiber – version 5.0.16 and prior
• UDM-Beast, UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4 and UNAS-Pro-8 – version 5.1.8 and prior
• UDR-5G, ENVR-Core, UCKP, UCK and UCK-Enterprise – version 5.0.17 and prior
• UNVR-G2 and UNVR-G2-Pro – version 5.1.11 and prior
• UniFi OS Server – version 5.0.6 and prior

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Ubiquiti UniFi - Security Advisory Bulletin 064
• Ubiquiti UniFi Security Releases

Serial number: AV26-497
Date: May 22, 2026

On May 21, 2026, Microsoft published a security update to address vulnerabilities in the following product:

• Microsoft Edge Stable Channel – versions prior to 148.0.3967.83

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update.

• Microsoft Edge Stable Channel Release Notes