Serial number: AV26-517
Date: May 27, 2026

On May 27, 2026, Google published a security advisory to address vulnerabilities in the following product:

• Stable Channel Chrome for Desktop – versions prior to0.7778.216/217 (Windows), 148.0.7778.215/216 (Mac) and 148.0.7778.215 (Linux)

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates, when available.

• Google Chrome Security Advisory

Serial number: AV26-516
Date: May 27, 2026

On May 27, 2026, GitLab published a security advisory to address vulnerabilities in the following products:

• GitLab Community Edition (CE) – versions prior to 19.0.1, 18.11.4, 18.10.7
• GitLab Enterprise Edition (EE) – versions prior to 19.0.1, 18.11.4, 18.10.7

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• GitLab Patch Release: 19.0.1, 18.11.4, 18.10.7
• GitLab Releases

Serial number: AV26-515
Date: May 27, 2026

On May 27, 2026, Jenkins published a security advisory to address vulnerabilities in the following products:

• Active Directory Plugin – version 2.4.1 and prior
• AppSpider Plugin – version 1.0.17 and prior
• Bitbucket OAuth Plugin – version 0.17 and prior
• buildgraph-view Plugin – version 1.8 and prior
• Credentials Binding Plugin – version 720.v3f6decef43ea_ and prior
• Email Extension Plugin – version 1933.v45cec755423f and prior
• GitHub Integration Plugin – version 0.7.3 and prior
• Job Import Plugin – version 143.v044a_2e819b_27 and prior
• LDAP Plugin – version 807.v7d7de30930cf and prior
• Pipeline: Groovy Libraries Plugin – version 797.v90ea_a_9b_e45a_0 and prior
• Multijob Plugin – version 662.vd2e0001f6b_b_d and prior

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Jenkins Security Advisory 2026-05-27
• Jenkins Security Advisories

Serial number: AV26-514
Date: May 27, 2026

On May 27, 2026, Phoenix Contact published a security advisory to address vulnerabilities in the following products:

• AXC F – multiple models and versions prior to 2026.0.3
• BCP 9102S – versions prior to 2026.0.3
• EPC 1522 – versions prior to 2026.0.3
• RFC 4072R – versions prior to 2026.0.3
• RFC 4072S – versions prior to 2026.0.3
• VL3 UPC 2440 EDGE – versions prior to 2026.0.3
• VPLCNEXT CONTROL – multiple models and versions prior to 2026.0.3

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates, once available.

• VDE-2026-050: Phoenix Contact: PLCnext Firmware Security Issues Related to APPs and Configuration Files (PDF)
• Phoenix Contact Security Advisories

Serial number: AV26-513
Date: May 27, 2026

On May 27, 2026, Veeam published security advisories to address vulnerabilities in the following products:

• Veeam Backup & Replication – 13 versions prior to 13.0.2.29
• Veeam ONE – versions prior to 13.0.2.6723
• Veeam Service Provider Console – 9.2 versions prior to 9.2.1.33875

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Vulnerabilities Resolved in Veeam Backup & Replication 13.0.2
• List of Security Fixes and Improvements in Veeam Service Provider Console
• List of Security Fixes and Improvements in Veeam ONE
• Vulnerability Resolved in Veeam Service Provider Console 9.2.1
• Veeam Knowledge Base

Serial number: AV26-456
Date: May 12, 2026
Updated: May 27, 2026

On May 12, 2026, Microsoft published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products:

• .NET 10.0 installed on Linux
• .NET 10.0 installed on Mac OS
• .NET 10.0 installed on Windows
• .NET 8.0 installed on Linux
• .NET 8.0 installed on Mac OS
• .NET 8.0 installed on Windows
• .NET 9.0 installed on Linux
• .NET 9.0 installed on Mac OS
• .NET 9.0 installed on Windows
• Azure AI Foundry
• Azure Cloud Shell
• Azure Connected Machine Agent
• Azure DevOps
• Azure Logic Apps
• Azure Machine Learning
• Azure Managed Instance for Apache Cassandra
• Azure Monitor Action Group notification system
• Azure Monitor Agent
• Azure Monitor Agent Metrics Extension
• Azure SDK for Java
• Copilot Chat (Microsoft Edge)
• Dynamics 365 Customer Insights
• M365 Copilot for Desktop
• Microsoft .NET Framework 3.5
• Microsoft .NET Framework 3.5 AND 4.7.2
• Microsoft .NET Framework 3.5 AND 4.8
• Microsoft .NET Framework 3.5 AND 4.8.1
• Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
• Microsoft .NET Framework 4.8
• Microsoft 365
• Microsoft 365 Copilot for Android
• Microsoft 365 Copilot's Business Chat
• Microsoft Confluence SAML SSO plugin
• Microsoft Data Formulator
• Microsoft Dynamics 365
• Microsoft Dynamics 365 Business Central
• Microsoft Edge (Chromium-based)
• Microsoft Enterprise Security Token Service (ESTS)
• Microsoft Excel 2016
• Microsoft Excel for Android
• Microsoft JIRA SAML SSO plugin
• Microsoft Office 2016
• Microsoft Office 2019
• Microsoft Office LTSC 2021
• Microsoft Office LTSC 2024
• Microsoft Office LTSC for Mac 2021
• Microsoft Office LTSC for Mac 2024
• Microsoft Office for Android
• Microsoft Outlook for iOS
• Microsoft Partner Center
• Microsoft PowerPoint for Android
• Microsoft SQL Server 2016
• Microsoft SQL Server 2017
• Microsoft SQL Server 2019
• Microsoft SQL Server 2022
• Microsoft SQL Server 2025
• Microsoft SharePoint Enterprise Server 2016
• Microsoft SharePoint Server 2019
• Microsoft SharePoint Server Subscription Edition
• Microsoft Teams
• Microsoft Teams for Android
• Microsoft Visual Studio 2017
• Microsoft Visual Studio 2019
• Microsoft Visual Studio 2022
• Microsoft Visual Studio 2026
• Microsoft Word 2016
• Microsoft Word for Android
• Office Online Server
• Power Automate for Desktop
• Visual Studio Code
• Visual Studio Code - Live Preview extension
• Windows 10
• Windows 11
• Windows Admin Center
• Windows Admin Center in Azure Portal
• Windows Server 2012
• Windows Server 2016
• Windows Server 2019
• Windows Server 2025

Update 1

On May 21, 2026, Microsoft published an out-of-band (OOB) security update to address CVE-2026-45659, an additional vulnerability impacting Microsoft SharePoint Enterprise Server 2019, Microsoft SharePoint Server 2016 and Microsoft SharePoint Server Subscription Edition. The CVE was inadvertently omitted from the May 2026 Security Updates.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• May 2026 Security Updates
• Security Update Guide
• Microsoft SharePoint Remote Code Execution Vulnerability CVE-2026-45659

Serial number: AV26-512
Date: May 27, 2026

On May 26, 2026, GitHub published security advisories to address vulnerabilities in the following products:

• GitHub Enterprise Server – versions 3.20.x prior to 3.20.3
• GitHub Enterprise Server – versions 3.19.x prior to 3.19.7
• GitHub Enterprise Server – versions 3.18.x prior to 3.18.10
• GitHub Enterprise Server – versions 3.17.x prior to 3.17.16
• GitHub Enterprise Server – versions 3.16.x prior to 3.16.19

GitHub has stated that future patches and releases will be signed with a new public key, and customers will need to rotate to the new key before those patches and releases can be installed.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Enterprise Server 3.20.3
• Enterprise Server 3.19.7
• Enterprise Server 3.18.10
• Enterprise Server 3.17.16
• Enterprise Server 3.16.19
• Investigation update: GitHub Enterprise Server signing key rotation

Serial number: AV26-511
Date: May 27, 2026

On May 26, 2026, Hitachi published security advisories to address vulnerabilities in the following products:

• Cosminexus Developer's Kit for Java
• Hitachi Automation Director – all versions
• Hitachi Configuration Manager – all versions
• Hitachi Compute Systems Manager – all versions
• Hitachi Developer's Kit for Java
• Hitachi Device Manager – all versions
• Hitachi Dynamic Link Manager – versions prior to 9.0.0-00
• Hitachi Global Link Manager – all versions
• Hitachi Infrastructure Analytics Advisor (English version) – multiple components and versions
• Hitachi Ops Center Administrator (English version) – all versions
• Hitachi Ops Center Analyzer (English Version) – multiple components and versions
• Hitachi Ops Center Analyzer Common Services – all versions
• Hitachi Ops Center Analyzer Viewpoint (English version) – versions 10.8.1-00 to versions prior to 11.0.8-00
• Hitachi Ops Center API Configuration Manager – all versions
• Hitachi Ops Center Automator – all versions
• Hitachi Ops Center Viewpoint (Japanese version) – all versions
• Hitachi Replication Manager – versions prior to 9.0.0-00
• Hitachi Tiered Storage Manager – all versions
• Hitachi Tuning Manager – all versions

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.

• Vulnerability in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer and Hitachi Ops Center Analyzer viewpoint
• Multiple Vulnerabilities in Cosminexus
• Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center
• Hitachi Vulnerability Information

Serial number: AV26-510
Date: May 26, 2026

On May 26, 2026, ABB published a security advisory to address a vulnerability in the following product:

• PPT30 Operating System – versions prior to 1.8.0

The Cyber Centre encourages users and administrators to review the provided web links and perform the suggested mitigations.

• PPT30 OPC-UA Server has issues handling concurrent connections (CVE-2025-11482) (PDF)
• ABB Cyber security alerts and notifications

Serial number: AV26-509
Date: May 26, 2026

On May 26, 2026, Moxa published a security advisory to address vulnerabilities in the following products:

• UC-1200A/2200A/3400A/4400A/8600A/8200 Series – multiple versions and models
• V1200 Series – version MIL3 v1.2.0 and prior
• V3200 Series – version MIL3 v1.1 and prior
• V3400 Series – version MIL3 v1.1 and prior
• VM-1220 Series – version MIL3 v1.1.0 and prior
• ioThinx 4530 Series – version MIL3 v2.1 and prior
• AIG-302 Series – version v1.4.0 and prior
• AIG-502 Series – version v1.0.0
• BXP-A100 Series – version Debian 11 V1.0
• BXP-A101 Series – version Debian 12 V1.0
• DRP-A100 Series – version Debian 11 V1.0
• RKP-A110 Series – version Debian 11 V1.0
• RKP-C110 Series – version Debian 12 V1.0

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• CVE-2026-31431, CVE-2026-43284, CVE-2026-43500: Copy Fail and Dirty Frag Vulnerabilities in Linux Kernel
• Moxa Security Advisories

Serial number: AV26-508
Date: May 25, 2026                               

On May 22, 2026, cPanel published a security advisory to address a vulnerability in the following products:

• ea-nginx – version v1.31.0
• ea-nginx-passenger – version v6.1.2

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Security: CVE-2026-9256 ea-nginx v1.31.1 Security Release - May 22, 2026
• cPanel Security

Serial number: AV26-507
Date: May 25, 2026

Between May 18 and 24, 2026, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder – multiple versions and platforms
• Red Hat Enterprise Linux – multiple versions and platforms
• Red Hat Enterprise Linux Server – multiple versions and platforms
• Red Hat Enterprise Linux for Real Time – multiple versions and platforms

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Red Hat Security Advisories

Serial number: AV26–506
Date: May 25, 2026

[Control systems] CISA ICS security advisories (AV26–506)

Between May 18 and 24, 2026, CISA published ICS advisories to address vulnerabilities in the following products:

• ABB B&R Automation Runtime – versions prior to 6.4
• ABB B&R Automation Studio – versions prior to 6.5
• ABB B&R PCs – multiple versions and models
• ABB CoreSense HM – version 2.3.1 and prior
• ABB CoreSense M10 – version 1.4.1.12 and prior
• ABB Terra AC Wallbox (JP) – versions 1.8.33 and prior
• Abb B&R Automation Studio – versions prior to 6.5
• Hitachi Energy GMS600 – versions 1.3.0 to 1.3.1
• Kieback & Peter DDC Building Controllers – multiple versions and models
• ScadaBR – version 1.2.0
• Siemens RUGGEDCOM APE1808 – all versions
• ZKTeco CCTV Cameras – firmware version prior to V5.0.1.2.20260421

The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.

• CISA ICS Advisories

Serial number: AV26-505
Date: May 25, 2026

Between May 18 and 24, 2026, Ubuntu published security notices to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 18.04 LTS
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 25.10

The Cyber Centre encourages users and administrators to review the web link provided and apply the necessary updates.

• Ubuntu Security Notices

Serial number: AV26-504
Date: May 25, 2026 

Between May 18 and 24, 2026, Dell published security advisories to address vulnerabilities in multiple products:

• Dell Networking OS10 – versions prior to 10.5.6.13
• SmartFabric Storage Software – versions prior to 1.4.5
• Dell Container Storage Modules – versions 1.6.0 to 1.16.3
• Dell Container Storage Modules – versions 1.11.0 to 1.16.3

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• DSA-2026-161: Security Update for Dell Networking OS10 Vulnerabilities
• DSA-2026-235: Security Update for Dell Networking SmartFabric Storage Software Vulnerabilities
• DSA-2026-234: Security Update for Dell Container Storage Modules Hard-coded Credentials Vulnerability
• Dell Security advisories and notices

Serial number: AV26-503
Date: May 25, 2026

On May 24, 2026, Roundcube published security advisories to address vulnerabilities in the following product: 

• Roundcube Webmail – versions prior to 1.6.16
• Roundcube Webmail – versions prior to 1.7.1

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Roundcube Webmail 1.6.16
• Roundcube Webmail 1.71
• Roundcube Open Source Webmail Software

Serial number: AV26-502
Date: May 25, 2026

Between May 18 and 24, 2026, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• API Connect – versions V10.0.8.0 to 10.0.8.8
• Analyst Workflow – versions 2.0.0 to 3.0.0
• Data Cataloging – versions 2.1.8 to 2.5.1
• DevOps Test Performance – versions 11.0 to 11.0.6
• IBM App Connect Enterprise Certified Containers Operands – multiple versions
• IBM App Connect Enterprise – versions 12.0.1.0 to 12.0.12.25
• IBM App Connect Enterprise – versions 13.0.1.0 to 13.0.7.1
• IBM App Connect Operator – multiple versions
• IBM App Connect for Manufacturing – versions 13.0.0.0 to 13.0.1.0
• IBM Aspera High-Speed Transfer Endpoint – versions 3.7.4 to 4.4.7 Fix Pack 1
• IBM Aspera High-Speed Transfer Server – versions 3.7.4 to 4.4.7 Fix Pack 1
• IBM Cognos Analytics Mobile – versions 1.1.0 to 1.1.25
• IBM Data Studio client – version 4.2.2
• IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data – multiple versions
• IBM DevOps Code ClearCase – version 11.0
• IBM Fusion HCI – versions 2.10.0 to 2.12.1
• IBM Fusion – versions 2.9.0 to 2.12.1
• IBM Guardium Data Protection – versions 12.0, 12.1 and 12.2
• IBM Library Support for Spring – versions 3.2 to 3.2.25
• IBM Library Support for Spring – version 3.4 to 3.4.16
• IBM MQ Agent – version v1.0.0
• IBM Rational ClearCase – version 10.0.0
• IBM Rational ClearCase – version 9.1
• IBM SPSS Analytic Server – multiple versions
• IBM Security Verify Access OIDC Provider – versions 22.09 to 26.03
• IBM Sterling Transformation Extender – versions 11.0.1.1 and 11.0.2.0
• IBM Storage Defender - Data Protect – versions 2.0.0 to 2.1.3
• IBM Storage Defender - Resiliency Service – versions 2.0.0 to 2.1.3
• IBM Watson Speech Services Cartridge – versions 4.0.0 to 5.3.1
• IBM voice-gateway/media-relay – version 1.0.8.31
• IBM voice-gateway/sip-orchestrator – version 1.0.8.25
• IBM voice-gateway/sms-gateway – version 1.0.8.19
• IBM voice-gateway/stt-adapter – version 1.0.8.20
• IBM voice-gateway/tts-adapter – version 1.0.8.20
• IBM watsonx Code Assistant On Prem – multiple versions
• IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data – versions 4.8.4 to 4.8.5
• IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data – versions 5.0.0 to 5.3.1
• IBM watsonx Orchestrate Developer Edition – versions 1.4.0 to 2.9.0
• Langflow OSS – versions 1.0.0 to 1.9.1
• Rational Business Developer (RBD) – versions 9.6 to 9.6.1.1
• Rational Business Developer (RBD) – versions 9.7 to 9.7.1
• Rational Performance Tester – multiple versions
• SPSS Collaboration and Deployment Services – multiple versions
• z/Transaction Processing Facility – version 1.1

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• IBM Product Security Incident Response

Serial number: AV26-492
Date: May 20, 2026
Updated: May 22, 2026

On May 20, 2026, Drupal published a security advisory to address a critical vulnerability in the following product:

• Drupal Core – multiple versions

Update 1

Drupal has indicated that exploit attempts for CVE-2026-9082 are now being detected in the wild.

Update 2

On May 22, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-9082 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates or perform the suggested mitigations.

• Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
• Drupal Security Advisories
• CISA KEV: CVE-2026-9082

Serial number: AV26-501
Date: May 22, 2026

On May 22, 2026, F5 published a security advisory to address a critical vulnerability in the following products:

• NGINX Plus – multiple versions
• NGINX Open Source – multiple versions
• NGINX Instance Manager – versions 2.17.0 to 2.22.0
• F5 WAF for NGINX – versions 5.9.0 to 5.13.0
• NGINX App Protect WAF – multiple versions
• F5 DoS for NGINX – version 4.9.0
• NGINX App Protect DoS – versions 4.3.0 to 4.7.0
• NGINX Gateway Fabric – multiple versions
• NGINX Ingress Controller – multiple versions

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• K000161377: NGINX ngx_http_rewrite_module vulnerability CVE-2026-9256
• MyF5

Serial number: AV26-500
Date: May 22, 2026

On May 22, 2026, HPE published a security advisory to address vulnerabilities in the following product:

• HPE Telco Universal SLA Management – version 4.6 and prior.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• HPESBNW05058 rev.1 - HPE Telco Universal SLA Management, Multiple Vulnerabilities
• HPE Security Bulletin Library

Serial number: AV26-499
Date: May 22, 2026

On May 21, 2026, cPanel published security advisories to address vulnerabilities in the following products:

• cPanel & WebHost Manager (WHM) software – version 11.126.0.63 and later, version 11.134.0.30 and later, version 11.136.0.14 and later, WP Squared 11.138.1.1 and later
• EasyApache4 – versions prior to v25.62

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Security: CVE-2026-33278 cpanel-unbound 1.25.1 Security Release - May 21, 2026
• Security: EasyApache4 v25.62 Security Release - May 21, 2026
• cPanel Security

Serial number: AV26-498
Date: May 22, 2026

On May 21, 2026, Ubiquiti published a security advisory to address vulnerabilities in the following products. Included were critical updates for the following:

• Express – version 4.0.13 and prior
• UCG-Industrial – version 5.0.13 and prior
• UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, EFG, UDW, UDR, UDR7, Express 7, UNVR, UNVR-Pro, UNVR-Instant, ENVR, UCG-Ultra, UCG-Max and UCG-Fiber – version 5.0.16 and prior
• UDM-Beast, UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4 and UNAS-Pro-8 – version 5.1.8 and prior
• UDR-5G, ENVR-Core, UCKP, UCK and UCK-Enterprise – version 5.0.17 and prior
• UNVR-G2 and UNVR-G2-Pro – version 5.1.11 and prior
• UniFi OS Server – version 5.0.6 and prior

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Ubiquiti UniFi - Security Advisory Bulletin 064
• Ubiquiti UniFi Security Releases

Serial number: AV26-497
Date: May 22, 2026

On May 21, 2026, Microsoft published a security update to address vulnerabilities in the following product:

• Microsoft Edge Stable Channel – versions prior to 148.0.3967.83

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update.

• Microsoft Edge Stable Channel Release Notes

Serial number: AV26-494
Date: May 21, 2026

On May 21, 2026, Trend Micro published a security advisory to address vulnerabilities in the following products:

• Apex One (on-premise) – server/agent builds prior to 2019 (on-prem) build 17079
• Apex One as a service – SaaS
• Trend Vision One Endpoint - SEP – agent builds prior to 14.0.20731

Update 1

On May 21, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-34926 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• ITW SECURITY BULLETIN: Apex One and Vision One – Standard Endpoint Protection (SEP) May 2026 Security Bulletin
• Trend Micro Business Success Vulnerability Response
• CISA KEV: CVE-2026-34926

Serial number: AV26-496
Date: May 21, 2026

On May 21, 2026, ConnectWise published a security advisory to address a vulnerability in the following product:

• ConnectWise Automate – versions prior to 2026.5

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• ConnectWise Automat 2026.5 Security Update
• ConnectWise - Security Bulletins

Serial number: AV26-495
Date: May 21, 2026

On May 20, 2026, FreeBSD published security advisories to address vulnerabilities in the following product:

• FreeBSD – all supported versions

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• FreeBSD Security Advisories

Serial number: AV26-493
Date: May 20, 2026

On May 20, 2026, Splunk published security advisories to address vulnerabilities in the following products. Included were critical updates for the following:

• Splunk User Behavior Analytics – versions prior to 5.4.5
• Splunk AppDynamics Machine Agent – versions prior to 26.4.0
• Splunk AppDynamics Java Agent – versions prior to 26.4.0
• Splunk AppDynamics Private Synthetic Agent – versions prior to 26.4.0
• Splunk AppDynamics Python Agent – versions prior to 26.4.1
• Splunk AppDynamics Cluster Agent – versions prior to 26.4.0
• Splunk AppDynamics Database Agent – versions prior to 26.4.0
• Splunk AppDynamics Analytics Agent – versions prior to 26.4.0
• Splunk AppDynamics Apache Web Server Agent – versions prior to 25.11.1
• Splunk Universal Forwarder – versions 9.4.0 to 9.4.10
• Splunk Enterprise – multiple versions and platforms
• Splunk Cloud Platform – multiple versions and platforms
• Splunk AI Toolkit – versions prior to 5.7.3

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Splunk Security Advisories

Serial number: AV26-491
Date: May 20, 2026

On May 20, 2026, Cisco published security advisories to address vulnerabilities in multiple products. Included was a critical update for the following:

• Cisco Secure Workload – version 3.9 and prior
• Cisco Secure Workload – versions prior to 3.10.8.3
• Cisco Secure Workload – versions prior to 4.0.3.17

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Cisco Secure Workload Unauthorized API Access Vulnerability
• Cisco Security Advisories

Serial number: AV26-490
Date: May 20, 2026

On May 20, 2026, ISC published security advisories to address vulnerabilities in the following products:

• ISC BIND 9 – versions 9.0.0 to 9.16.50
• ISC BIND 9 – versions 9.18.0 to 9.18.48
• ISC BIND 9 – versions 9.20.0 to 9.20.22
• ISC BIND 9 – versions 9.21.0 to 9.21.21
• BIND Supported Preview Edition – versions 9.9.3-S1 to 9.16.50-S1
• BIND Supported Preview Edition – versions 9.18.11-S1 to 9.18.48-S1
• BIND Supported Preview Edition – versions 9.20.9-S1 to 9.20.22-S1

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY negotiation
• CVE-2026-5947: SIG(0) validation during query flood may lead to undefined behavior
• CVE-2026-5946: Invalid handling of CLASS != IN
• CVE-2026-3593: Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation
• BIND 9 Security Vulnerability Matrix

Serial number: AV26-489
Date: May 20, 2026

On May 18 and 19, 2026, Microsoft published security advisories to address vulnerabilities, including some critical ones, in the following products:

• Microsoft Azure Local
• Microsoft Azure Resource Manager
• Microsoft Azure Portal Windows Admin Center
• Microsoft Bitlocker
• Microsoft Malware Protection Engine – versions prior to 1.1.26040.8
• Microsoft Defender – versions prior to 4.18.26040.7

On May 20, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-41091 and CVE-2026-45498 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates, when available.

• Azure Local Disconnected Operations (ALDO) Elevation of Privilege Vulnerability
• Microsoft Defender Remote Code Execution Vulnerability
• Microsoft Defender Elevation of Privilege Vulnerability
• CISA KEV: CVE-2026-41091
• CISA KEV: CVE-2026-45498

Serial number: AV26-488
Date: May 20, 2026

On May 19, 2026, cPanel published security advisories to address vulnerabilities in the following product:

• cPanel & WebHost Manager (WHM) software – version 11.86.0.45, 11.94.0.32, 11.102.0.43, 11.110.0.120 (cl6110), 11.110.0.121, 11.118.0.68, 11.124.0.41, 11.126.0.62, 11.130.0.26, 11.132.0.35, 11.134.0.29, 11.136.0.13 and WP Squared 11.136.1.16 and prior

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Security: SEC-73728 cPanel & WHM / WP2 Security Update - May 19, 2026
• Security: SEC-73755 cPanel & WHM / WP2 Security Update - May 19, 2026
• cPanel Support Topics

Serial number: AV26-487
Date: May 20, 2026

On May 19, 2026, HPE published a security advisory to address a vulnerability in the following product:

• HPE Aruba Networking Management Software (Airwave) – version 8.3.0.6 and prior
• HPE Aruba Networking AOS-CX – multiple versions
• HPE Aruba Networking EdgeConnect Orchestrator – all versions
• HPE Aruba Networking Analytics and Location Engine (ALE) – all versions
• HPE Aruba Networking Meridian Asset Tracking – all versions

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• HPESBNW05059 rev.1 - Status of Copy Fail Vulnerability on HPE Aruba Networking Products (CVE-2026-31431)
• HPE Security Bulletin Library

Serial number: AV26-486
Date: May 20, 2026

On May 19, 2026, Google published a security advisory to address vulnerabilities in the following product:

• Stable Channel Chrome for Desktop – versions prior to 148.0.7778.178/179 (Windows/Mac) and 148.0.7778.178 (Linux)

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates, when available.

• Google Chrome Security Advisory

Serial number: AV26-485
Date: May 20, 2026

On May 19, 2026, F5 published a security advisory to address a critical vulnerability in the following product:

• NGINX JavaScript (njs) – versions 0.9.4 to 0.9.8

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• K000161307: NGINX ngx_http_js_module vulnerability CVE-2026-8711
• MyF5

Serial number: AV26-484
Date: May 20, 2026

On May 19, 2026, FreePBX published security advisories to address vulnerabilities in the following products:

• FreePBX Security-Reporting cdr (FreePBX 16) – versions 16.0.50 and prior
• FreePBX Security-Reporting cdr (FreePBX 17) – versions 17.0.11 and prior
• FreePBX Security-Reporting dashboard (FreePBX 16) – versions 16.0.22 and prior
• FreePBX Security-Reporting dashboard (FreePBX 17) – versions 17.0.5 and prior

The Cyber Centre encourages users and administrators to review the web links provided, apply the necessary updates and perform the suggested mitigations.

• Authenticated SQL Injection via ORDER BY in CDR Reports
• Authenticated Local File Inclusion in Dashboard Module
• FreePBX Security Advisories

Serial number: AV26-483
Date: May 19, 2026

On May 19, 2026, Atlassian published a security advisory to address vulnerabilities, including some critical ones, in the following products:

• Bamboo Data Center and Server - multiple versions
• Bitbucket Data Center and Server - multiple versions
• Confluence Data Center and Server - multiple versions
• Fisheye/Crucible - versions 4.9.0 to 4.9.9
• Jira Data Center and Server - multiple versions
• Jira Service Management Data Center and Server - multiple versions

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Security Bulletin - May 19 2026
• Atlassian Security Advisories and Bulletins

Serial number: AV26-482
Date: May 19, 2026

Between May 11 and 17, 2026, Ubuntu published security notices to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 16.04 LTS
• Ubuntu 18.04 LTS
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS

The Cyber Centre encourages users and administrators to review the web links provided and apply the necessary updates.

• USN-8257-1: Linux kernel (Raspberry Pi) vulnerabilities (25.01)
• USN-8255-1: Linux kernel vulnerabilities (22.04, 20.04)
• USN-8258-1: Linux kernel (Azure) vulnerabilities
• Ubuntu Security Notices

Serial number: AV26-481
Date: May 19, 2026

Between May 11 and 17, 2026, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms
• Red Hat Enterprise Linux for Real Time - multiple versions and platforms

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Red Hat Security Advisories

Serial number: AV26-480
Date: May 19, 2026

Between May 11 and 17, 2026, Dell published security advisories to address vulnerabilities in multiple products:

• Dell Enterprise Sonic Distribution - versions prior to 4.5.3
• Dell Live Optics Collector) - versions prior to 27.1.10.1
• Intel 800 Series Ethernet Adapters - versions prior to 30.5.0.13
• Dell PowerEdge with AMD Graphics - multiple models and versions
• PowerScale InsightIQ - versions 5.0.0 to 6.2.0

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Dell Security advisories and notices

Serial number: AV26-479
Date: May 19, 2026

Between May 11 and 17, 2026, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• IBM Robotic Process Automation for Cloud Pak - versions 23.0.0 to 23.0.20.5
• IBM Robotic Process Automation for Cloud Pak - versions 30.0.0 to 30.0.1
• IBM Operator for Apache Flink - versions 1.0.0 to 1.5.1
• IBM App Connect Enterprise - versions 13.0.1.0 to 13.0.7.1
• IBM App Connect Enterprise - versions 12.0.1.0 to 12.0.12.25
• ICP Discovery - versions 5.0.0 to 5.3.1
• IBM Operational Decision Manager - multiple versions
• IBM Cloudera Data Platform Private Could Base - versions 7.1.9, 7.3.1 and 7.3.2
• IBM Data Virtualization on Cloud Pak for Data - multiple versions
• IBM Fusion - versions 2.9.0 to 2.12.1
• IBM Fusion HCI - versions 2.10.0 to 2.12.1
• Content-Aware Storage - versions 1.1.2 to 1.1.3
• IBM Engineering AI Hub - versions 1.0.0 and 1.1.0
• IBM Integration Bus for z/OS - versions 10.1.0.0 to 10.1.0.7
• IBM MQ Operator - multiple versions and models
• IBM supplied MQ Advanced container images - multiple versions and models
• IBM Open SDK for Rust on AIX - versions 1.90.0.0, 1.90.0.1, 1.92.0.0 and 1.92.0.1
• IBM Watson Knowledge Catalog on prem - versions 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1.0, 5.1.1, 5.1.2 and 5.1.3
• IBM Watson Query on Cloud Pak for Data - version 2.2
• IBM Big SQL on Cloud Pak for data - multiple versions
• Platform Navigator in IBM Cloud Pak for Integration (CP4I) - multiple versions
• Automation Assets in IBM Cloud Pak for Integration (CP4I) - multiple versions

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• IBM Product Security Incident Response

Serial number: AV26-478
Date: May 19, 2026

On May 19, 2026, Mozilla published security advisories to address vulnerabilities in the following products:

• Firefox - versions prior to 151
• Firefox ESR - versions prior to 115.36
• Firefox ESR - versions prior to 140.11

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Mozilla Foundation Security Advisory 2026-46
• Mozilla Foundation Security Advisory 2026-47
• Mozilla Foundation Security Advisory 2026-48
• Mozilla Security Advisories

Serial number: AV26-477
Date: May 19, 2026

HPE security advisory (AV26-477) On May 18, 2026, HPE published a security advisory to address a critical vulnerability in the following product:

• HPE Unified OSS Console (UOC) – version 3.1.20 and prior

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• HPESBNW05056 rev.1 - HPE Unified OSS Console Assurance Monitoring (UOCAM), Multiple Vulnerabilities
• HPE Security Bulletin Library

Serial number: AV26-476
Date: May 19, 2026

On May 15, 2026, Microsoft published a security update to address vulnerabilities in the following product:

• Microsoft Edge Stable Channel - versions prior to 148.0.3967.70

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update.

• Microsoft Edge Stable Channel Release Notes

Serial number: AV26-475
Date: May 19, 2026

Between May 11 and 17, 2026, CISA published ICS advisories to address vulnerabilities in the following products:

• ABB AC500 V3 - firmware version PM5xxx 3.9.0 and 3.9.0_HF1
• ABB AC500 V3 - versions prior to 3.9.0
• ABB Automation Builder Gateway - versions prior to 2.9.0
• ABB WebPro SNMP Card PowerValue - versions prior to 1.1.8.k and 1.1.8.p
• Fuji Electric Tellus - version 5.0.2
• Siemens Industrial Devices - multiple models and versions
• Siemens Opcenter RDnL - all versions
• Siemens Ruggedcom Rox MX/RX models - versions prior to 2.17.1
• Siemens SENTRON 7KT PAC1261 Data Manager - versions prior to 2.1.0
• Siemens SIMATIC CN 4100 - versions prior to 5.0
• Siemens SIMATIC S7 PLC Web Server - multiple versions and models
• Siemens SIMATIC - multiple versions and models
• Siemens SIPROTEC 5 - multiple versions and models
• Siemens Siemens ROS# - versions prior to 2.2.2
• Siemens Simcenter Femap - versions prior to 2512.0003
• Siemens Solid Edge - versions prior to 226.0.5
• Siemens Teamcenter - multiple versions and models
• Siemens gWAP - versions prior to 3.1.1
• Subnet Solutions PowerSYSTEM Center - multiple versions and models
• Universal Robots Polyscope 5 - versions prior to 5.25.1

The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.

• CISA ICS Advisories

Serial number: AV26–474
Date: May 15, 2026

On May 15, 2026, FreePBX published a security advisory to address a critical vulnerability in the following products:

• FreePBX Security-Reporting userman (FreePBX 16) – versions 16.0.45 and prior
• FreePBX Security-Reporting userman (FreePBX 17) – versions 17.0.7 and prior

The Cyber Centre encourages users and administrators to review the web links provided, apply the necessary updates and perform the suggested mitigations.

• Unauthenticated Use of Hard-Coded Credentials Vulnerability in Free PBX UCP Interface
• FreePBX Security Advisories

Serial number: AV26-473
Date: May 15, 2026

On May 14, 2026, Microsoft published a security advisory to address a critical vulnerability in the following products:

• Microsoft Exchange Server 2016 on premises versions (any update level)
• Microsoft Exchange Server 2019 on premises versions (any update level)
• Exchange Server Subscription Edition (SE) on premises versions (any update level)

Microsoft is aware of limited exploitation of CVE-2026-42897.

Update 1

On May 15, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-42897 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates, when available.

• Microsoft Exchange Server Spoofing Vulnerability CVE-2026-42897 Security Vulnerability
• Exchange Emergency Mitigation (EM) service
• Exchange Team Blog - Addressing Exchange Server May 2026 vulnerability CVE-2026-42897
• CISA KEV: CVE-2026-42897

Number: AL26-012
Date: May 15, 2026

Audience

This Alert is intended for IT professionals and managers.

Purpose

An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The Canadian Centre for Cyber Security ("Cyber Centre") is also available to provide additional assistance regarding the content of this Alert to recipients as requested.

Details

The Canadian Centre for Cyber Security (Cyber Centre) is aware of active exploitation^{1Footnote 2} of Cisco Catalyst Software-Defined Wide Area Network (SD-WAN) devices ^{Footnote 3}. In response to the Cisco security advisory released on May 14, 2026^{Footnote 4}, the Cyber Centre issued AV26-471^{Footnote 5} on May 14, 2026.

Tracked as CVE-2026-20182 ^{Footnote 6}, this vulnerability is a critical Improper authentication vulnerability (CWE-287)^{Footnote 7} affecting the peering authentication process of Cisco Catalyst SD-WAN Controller (formerly SD-WAN vSmart) and Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage). It could allow an unauthenticated, remote attacker to bypass authentication, elevate privileges, and obtain administrative privileges on affected systems.

Cisco Catalyst SD-WAN Controller systems accessible from the internet, particularly those with exposed network ports, are at risk of exposure to compromise.

This vulnerability affects Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager, regardless of device configuration. The vulnerability affects all deployment types, including:

• On-Prem Deployment
• Cisco SD-WAN Cloud-Pro
• Cisco SD-WAN Cloud - Cisco Managed
• Cisco SD-WAN for Government - FedRAMP Environment

The Cyber Centre is aware of incidents involving CVE-2026-20182; with reported attempts of SSH keys being added, NETCONF configurations being modified and escalation to root privileges. This allowed multiple follow-up actions including administrative access, persistence and long-term access to SD-WAN networks.

Cisco has also noted the continued exploitation of Cisco Catalyst SD-WAN vulnerabilities CVE-2026-20133, CVE-2026-20128 and CVE-2026-20122 previously reported in February 2026 ^{Footnote 8}. The Cyber Centre released AL26-004 ^{Footnote 9} at that time highlighting the issue.

Suggested actions

The Cyber Centre recommends that organizations upgrade affected Cisco Catalyst SD-WAN instances to a fixed version:

Cisco has also addressed this vulnerability in Cisco SD-WAN Cloud (Cisco Managed) Release 20.15.506, which is cloud based. No user action is required. Customers can determine the current remediation status or software version by using the Help function in the service GUI^{Footnote 4}.

The Cyber Centre also recommends organizations to:

• Review the Cisco advisory^{Footnote 4} and the Talos Intelligence article^{Footnote 1} to identify if indicators of compromise are present on their devices.
• Cisco states to preserve possible indicators of compromise, customers should issue the request admin-tech command from each of the control components in the SD-WAN deployment before upgrading^{Footnote 4Footnote 10}.
• Collect artifacts, including virtual snapshots and logs from SD-WAN technology.
• Fully patch SD-WAN technology including those that are affected by CVE-2026-20182.
• Implement recommendations from the Cisco SD-WAN hardening guide^{Footnote 11}.

In addition, the Cyber Centre strongly recommends that organizations review and implement the Cyber Centre’s Top 10 IT Security Actions with an emphasis on the following topics^{Footnote 12}.

• Consolidating, monitoring, and defending Internet gateways
• Patch operating systems and applications
• Harden operating systems and applications
• Isolate web-facing applications

Should activity matching the content of this alert be discovered, recipients are encouraged to report via My Cyber Portal or email contact@cyber.gc.ca.

References

Serial number: AV26-472
Date: May 14, 2026

On May 14, 2026, Tenable published a security advisory to address critical vulnerabilities in the following product:

• Tenable Network Monitor – versions prior to 6.5.4

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• [R1] Tenable Network Monitor 6.5.4 Fixes Multiple Vulnerabilities
• Tenable Product Security Advisories

Serial number: AV26-471
Date: May 14, 2026

On May 14, 2026, Cisco published security advisories to address critical vulnerabilities in the following products:

• Cisco Catalyst SD-WAN Release – versions 20.9 and prior
• Cisco Catalyst SD-WAN Release – versions 20.10 and prior
• Cisco Catalyst SD-WAN Release – versions 20.11 and prior
• Cisco Catalyst SD-WAN Release – versions 20.12 and prior
• Cisco Catalyst SD-WAN Release – versions 20.13 and prior
• Cisco Catalyst SD-WAN Release – versions 20.14 and prior
• Cisco Catalyst SD-WAN Release – versions 20.15 and prior
• Cisco Catalyst SD-WAN Release – versions 20.16 and prior
• Cisco Catalyst SD-WAN Release – versions 20.18 and prior
• Cisco Catalyst SD-WAN Release – versions 26.1 and prior

Cisco is aware of limited exploitation of CVE-2026-20182.

On May 14, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-20182 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
• Cisco Catalyst SD-WAN Manager Vulnerabilities
• Cisco Security Advisories
• CISA KEV: CVE-2026-20182

Serial number: AV26-470
Date: May 14, 2026

On May 14, 2026, PostgreSQL published a security advisory to address vulnerabilities in the following products:

• PostgreSQL – 14.x versions prior to 14.23
• PostgreSQL – 15.x versions prior to 15.18
• PostgreSQL – 16.x versions prior to 16.14
• PostgreSQL – 17.x versions prior to 17.10
• PostgreSQL – 18.x versions prior to 18.4

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 Released!
• PostgreSQL Security Information