Serial number: AV26-387
Date: April 23, 2026

On April 23, 2026, Tenable published a security advisory to address a vulnerability in the following products:

• Nessus Agent – versions prior to 11.1.3
• Nessus – versions prior to 10.11.4 and versions prior to 10.12.0

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• [R1] Nessus Agent Version 11.1.3 Fixes Arbitrary File Deletion
• [R1] Nessus Versions 10.11.4 and 10.12.0 Fixes Arbitrary File Deletion
• Tenable Product Security Advisories

Serial number: AV26-386
Date: April 23, 2026

On April 23, 2026, Spring published security advisories to address vulnerabilities in multiple products. Included was a critical update for the following:

• Spring Boot – 4.0.x versions prior to 4.0.6
• Spring Boot – 3.5.x versions prior to 3.5.14
• Spring Boot – 3.4.x versions prior to 3.4.16
• Spring Boot – 3.3.x versions prior to 3.3.19
• Spring Boot – 2.7.x versions prior to 2.7.33

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Spring Security Advisories

Number: AL25-012
Date: September 25, 2025
Updated: April 23, 2026

Audience

This Alert is intended for IT professionals and managers of notified organizations.

Purpose

An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The Canadian Centre for Cyber Security ("Cyber Centre") is also available to provide additional assistance regarding the content of this Alert to recipients as requested.

Details

The Canadian Centre for Cyber Security (Cyber Centre) is aware of exploitation targeting Cisco Adaptive Security Appliance (ASA) 5500-X Series devices that are running Cisco Secure Firewall ASA Software with VPN web services enabled.

On September 25, 2025, Cisco published security advisories for critical vulnerabilities, CVE-2025-20333, CVE-2025-20362 and CVE-2025-20363, affecting the following ASA and Cisco Secure Firewall Threat Defense (FTD) software release products:

• Cisco ASA software release 9.12 – versions prior to 9.12.4.72
• Cisco ASA software release 9.14 – versions prior to 9.14.4.28
• Cisco ASA software release 9.16 – versions prior to 9.16.4.85
• Cisco ASA software release 9.17 – versions prior to 9.17.1.45
• Cisco ASA software release 9.18 – versions prior to 9.18.4.67
• Cisco ASA software release 9.19 – versions prior to 9.19.1.42
• Cisco ASA software release 9.20 – versions prior to 9.20.4.10
• Cisco ASA software release 9.22 – versions prior to 9.22.2.14
• Cisco ASA software release 9.23 – versions prior to 9.23.1.19
   
• Cisco FTD software release 7.0 – versions prior to 7.0.8.1
• Cisco FTD software release 7.1 – all versions
• Cisco FTD software release 7.2 – versions prior to 7.2.10.2
• Cisco FTD software release 7.3 – all versions
• Cisco FTD software release 7.4 – versions prior to 7.4.2.4
• Cisco FTD software release 7.6 – versions prior to 7.6.2.1
• Cisco FTD software release 7.7 – versions prior to 7.7.10.1

For further details on affected versions and available fixed releases, please refer to the following Cisco advisories^{Footnote 1Footnote 2Footnote 3}.

CVE-2025-20333 is a vulnerability affecting the ASA and FTD software, that could allow an authenticated remote threat actor to execute arbitrary code on affected devices^{Footnote 1}.

CVE-2025-20362 is a vulnerability affecting the ASA and FTD software, that could allow an unauthenticated remote threat actor to access URL endpoints that should otherwise be inaccessible without authentication^{Footnote 2}.

CVE-2025-20363 is a vulnerability affecting the ASA, FTD, Cisco IOS, Cisco IOS XE and Cisco IOS XR software, that could allow an unauthenticated remote threat actor (ASA and FTD) or authenticated remote one (Cisco IOS, IOS XE and IOS XR) with low user privileges to execute arbitrary code on affected devices^{Footnote 3}.

All these vulnerabilities are due to improper validation of user supplied input in HTTP(S) requests.

In response to these vulnerabilities, the Cyber Centre released AV25-619 on September 25^{Footnote 4}.

Update 1

On April 23, 2026, Cisco Talos released a blog post ^{Footnote 8} and Cisco published a security advisory ^{Footnote 9} identifying a previously unknown persistence method that remains intact even after upgrading to a patched version released in September 2025. The persistence mechanism is embedded in the Cisco Firepower eXtensible Operating System (FXOS) Software base operating system for Cisco Secure Firewall ASA Software and Cisco Secure FTD Software installations on the affected hardware.

The Cybersecurity and Infrastructure Security Agency (CISA) created the Emergency Directive document V1: ED 25-03: Identify and Mitigate Potential Compromise of Cisco Devices ^{Footnote 10} and along with the United Kingdom National Cyber Security Centre (NCSC), published a FIRESTARTER Backdoor Malware Analysis Report ^{Footnote 11} on April 23, 2026.

The Cyber Centre recommends organizations review the Cisco advisory, identify if indicators of compromise are present on their devices, and apply the identified workarounds, including reimaging the device to a known fixed version.

Affected products and versions:

Secure Firewall ASA Software

• Cisco ASA software release 9.16 – versions prior to 9.16.4.92
• Cisco ASA software release 9.18 – versions prior to 9.18.4.135
• Cisco ASA software release 9.20 – versions prior to 9.20.4.30
• Cisco ASA software release 9.22 – versions prior to 9.22.3.5
• Cisco ASA software release 9.23 – versions prior to 9.23.1.195
• Cisco ASA software release 9.24 – versions prior to 9.24.1.155

Secure FTD Software

• Cisco FTD software release 7.0 – versions prior to 7.0.9 Hotfix FZ-7.0.9.1-3
• Cisco FTD software release 7.2 – versions prior to 7.2.11 Hotfix HI-7.2.11.1-1
• Cisco FTD software release 7.4 – versions prior to 7.4.7
• Cisco FTD software release 7.6 – versions prior to 7.6.4 Hotfix CC-7.6.4.1-1
• Cisco FTD software release 7.7 – versions prior to 7.7.11 Hotfix AE-7.7.11.1-4
• Cisco FTD software release 10 – versions prior to 10.0.0 Hot Fix (Target 4/30/2026)

Firepower 4100 and 9300 Security Appliance

• Cisco Firepower 4100 and 9300 Security Appliance 2.10 – versions prior to 2.10.1.383
• Cisco Firepower 4100 and 9300 Security Appliance 2.12 – versions prior to 2.12.1.117
• Cisco Firepower 4100 and 9300 Security Appliance 2.14 – versions prior to 2.14.3.125
• Cisco Firepower 4100 and 9300 Security Appliance 2.16 – versions prior to 2.16.2.119
• Cisco Firepower 4100 and 9300 Security Appliance 2.17 – versions prior to 2.17.0.549
• Cisco Firepower 4100 and 9300 Security Appliance 2.18 – versions prior to 2.18.0.535

End of Update 1

Suggested actions

The Cyber Centre strongly recommends that organizations running Cisco ASA and FTD products upgrading to a fixed release software version^{Footnote 5}.

Organizations upgrading an ASA 5500-X Series model to 9.12.4.72 or 9.14.4.28 should refer to Cisco’s Bootloader and/or ROMMON Verification Failure procedures^{Footnote 6}. If the “firmware-update.log” file is found on “disk0:” after upgrading to a fixed release, organizations are encouraged to preserve the log file and notify the Cyber Centre using the contact information below. Instructions regarding transfer of the log file will be provided as part of the follow-up engagement.

In addition, the Cyber Centre strongly recommends that organizations review and implement the Cyber Centre’s Top 10 IT Security Actions^{Footnote 7}.

If activity matching the content of this alert is discovered, recipients are encouraged to report via the My Cyber Portal, or email contact@cyber.gc.ca.

References

Serial number: AV26-384
Date: April 23, 2026

CrowdStrike security advisory (AV26-384)

On April 21, 2026, CrowdStrike published a security advisory to address a critical vulnerability in the following products:

• LogScale Self-Hosted – GA versions 1.224.0 to 1.234.0 (inclusive)
• LogScale Self-Hosted LTS – versions 1.228.0 and 1.228.1

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• CVE-2026-40050 — CrowdStrike LogScale Unauthenticated Path Traversal
• Crowdstrike Security Advisories

Serial number: AV26-383
Date: April 23, 2026

On April 21, 2026, GitHub published security advisories to address vulnerabilities in the following products:

• GitHub Enterprise Server – versions 3.20.x prior to 3.20.1
• GitHub Enterprise Server – versions 3.19.x prior to 3.19.5
• GitHub Enterprise Server – versions 3.18.x prior to 3.18.8
• GitHub Enterprise Server – versions 3.17.x prior to 3.17.14
• GitHub Enterprise Server – versions 3.16.x prior to 3.16.17

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Enterprise Server 3.20.1
• Enterprise Server 3.19.5
• Enterprise Server 3.18.8
• Enterprise Server 3.17.14
• Enterprise Server 3.16.17

Serial number: AV26-382
Date: April 23, 2026

On April 22, 2026, Google published a security advisory to address vulnerabilities in the following product:

• Stable Channel Chrome for Desktop – versions prior to 147.0.7727.116/117 (Windows/Mac) and 147.0.7727.116 (Linux)

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates, when available.

• Google Chrome Security Advisory

Serial number: AV26-352
Date: April 14, 2026
Updated: April 22, 2026

On April 14, 2026, Microsoft published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products:

• .NET 10.0 installed on Linux
• .NET 10.0 installed on Mac OS
• .NET 10.0 installed on Windows
• .NET 8.0 installed on Linux
• .NET 8.0 installed on Mac OS
• .NET 8.0 installed on Windows
• .NET 9.0 installed on Linux
• .NET 9.0 installed on Mac OS
• .NET 9.0 installed on Windows
• Azure Logic Apps
• Azure Monitor Agent
• Microsoft .NET Framework
• Microsoft .NET Framework 3.5 AND 4.8.1
• Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
• Microsoft 365 Apps for Enterprise
• Microsoft Defender Antimalware Platform
• Microsoft Dynamics 365
• Microsoft Excel 2016
• Microsoft HPC Pack 2019
• Microsoft Office 2016
• Microsoft Office 2019
• Microsoft Office LTSC 2021
• Microsoft Office LTSC 2024
• Microsoft Office LTSC for Mac 2021
• Microsoft Office LTSC for Mac 2024
• Microsoft Power Apps
• Microsoft PowerPoint 2016
• Microsoft SQL Server 2016
• Microsoft SQL Server 2017
• Microsoft SQL Server 2019
• Microsoft SQL Server 2022
• Microsoft SQL Server 2025
• Microsoft SharePoint Enterprise Server 2016
• Microsoft SharePoint Server 2019
• Microsoft SharePoint Server Subscription Edition
• Microsoft Visual Studio 2022
• Microsoft Visual Studio Code CoPilot Chat Extension
• Office Online Server
• PowerShell
• Remote Desktop client for Windows Desktop
• Windows 10
• Windows 11
• Windows Admin Center
• Windows App Client for Windows Desktop
• Windows Server 2012
• Windows Server 2012 R2
• Windows Server 2016
• Windows Server 2019
• Windows Server 2022
• Windows Server 2025

Microsoft has received reports that CVE-2026-32201 has been exploited.

On April 14, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-32201 to their Known Exploited Vulnerabilities (KEV) Database.

Update 1

Open-source reporting indicates that the CVE-2026-33825 vulnerability is being exploited in the wild.

Update 2

On April 22, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-33825 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• April 2026 Security Updates
• Security Update Guide
• CISA KEV: CVE-2026-32201
• CVE-2026-33825 Detail
• CISA KEV: CVE-2026-33825

Serial number: AV26-381
Date: April 22, 2026

On April 22, 2026, Apple published security updates to address vulnerabilities in the following products:

• iOS and iPadOS – versions prior to 18.7.8 and versions prior to 26.4.2

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• About the security content of iOS 26.4.2 and iPadOS 26.4.2
• About the security content of iOS 18.7.8 and iPadOS 18.7.8
• Apple Security Updates

Serial number: AV26-380
Date: April 22, 2026

On April 21, 2026, Oracle published a security advisory to address vulnerabilities in multiple products. Included were critical updates for the following:

• MySQL Enterprise Backup
• MySQL Server
• MySQL Workbench
• Oracle Advanced Inbound Telephony
• Oracle Banking Origination
• Oracle Business Intelligence Enterprise Edition
• Oracle Communications Cloud Native Core Network Exposure Function
• Oracle Communications EAGLE
• Oracle Communications EAGLE Application Processor
• Oracle Communications EAGLE LNP Application Processor
• Oracle Communications LSMS
• Oracle Communications Messaging Serve
• Oracle Communications Operations Monitor
• Oracle Communications Policy Management
• Oracle Communications Unified Assurance
• Oracle Managed File Transfer
• Oracle Tuxedo

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Oracle Critical Patch Update Advisory – April 2026

Serial number: AV26-379
Date: April 22, 2026

On April 22, 2026, n8n published security advisories to address vulnerabilities, including some critical ones, in the following products:

• n8n (MCP Client Registration) – multiple versions
• n8n (dynamic-node-parameters) – multiple versions
• n8n (XML Node Prototype Pollution) – multiple versions
• n8n (XML Webhook) – multiple versions
• n8n (SQL Mode of Merge Node) – multiple versions
• n8n (MCP OAuth client) – multiple versions
• n8n (Python Task Runner) - multiple versions

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update.

• n8n Security

Number: AV26-378
Date: April 22, 2026

On April 22, 2026, Phoenix Contact published a security advisory to address vulnerabilities in the following products:

• AXC – multiple versions
• BCP – multiple versions
• CATAN C1 EN – versions prior to1.12.3
• CELLULINK – versions prior to 2025.6.3
• CHARX SEC-3XXX – versions prior to 1.9.0
• CLOUD CLIENT 101T-TX/TX –versions prior to 3.7.8
• Energy AXC PU – – versions prior to V04.27.00.00
• FL MGUARD – versions prior to 10.6.0
• FL NAT – multiple versions
• FL SWITCH – multiple versions
• FL TIMESERVER NTP – versions prior to 5.0.71.101
• FL WLAN – multiple versions
• GTC – multiple versions
• ILC 2xxx – multiple versions
• NFC – multiple versions
• PLCnext Control – versions prior to 3.53
• RFC – multiple versions
• SMART RTU AXC – – multiple versions
• TC CLOUD CLIENT – multiple versions
• TC ROUTER – multiple versions
• TC TIMESERVER NTP – versions prior to 5.0.71.101

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates, once available.

• VDE-2026-023: Several products are affected by vulnerabilities found in OpenSSL
• Phoenix Contact Security Advisories

Serial number: AV26-377
Date: April 22, 2026

On April 21, 2026, Microsoft published an out-of-band (OOB) security update to address a critical vulnerability in the following product:

• .NET 10.0.0 – versions 10.0.0 to 10.0.6

The Cyber Centre encourages users and administrators to review the web links provided and apply the necessary update.

• .NET 10.0.7 Out-of-Band Security Update
• ASP.NET Core Elevation of Privilege Vulnerability - CVE-2026-40372

Serial number: AV26-376
Date: April 22, 2026

On April 22, 2026, GitLab published a security advisory to address vulnerabilities in the following products:

• GitLab Community Edition (CE) – versions prior to 18.11.1, 18.10.4 and 18.9.6
• GitLab Enterprise Edition (EE) – versions prior to 18.11.1, 18.10.4 and 18.9.6

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• GitLab Patch Release: 18.11.1, 18.10.4, 18.9.6
• GitLab Releases

Serial number: AV26-375
Date: April 21, 2026

On April 21, 2026, Atlassian published a security advisory to address vulnerabilities, including some critical ones, in the following products:

• Bamboo Data Center and Server – multiple versions
• Bitbucket Data Center and Server – multiple versions
• Confluence Data Center and Server – multiple versions
• Jira Data Center and Server – multiple versions
• Jira Service Management Data Center and Server – multiple versions

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Security Bulletin – April 21 2026
• Atlassian Security Advisories and Bulletins

Serial number: AV26-374
Date: April 21, 2026

On April 21, 2026, Fortra published security advisories to address vulnerabilities in the following product:

• Fortra's GoAnywhere MFT – versions prior to 7.10.0

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• FI-2026-002 - GoAnywhere MFT SFTP Service Login Vulnerable to Brute Force Attack Under Certain Circumstances
• FI-2026-004 - GoAnywhere MFT SFTP Service Login Vulnerable to Brute Force Attack Under Certain Circumstances
• Fortra Product CVEs

Serial number: AV26-373
Date: April 21, 2026

Between April 9 and 21, 2026, Spring published security advisories to address vulnerabilities in the following products:

• Spring Cloud Gateway – version 4.2.0
• Spring Security – versions 5.7.0 to 5.7.22, 5.8.0 to 5.8.24, 6.3.0 to 6.3.15, 6.4.0 to 6.4.15, 6.5.0 to 6.5.9 and 7.0.0 to 7.0.4
• Spring Authorization Server – versions 1.3.0 to 1.3.10, 1.4.0 to 1.4.9 and 1.5.0 to 1.5.6
• Spring Framework – versions 5.3.0 to 5.3.47, 6.1.0 to 6.1.26, 6.2.0 to 6.2.17 and 7.0.0 to 7.0.6

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Spring Security Advisories

Serial number: AV26-372
Date: April 21, 2026

On April 21, 2026, Mozilla published security advisories to address vulnerabilities in the following products:

• Firefox – versions prior to 150
• Firefox ESR – versions prior to 35
• Firefox ESR – versions prior to 10

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Security Vulnerabilities fixed in Firefox ESR 140.10
• Security Vulnerabilities fixed in Firefox ESR 115.35
• Security Vulnerabilities fixed in Firefox 150
• Mozilla Security Advisories

Serial number: AV26-166
Date: February 25, 2026
Updated: April 20, 2026

On February 25, 2026, Cisco published security advisories to address critical vulnerabilities in the following products:

• Cisco Catalyst SD-WAN Controller – multiple versions
• Cisco Catalyst SD-WAN Manager – multiple versions
• Cisco Nexus 3600 and 9500-R Switching Platform – multiple versions
• Cisco Nexus 9000 Series Fabric Switches – multiple versions
• Cisco UCS Software (UCS Manager Mode) – versions prior to 4.3(6e)
• Cisco UCS Software (Intersight Managed Mode) – versions prior to 4.3(6.260003)

Cisco has indicated that CVE-2026-20127 has been exploited.

Update 1

On February 25, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-20127 to their Known Exploited Vulnerabilities (KEV) Database.

Update 2

Cisco has indicated that CVE-2026-20128 and CVE-2026-20122 are being actively exploited.

Update 3

On April 20, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-20122, CVE-2026-20128, and CVE-2026-20133 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested recommendations, and apply the necessary updates when available.

• Cisco Security Advisories
• Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
• Cisco Catalyst SD-WAN Vulnerabilities
• Cisco Nexus 3600 and 9500-R Series Switching Platforms Layer 2 Loop Denial of Service Vulnerability
• Cisco Nexus 9000 Series Fabric Switches in ACI Mode SNMP Denial of Service Vulnerability
• Cisco Nexus 9000 Series Fabric Switches in ACI Mode Denial of Service Vulnerability
• Cisco NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability
• CISA KEV : CVE-2026-20127
• CISA KEV: CVE-2026-20122
• CISA KEV: CVE-2026-20128
• CISA KEV: CVE-2026-20133

Serial number: AV26-366
Date: April 20, 2026

Between April 13 and 19, 2026, Dell published security advisories to address vulnerabilities in multiple products:

• Connectrix Switches and Directors – multiple versions
• Dell AMD-based PowerEdge Server – multiple versions and models
• Dell Command| Update – versions prior to 5.7.0
• Dell PowerProtect Data Domain – multiple versions and models
• Dell Storage Manager - Replay Manager for Microsoft Servers – versions prior to 8.0.3

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• DSA-2026-041: Security Update for Dell AMD-based PowerEdge Server Vulnerability
• DSA-2026-171: Security Update for Dell Connectrix B-Series SANnav Vulnerabilities
• DSA-2026-058: Security Update for Dell Storage Manager - Replay Manager for Microsoft Servers Vulnerabilities
• DSA-2026-190: Security Update for Dell Command | Update for a Revenera InstallShield Vulnerability
• DSA-2026-060: Security Update for Dell PowerProtect Data Domain Multiple Vulnerabilities
• Dell Security advisories and notices

Serial number: AV26-371
Date: April 20, 2026

On April 20, 2026, Progress published security advisories to address vulnerabilities in the following products:

• Progress Kemp LoadMaster – version GA v7.2.62.2 and prior
• Progress Kemp LoadMaster – version LTSF v7.2.54.16 and prior
• Progress MOVEit WAF – version GA v7.2.62.2 and prior

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• LoadMaster Security Vulnerabilites: CVE-2026-3517 / CVE-2026-3518 / CVE-2026-3519 / CVE-2026-4048 / CVE-2026-21876
• MOVEit WAF Critical Security Bulletin – April 2026 – (CVE-2026-3517, CVE-2026-3518, CVE-2026-3519, CVE-2026-4048, CVE-2026-21876)

Serial number: AV26-370

Date: April 20, 2026

On April 20, 2026, Moxa published a security advisory to address a vulnerability in the following products:

• PT-508 Series – firmware version 3.8 and prior
• PT-510 Series – firmware version 3.8 and prior
• PT-7528 Series – firmware version 5.0 and prior
• PT-7728 Series – firmware version 3.9 and prior
• PT-7828 Series – firmware version 4.0 and prior
• PT-G503 Series – firmware version 5.3 and prior
• PT-G510 Series – firmware version 6.5 and prior

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• CVE-2020-11868: NTP Vulnerability in Ethernet Switches – MPSA-258681
• Moxa Security Advisories

Serial number: AV26-369
Date: April 20, 2026

Between April 13 and 19, 2026, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder – multiple versions and platforms
• Red Hat Enterprise Linux – multiple versions and platforms
• Red Hat Enterprise Linux Server – multiple versions and platforms
• Red Hat Enterprise Linux for Real Time – multiple versions and platforms

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Red Hat Security Advisories

Serial number: AV26-368
Date: April 20, 2026

Between April 13 and 19, 2026, CISA published ICS advisories to address vulnerabilities in the following products:

• AVEVA Pipeline Simulation – version 2025_SP1_build_7.1.9497.6351 and prior
• Anviz Multiple Products CX2 Lite Firmware/CX7 Firmware/CrossChex Standard – all versions
• Delta Electronics ASDA-Soft – version V7.2.2.0 and prior
• Horner Automation Cscape – version v10.0
• Horner Automation XL4 PLC – version v15.60
• Horner Automation XL7 PLC – version v16.32.0

The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.

• CISA ICS Advisories

Serial number: AV26-367
Date: April 20, 2026

Between April 13 and 19, 2026, Ubuntu published security notices to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 18.04 LTS
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 25.10

The Cyber Centre encourages users and administrators to review the web link provided and apply the necessary updates.

• Ubuntu Security Notices

Serial number: AV26-365
Date: April 20, 2026

Between April 13 and 19, 2026, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• API Connect - versions V10.0.8.0 to V10.0.8.7
• Aspera Faspex 5 - versions 5.0.0 to 5.0.15
• DevOps Test Performance - versions 11.0 to 11.0.7
• IBM App Connect Enterprise - multiple versions
• IBM Aspera Console - versions 3.3.0 to 3.4.9
• IBM Aspera Orchestrator - versions 3.0.0 to 4.1.3
• IBM Business Automation Manager Open Editions - versions 8.0.0 to 8.0.8
• IBM Data Product Hub - versions 5.0.0 to 5.3.1
• IBM Event Processing - versions 1.0.0 to 1.4.7
• IBM Guardium Data Protection - versions 12.0, 12.1 and 12.2
• IBM Maximo Application Suite - Monitor Component - multiple versions
• IBM Netezza Appliance - versions 1.0.0.0 and 1.0.0.1
• IBM SPSS Modeler - multiple versions
• IBM Tivoli Network Configuration Manager (ITNCM) - versions 6.4.2 to 6.4.2 Fix Pack 23
• IBM Watson Speech Services Cartridge - versions 4.0.0 to 5.3.1
• IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data - multiple versions
• Performance Tester (RPT) - versions 11.0 to 11.0.7
• Rational Performance Tester - multiple versions
• SPSS Collaboration and Deployment Services - version 9.0.0.0

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• IBM Product Security Incident Response

Serial number: AV26-364
Date: April 17, 2026

On April 17, 2026, JetBrains published a security advisory to address a vulnerability in the following product:

• JetBrains Youtrack – versions prior to 2025.3.131383

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• JetBrains – Fixed security issues

Serial number: AV26-363
Date: April 17, 2026

On April 16, 2026, HashiCorp published security advisories to address vulnerabilities in the following products:

• Vault Community Edition – multiple versions
• Vault Enterprise Edition – multiple versions

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• HCSEC-2026-05 - Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service
• HCSEC-2026-06 - Vault Vulnerable to Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS
• HashiCorp Security

Serial number: AV26-362
Date: April 17, 2026

On April 16, 2026, Microsoft published a security update to address vulnerabilities in the following product:

• Microsoft Edge Stable Channel – versions prior to 147.0.3912.72

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update.

• Microsoft Edge Stable Channel Release Notes

Serial number: AV26-330
Date: April 8, 2026
Update: April 16, 2026

On April 8, 2026, Apache published a security advisory to address a vulnerability in the following products:

• Apache ActiveMQ Broker - versions prior to 5.19.4
• Apache ActiveMQ Broker - 6.0.0 versions prior to 6.2.3

Update 1

On April 16, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-34197 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• CVE-2026-34197
• CISA KEV: CVE-2026-34197

Serial number: AV26-361
Date: April 16, 2026

On April 16, 2026, HPE published a security advisory to address vulnerabilities in the following product:

• HPE Cray Supercomputing EX420 Compute Blade – versions prior to 1.91

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• HPESBCR05043 rev.1 - HPE Cray Supercomputing EX Servers Using Intel Processors, INTEL-SA-01397, 2026.1 IPU, Intel Trust Domain Extensions (Intel TDX) module Advisory, Multiple Vulnerabilities
• HPE Security Bulletin Library

Serial number: AV26-360
Date: April 16, 2026

On April 10, 2026, Nginx UI published a security advisory to address a critical vulnerability in the following product:

• Nginx UI – version v2.3.5 and prior

Open-source reporting indicates that the CVE-2026-33032 vulnerability is being exploited in the wild.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates, when available.

• Nginx UI - CVE-2026-33032
• NVD - CVE-2026-33032 Detail

Serial number: AV26-359
Date: April 16, 2026

On April 15, 2026, Drupal published a security advisory to address a critical vulnerability in the following product:

• Drupal core – multiple versions

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates or perform the suggested mitigations.

• Drupal core - Critical - Cross-site scripting - SA-CORE-2026-001
• Drupal Security Advisories

Serial number: AV26-358
Date: April 15, 2026

On April 15, 2026, Google published a security advisory to address vulnerabilities in the following product:

• Stable Channel Chrome for Desktop – versions prior to 147.0.7727.101/102 (Windows/Mac) and 147.0.7727.101 (Linux)

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates, when available.

• Google Chrome Security Advisory

Serial number: AV26-357
Date: April 15, 2026

On April 15, 2026, Cisco published security advisories to address vulnerabilities in the following products. Included were critical updates for the following:

• Cisco Identity Services Engine (ISE) – multiple versions
• Cisco ISE Passive Identity Connector (ISE-PIC) – multiple versions
• Cisco Webex Services (cloud-based, configured to use SSO integration with Control Hub)

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested recommendations, and apply the necessary updates when available.

• Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities
• Cisco Identity Services Engine Remote Code Execution Vulnerabilities
• Cisco Webex Services Certificate Validation Vulnerability
• Cisco Security Advisories

Serial number: AV26-356
Date: April 15, 2026

On April 15, 2026, Splunk published security advisories to address vulnerabilities in the following products:

• Splunk Operator for Kubernetes Add-on – versions prior to 3.1.0
• Splunk MCP Server – versions prior to 1.0.3
• Splunk IT Service Intelligence (ITSI) – versions prior to 4.21.2
• Splunk Enterprise – multiple versions
• Splunk Cloud Platform – multiple versions

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Splunk Security Advisories

Serial number: AV26-355
Date: April 15, 2026

On April 14, 2026, AMD published security advisories to address vulnerabilities in the following products:

• AMD EPYC Processors – multiple versions and models
• AMD Ryzen Processors – multiple versions and models
• AMD Ryzen Embedded Processors – multiple versions and models
• AMD EPYC Embedded Processors – multiple versions and models

The Cyber Centre encourages users and administrators to review the web links provided and apply the necessary updates.

• Incorrect use of LocateProtocol Service of the EFI_BOOT_Services table in SMI Handler - AMD-SB-7054
• IOMMU Write Buffer Vulnerability - AMD-SB-3016
• SEV-SNP Routing Misconfiguration - AMD-SB-3034
• AMD Product Security

Serial number: AV26-354
Date: April 14, 2026

On April 14, 2026, Tenable published a security advisory to address critical vulnerabilities in the following product:

• Tenable Identity Exposure – versions prior to 3.77.17

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• [R2] Tenable Identity Exposure Version 3.77.17 Fixes Multiple Vulnerabilities
• Tenable Product Security Advisories

Serial number: AV26-353
Date: April 14, 2026

On April 14, 2026, Adobe published security advisories to address vulnerabilities in the following products:

• Acrobat 2024 – version Win: 24.001.30362 and prior, Mac: 24.001.30360 and prior
• Acrobat DC – version 26.001.21411 and prior
• Acrobat Reader DC – version 26.001.21411 and prior
• Adobe Bridge – version 15.1.4 (LTS) and prior, version 16.0.2 and prior
• Adobe Connect Desktop Application – version 2025.3 and prior
• Adobe Connect – version 12.10 and prior
• Adobe DNG Software Development Kit (SDK) – versions DNG SDK 1.7.1 build 2502 and prior
• Adobe Experience Manager (AEM) Screens – version 6.5 Service Pack 24 and prior, version Feature Pack 11.7 and prior
• Adobe FrameMaker – version 2022 Release Update 8 and prior
• Adobe InCopy – version 21.2 and prior, version 20.5.2 and prior
• Adobe InDesign – version ID21.22 and prior, version ID20.5.2 and prior
• ColdFusion 2023 – version Update 18 and prior
• ColdFusion 2025 – version Update 6 and prior
• Illustrator 2025 – version 29.8.5 and prior
• Illustrator 2026 – version 30.2 and prior
• Photoshop 2026 – version 27.4 and prior

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Adobe Security Advisories

Serial number: AV26-351
Date: April 14, 2026

On April 14, 2026, Fortinet published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• FortiSandbox 4.4 – versions 4.4.0 to 4.4.8
• FortiSandbox 5.0 – versions 5.0.0 to 5.0.5
• FortiAnalyzer Cloud 7.6 – versions 7.6.2 to 7.6.4
• FortiManager Cloud 7.6 – versions 7.6.2 to 7.6.4
• FortiDDoS-F 7.2 – versions 7.2.1 to 7.2.2

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• OS Command Injection through API endpoint
• Unauthenticated Authentication bypass and Privilege escalation in FortiSandbox
• Heap-based buffer overflow in oftpd daemon
• SQL Injection via API
• Fortinet PSIRT Advisories

Serial number: AV26-350
Date: April 14, 2026

On April 14, 2026, Schneider Electric published advisories to address vulnerabilities in the following products:

• Easergy MiCOM Px40 Series – multiple versions and models
• Connexium Managed Switches TCSESM – all versions
• Modicon Managed Switches MCSESM, MCSESP – all versions
• Modicon Redundancy Switches MCSESR – all versions
• PowerChute Serial Shutdown – version 1.4 and prior

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.

• Use of Hard-coded Credentials vulnerability on Easergy MiCOM Px40 Series (PDF)
• Third-Party vulnerability on Modicon Networking Managed Switches (PDF)
• Multiple Vulnerabilities on PowerChute™ Serial Shutdown (PDF)
• Schneider Electric Security Notifications

Serial number: AV26-349
Date: April 14, 2026

On April 14, 2026, SAP published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• SAP Business Planning and Consolidation and SAP Business Warehouse – versions HANABPC 810, BPC4HANA 300, SAP_BW 750, 752, 753, 754, 755, 756, 757, 758 and 816
• SAP ERP and SAP S/4 HANA (Private Cloud and On-Premise) – versions SAP_FIN 618, 720, 730, EA-FIN 617, 700, SAPSCORE 135, S4CORE 102, 103, 104, 105, 106, 107, 108, 109, EA-APPL 600, 602, 603, 604, 605 and 606
• SAP BusinessObjects Business Intelligence Platform – versions ENTERPRISE 430, 2025 and 2027
• SAP Human Capital Management for SAP S/4HANA – versions S4HCMRXX 100, 101, 102, SAP_HRRXX 600, 604 and 608
• SAP Business Analytics and SAP Content Management – versions S4HCMRXX 100, 101, 102, SAP_HRRXX 600, 604 and 608
• SAP S/4HANA OData Service (Manage Reference Equipment) – version S4CORE 109
• SAP S/4HANA Backend OData Service (Manage Reference Structures) – version S4CORE 109
• SAP S/4HANA Frontend OData Service (Manage Reference Structures) – version UIS4H 109
• SAP Supplier Relationship Management (SICF Handler in SRM Catalog) – versions SRM_SERVER 702, 713 and 714
• SAP NetWeaver Application Server Java (Web Dynpro Java) – version WD-RUNTIME 7.50
• SAP NetWeaver Application Server ABAP – versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 and SAP_BASIS 816
• SAP HANA Cockpit and HANA Database Explorer – version SAP_HANA_COCKPIT 2.0
• SAP S/4HANA (Private Cloud and On-Premise) – versions S4CORE 105, 106, 107, 108, 109, FI-CA 606, 616, 617 and 618
• Material Master Application – versions S4CORE 102, 103, 104, 105, 106, 107, 108, 109, SCM_BASIS 700, SCM_BASIS 701, SCM_BASIS 702, SCM_BASIS 712, SCM_BASIS 713 and SCM_BASIS 714
• SAP S/4HANA OData Service (Manage Technical Object Structures) – version S4CORE 109
• SAP S4CORE (Manage Journal Entries) – versions S4CORE 104, 105, 106, 107 and 108
• SAP BusinessObjects Business Intelligence Platform – versions ENTERPRISE 430, 2025 and 2027
• SAP NetWeaver Application Server ABAP – versions SAP_UI 758 and 816
• SAP Landscape Transformation – versions DMIS 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020, S4CORE 102, 103, 104, 105, 106, 107, 108 and 109

The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations, and apply the necessary updates.

• SAP Security Patch Day - April 2026

Serial number: AV26-348
Date: April 14, 2026

On April 7, 2026, Samsung published a security update to address vulnerabilities in the following product:

• Samsung mobile devices – versions prior to SMR-APR-2026 Release 1

The most recent security update resolves multiple identified vulnerabilities.

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update.

• Samsung Security Updates

Serial number: AV26-347
Date: April 14, 2026

On April 14, 2026, Siemens published a security advisory to address vulnerabilities in the following products. Included were updates for the following products:

• Siemens Software Center – versions prior to V3.5.8.2
• Simcenter 3D – versions prior to V2506.6000
• Simcenter Femap – versions prior to V2506.0002
• Simcenter STAR-CCM+ – versions prior to V2602
• Solid Edge SE2025 – versions prior to V225.0 Update 13
• Solid Edge SE2026 – versions prior to V226.0 Update 04
• Tecnomatix Plant Simulation – versions prior to V2504.0008
• SINEC NMS – versions prior to V4.0 SP3 with UMC
• RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) – versions prior to V5.8
• SIPROTEC 5 - CP300 Devices – multiple versions and models
• SIPROTEC 5 Communication Modules – multiple versions and models
• SIPROTEC 5 Compact 7SX800 (CP050) – versions V8.70 to V9.30
• SIMATIC CN 4100 – hardware versions prior to FS 05
• SIMATIC Field PG – all versions
• SIMATIC IPC family – all versions
• SIMATIC IPC MD-57A – versions prior to V30.01.10
• SIMATIC ITP1000 – all versions
• Industrial Edge Management Pro V1 – versions V1.7.6 to V1.15.17
• Industrial Edge Management Pro V2 – versions V2.0.0 to V2.1.1
• Industrial Edge Management Virtual – versions V2.2.0 to V2.8.0
• SINEC NMS – versions prior to V4.0 SP3
• RUGGEDCOM CROSSBOW Station Access Controller (SAC) – versions prior to V5.8
• SCALANCE W-700 IEEE 802.11n family – versions prior to V6.6.0

The Cyber Centre encourages users and administrators to review the web link provided, perform the suggested mitigations and apply the necessary updates.

• Siemens Security Advisories

Serial number: AV26-346
Date: April 13, 2026

On April 13, 2026, ABB published security advisories to address vulnerabilities in the following product:

• ABB CI868 AC800M product line (System 800xA) for IEC 61850 - multiple firmware versions
• ABB CI850 Symphony Plus SD Series product line for IEC 61850 - multiple firmware versions
• ABB PM 877 Symphony Plus MR (Melody Rack) product line for IEC 61850 – firmware version 3.10 to 3.52
• ABB S+ Operations using IEC 61850 - multiple versions
• ABB Ability Symphony Plus – multiple versions

The Cyber Centre encourages users and administrators to review the provided web links and perform the suggested mitigations.

• Denial of Service Vulnerabilities in System 800xA, Symphony Plus IEC 61850 communication stack CVE ID: CVE-2025-3756
• PostgreSQL vulnerabilities in ABB Ability Symphony Plus Engineering CVE ID: CVE-2023-5869, CVE-2023-39417, CVE-2024-7348, CVE-2024-0985
• ABB Cyber security alerts and notifications

Serial number: AV26-345
Date: April 13, 2026

On April 10, 2026, Microsoft published a security update to address vulnerabilities in the following product:

• Microsoft Edge Stable Channel – versions prior to 147.0.3912.60

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update.

• Microsoft Edge Stable Channel Release Notes

Serial number: AV26-340
Date: April 13, 2026

On April 12, 2026, Adobe published a security advisory to address a critical vulnerability in the following products:

• Acrobat Mac – versions prior to 24.001.30360
• Acrobat Windows – versions prior to 24.001.30362
• Acrobat DC – versions prior to 26.001.21411
• Acrobat Reader DC – versions prior to 26.001.21411

Adobe is aware of CVE-2026-34621 being exploited in the wild.

Update 1

On April 13, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-34621 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Security update available for Adobe Acrobat Reader - APSB26-43
• Adobe Security Advisories
• CISA KEV: CVE-2026-34621

Serial number: AV26-096
Date: February 9, 2026
Updated: April 13, 2026

On February 6, 2026, Fortinet published a security advisory to address a critical vulnerability in the following product:

• FortiClientEMS 7.4 – version 7.4.4

Update 1

Open-source reporting indicates that CVE-2026-21643 is being exploited in the wild.

Update 2

On April 13, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-21643 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• SQLi in administrative interface – FG-IR-25-1142 (CVE-2026-21643)
• CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
• Fortinet PSIRT Advisories
• CISA KEV: CVE-2026-21643

Serial number: AV26-336
Date: April 9, 2026
Updated: April 13, 2026

On April 9, 2026, Tenable published a security advisory to address vulnerabilities in the following product:

• Tenable Security Center – version 6.5.0 to 6.8.0

Update 1
On April 13, 2026, Tenable updated affected products reflected above.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• [R2] Stand-alone Security Patch Available for Tenable Security Center Versions 6.5.1, 6.6.0, 6.7.2 and 6.8.0: SC202604.1
• Tenable Product Security Advisories

Serial number: AV26-344
Date: April 13, 2026

On April 9, 2026, wolfSSL published a security advisory to address vulnerabilities in the following product:

• wolfSSL – versions 3.12.0 to versions prior to 5.9.1

CVE-2026-5194 is listed as critical with a CVSS score of 9.3.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• wolfssl
• Missing hash/digest size and OID checks allow digests...
• CWE-295 Improper Certificate Validation
• CVE-2026-5194

Serial number: AV26-343
Date: April 13, 2026

Between April 6 and 12, 2026, Dell published security advisories to address vulnerabilities in multiple products:

• Connectrix Switches and Directors – versions prior to sannav_ova_9x_os_02_2026
• Data Protection Advisor – versions 19.9 to 19.12 SP2
• Dell AX System – multiple versions and models
• Dell Data Protection Central – versions 19.9 to 19.12 with Data Protection Central OS Update prior to dpc-osupdate-1.1.26-1
• Dell EMC Isilon OneFS – versions 8.2.2 and prior
• Dell EMC PowerScale – version 9.0.0
• Dell Integrated System for Microsoft Azure Stack Hub 16G – versions prior to 2603
• Dell Networking OS10 – versions prior to 10.6.1.1
• Dell PowerProtect DP Series Appliance – versions prior to 2.7.9 with Data Protection Central OS Update prior to dpc-osupdate-1.1.26-1
• Dell PowerScale OneFS – multiple versions
• Elastic Cloud Storage – versions prior to 3.8.1.7
• ObjectScale - versions prior to 4.1.0.3 and 4.2.00
• PowerSwitch Z9664F-ON – versions prior to 3.54.5.1-11
• PowerSwitch S5448F-ON – versions prior to 3.54.5.1-14
• PowerSwitch S9664F-ON – versions prior to 3.54.5.1-11
• PowerSwitch E3200-ON – versions prior to 3.57.5.1-6

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Dell Security advisories and notices