Serial number: AV26-312
Date: April 2, 2026

On April 2, 2026, OpenSSH published a security advisory to address vulnerabilities in the following product:

• OpenSSH - versions prior to 10.3

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• OpenSSH 10.3 Release Notes
• OpenSSH

Serial number: AV26-311
Date: April 2, 2026

On April 2, 2026, Cesanta published a security advisory to address vulnerabilities in the following product:

• Mongoose - versions 7.0 to 7.20

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Cesanta Mongoose
• Mongoose.ws

Serial number: AV26-310
Date: April 2, 2026

On April 2, 2026, Progress published a security advisory to address vulnerabilities in the following product:

• Progress ShareFile - versions prior to v5.12.4 and versions prior to v6

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Security Vulnerability Fix For ShareFile Storage Zones Controller 5.x (February 2026)

Serial number: AV26-309
Date: April 2, 2026

On April 1, 2026, WatchGuard published a security advisory to address a vulnerability in the following products:

• Fireware OS 2025-1 - versions 2025.1 to 2026.1.2

• Fireware OS 12.x - versions 12.6.1 to 12.11.8

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• WatchGuard Firebox Arbitrary File Write via Path Traversal in Fireware Web UI
• WatchGuard Security Advisories

Serial number: AV26-275
Date: March 24, 2026
Updated: April 2, 2026

On March 24, 2026, Apple published security updates to address vulnerabilities in the following products:

• iOS – versions prior to 18.7.7 and versions prior to 26.4
• iPadOS – versions prior to 18.7.7 and versions prior to 26.4
• macOS Sequoia – versions prior to 15.7.5
• macOS Sonoma – versions prior to 14.8.5
• macOS Tahoe – versions prior to 26.4
• tvOS – versions prior to 26.4
• visionOS – versions prior to 26.4
• watchOS – versions prior to 26.4

Update 1
On April 1, 2026 Apple expanded the availability of iOS 18.7.7 for more devices to protect from DarkSword iOS exploit kit web attacks.

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• About the security content of iOS 18.7.7 and iPadOS 18.7.7
• Apple Security Updates

Serial number: AV26-306
Date: April 1, 2026
Updated: April 1, 2026

On March 31, 2026, Google published a security advisory to address vulnerabilities in the following product:

• Stable Channel Chrome for Desktop – versions prior to 146.0.7680.177/178 (Windows/Mac) and 146.0.7680.177 (Linux)

Google is aware that an exploit for CVE-2026-5281 exists in the wild.

Update 1

On April 1, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-5281 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates, when available.

• Google Chrome Security Advisory
• CISA KEV: CVE-2026-5281

Serial number: AV26-308
Date: April 1, 2026

On April 1, 2026, Drupal published a security advisory to address a critical vulnerability in the following product :

• SAML SSO - Service Provider – versions prior to 3.1.4

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• SAML SSO - Service Provider - Critical - Authentication bypass - SA-CONTRIB-2026-031
• Drupal Security Advisories

Serial number: AV26-307
Date: April 1, 2026

On April 1, 2026, Cisco published security advisories to address vulnerabilities in the following products:

• Cisco NFVIS Release – multiple versions
• Cisco IMC Release – multiple versions
• Cisco Telemetry Broker Appliances – version 6.0(2.260044) (M6) and prior
• IEC6400 Edge Compute Appliances – version 4.3(6.260017) (M6) and prior
• Secure Endpoint Private Cloud Appliances – versions 4.3(2.260007) (M5) and 4.3(6.260017) (M6)
• Secure Firewall Management Center Appliances – versions 4.3(2.260007) (M5) and 4.3(6.260017) (M6)
• Secure Malware Analytics Appliances – versions 4.3(2.260007) (M5) and 4.3(6.260017) (M6)
• Secure Network Analytics Appliances – versions 4.3(2.260007) (M5) and 6.0(2.260044) (M6)
• Secure Network Server Appliances – multiple versions
• Cisco SSM On-Prem Release – version 9-202510 and prior
• Cisco EPNM Release – versions 8.0 and prior, version 8.1 and prior

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested recommendations, and apply the necessary updates when available.

• Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilities
• Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability
• Cisco Evolved Programmable Network Manager Improper Authorization Vulnerability
• Cisco Integrated Management Controller Authentication Bypass Vulnerability
• Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability
• Cisco Security Advisories

Serial number: AV26-305
Date: March 31, 2026

On March 31, 2026, HPE published a security advisory to address a critical vulnerability in the following product:

• HPE Telco Network Function Virtualization Orchestrator – version v7.5.0 and prior

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• HPESBNW05033 rev.1 - HPE Telco Network Function Virtual Orchestrator, Improper Input Validation in the Undertow HTTP Server Core
• HPE Security Bulletin Library

Serial number: AV26-304
Date: March 31, 2026

On March 30, 2026, Symantec published a security advisory to address a vulnerability in the following product:

• Symantec Data Loss Prevention (DLP) Windows Endpoint – versions prior to DLP 16.1 MP2 and DLP 25.1 MP1

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Symantec Data Loss Prevention Security Update

Serial number: AV26-303
Date: March 31, 2026

On March 31, 2026, ABB published a security advisory to address vulnerabilities in the following product:

• ABB 800xA History – version 7.0 and prior
• ABB Batch Management – version 6.2 and prior
• ABB Production Response Batch History – version 6.2 and prior
• ABB 800xA for Symphony Plus Harmony – version 6.2 and prior
• ABB 800xA for AC 870P Melody – version 6.2 and prior
• ABB Application Change Management – version 6.2 and prior

The Cyber Centre encourages users and administrators to review the provided web links and perform the suggested mitigations.

• System 800xA affected by 3rd party component Vulnerabilities (PDF)
• ABB Cyber security alerts and notifications

Serial number: AV26-302
Date: March 31, 2026

On March 30, 2026, Nokia published security advisories to address a vulnerability in the following products:

• Nokia GX G42, GX G31, GX G32, GX G34 – versions prior to GX r9.0

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• CVE-2026-34485 - CLI ACL Bypass in GX G42
• Nokia Product Security Advisory

Serial number: AV26-267
Date: March 23, 2026
Updated: March 30, 2026

On March 23, 2026, Citrix published a security advisory to address critical vulnerabilities in the following products:

• NetScaler ADC and NetScaler Gateway 14.1 – versions prior to 14.1-60.58
• NetScaler ADC and NetScaler Gateway 13.1 – versions prior to 13.1-62.23
• NetScaler ADC FIPS and NDcPP – versions prior to 13.1-37.262

Update 1

On March 30, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-3055 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links and perform the suggested mitigations.

• NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2026-3055 and CVE-2026-4368
• Citrix Security Advisories
• CISA KEV: CVE-2026-3055

Serial number: AV26-301
Date: March 30, 2026

On March 30, 2026, Docker published a security advisory to address a vulnerability in the following product:

• Docker Desktop – versions prior to 4.67.0

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Docker Desktop 4.67.0 security update: CVE-2026-33990

Serial number: AV26-300
Date: March 30, 2026

On March 29, 2026, Roundcube published security advisories to address vulnerabilities in the following product:

• Webmail – versions prior to 1.6.15
• Webmail – versions prior to 1.5.15
• Webmail – versions prior to 1.7 RC6

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Roundcube Webmail 1.6.15
• Roundcube Webmail 1.5.15
• Roundcube Webmail 1.7 RC6

Serial number: AV26-299
Date: March 30, 2026

On March 27, 2026, Hitachi published security advisories to address vulnerabilities in the following product:

• Hitachi Disk Array Systems – multiple versions and models

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.

• Security information for Hitachi Disk Array Systems
• Hitachi Vulnerability Information

Serial number: AV26-298
Date: March 30, 2026

Between March 23 and 29, 2026, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder – multiple versions and platforms
• Red Hat Enterprise Linux – multiple versions and platforms
• Red Hat Enterprise Linux Server – multiple versions and platforms
• Red Hat Enterprise Linux for Real Time – multiple versions and platforms

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Red Hat Security Advisories

Serial number: AV26-297
Date: March 30, 2026

Between March 23 and 29, 2026, CISA published ICS advisories to address vulnerabilities in the following products:

• Grassroots DICOM (GDCM) – version 3.2.2
• Pharos Controls Mosaic Show Controller – firmware version 2.15.3
• OpenCode Systems OC Messaging and USSD Gateway – version 6.32.2
• PTC Windchill Product Lifecycle Management – multiple versions and models
• Schneider Electric EcoStruxure Foxboro DCS – versions prior to CS8.1
• Schneider Electric Plant iT/Brewmaxx – version 9.60_and_above
• WAGO GmbH & Co. KG Industrial Managed Switches – multiple firmware version

The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.

• CISA ICS Advisories

Serial number: AV26-296
Date: March 30, 2026

Between March 23 and 29, 2026, Ubuntu published security notices to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 18.04 LTS
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 25.10

The Cyber Centre encourages users and administrators to review the web link provided and apply the necessary updates.

• Ubuntu Security Notices

Number: AL26-006
Date: March 30, 2026

Audience

This Alert is intended for IT professionals and managers.

Purpose

An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The Canadian Centre for Cyber Security ("Cyber Centre") is also available to provide additional assistance regarding the content of this Alert to recipients as requested.

Details

The Cyber Centre is aware of a critical vulnerability impacting NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway)^{Footnote 1}.

NetScaler ADC is an application delivery and security platform designed to optimize the performance, security, and scalability of applications.

NetScaler Gateway is a secure remote access solution developed by Citrix that provides single sign-on (SSO) capabilities for applications, enhancing user experience and security.

In response to the vendor advisory released on March 23, 2026, the Cyber Centre released AV26-267 on March 23, 2026^{Footnote 2}.

Tracked as CVE-2026-3055^{Footnote 3}, this vulnerability is an insufficient input validation vulnerability (CWE-125)^{Footnote 4} leading to a memory overread allowing a remote, unauthenticated attacker to access sensitive information stored in memory. Pre-conditions for this vulnerability are that the NetScaler ADC or NetScaler Gateway must be configured as a SAML IdP (Security Assertion Markup Language Identity Provider).

Further information about the impacted configurations of your appliance can be found in the Citrix advisory^{Footnote 1}.

This Alert only applies to customer-managed NetScaler ADC and NetScaler Gateway. The Citrix Cloud Software Group has already upgraded Citrix-managed cloud services and Citrix-managed Adaptive Authentication instances with the necessary software updates related to these vulnerabilities.

The Cyber Centre has observed open-source reporting indicating that the vulnerability is being exploited in the wild since March 27, 2026^{Footnote 5}.

Suggested actions

The Cyber Centre recommends that organizations using Citrix NetScaler ADC and NetScaler Gateway appliances (particularly for SAML IDP-configured appliances), review the Citrix security bulletin^{Footnote 1} and update or upgrade the affected systems to the following versions:

• NetScaler ADC and NetScaler Gateway 14.1-60.58 and later releases of 14.1
• NetScaler ADC and NetScaler Gateway 13.1-62.23 and later releases of 13.1
• NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.262 and later releases of 13.1-FIPS and 13.1-NDcPP

Citrix has provided steps to take if NetScaler ADC or NetScaler Gateway are suspected to be compromised^{Footnote 6}, which includes:

• Preserve evidence.
• If possible, avoid switching off the machine in order to preserve the traces needed for investigations.
• Completely isolate the machine concerned from the network, both from the Internet and from the internal network, in order to limit the risk of further unauthorized access and lateral movement.
• Revoke credentials and access.
• Examine all servers and systems to which the NetScaler ADC had connected for signs of compromise.
• Rebuild and restore.
• Rotate restored secrets.
• Harden the device.

In addition, the Cyber Centre strongly recommends that organizations review and implement the Cyber Centre’s Top 10 IT Security Actions with an emphasis on the following topics^{Footnote 7}.

• Patch operating systems and applications
• Harden operating systems and applications
• Isolate web-facing applications

Should activity matching the content of this alert be discovered, recipients are encouraged to report via My Cyber Portal or email contact@cyber.gc.ca.

References

Serial number: AV26-295
Date: March 30, 2026

Between March 23 and 29, 2026, Dell published security advisories to address vulnerabilities in multiple products:

• APEX Cloud Platform for Red Hat OpenShift – multiple versions
• APEX Cloud Platforms Solution Offerings – multiple versions
• APEX – multiple versions
• Dell Secure Connect Gateway Appliance – versions prior to 5.34.00.16
• Dell Storage Monitoring and Reporting – versions prior to 6.0.0.2
• Dell Storage Resource Manager – versions prior to 6.0.0.2

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• DSA-2026-152: Dell Secure Connect Gateway Security Update for Multiple Third-Party Component Vulnerabilities.
• DSA-2026-111: Dell Storage Resource Manager (SRM) and Dell Storage Monitoring and Reporting (SMR) Security Update for Multiple Third-Party Component Vulnerabilities
• DSA-2026-151: Security Update for Dell APEX Cloud Platform for Red Hat OpenShift for Multiple Third-Party Component Vulnerabilities
• Dell Security advisories and notices

Serial number: AV26-294
Date: March 30, 2026

Between March 23 and 29, 2026, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Communications Server for AIX – version 6.4
• Communications Server for Data Center Deployment – versions 7.0 to 7.1
• Communications Server for Linux on System z – version 6.4
• Communications Server for Linux – version 6.4
• DataPower Operations Dashboard – versions 1.0.23.1 to 1.0.23.2
• DataStage on Cloud Pak for Data – version 5.3.1
• IBM App Connect Enterprise Certified Containers Operands – multiple versions
• IBM App Connect Enterprise – versions 12.0.1.0 to 12.0.12.23
• IBM App Connect Enterprise – versions 13.0.1.0 to 13.0.6.2
• IBM App Connect Operator – multiple versions
• IBM CICS TX Standard – version 11.1
• IBM Common Licensing – multiple versions
• IBM DevOps Release – versions 7.0.0 to 7.0.0.5
• IBM Event Endpoint Management – versions 11.0.0 to 11.7.2
• IBM Industry Solutions Workbench – version 5.0.0.0 and 5.1.0.0
• IBM InfoSphere Optim Archive Viewer – versions 11.7 FixPack09 to 11.7 FixPack12
• IBM Knowledge Catalog Standard Cartridge – multiple versions
• IBM MQ Operator – multiple versions
• IBM Security QRadar Log Management AQL Plugin – versions 1.0.0 to 1.1.3
• IBM SPSS Modeler – multiple versions
• IBM Storage Protect Operations Center – version 8.2.0
• IBM WebSphere Automation – versions 1.11.0 to 1.11.1
• IBM supplied MQ Advanced container images – multiple versions
• IBM watsonx Code Assistant On Prem – multiple versions
• IBM webMethods BPM – version 11.1 and 10.15
• InfoSphere Information Server – versions 11.7.0.0 to 11.7.1.6
• SOAR App Host – multiple versions
• Sterling Connect:Direct FTP+ – versions 1.3.0.0 to 1.3.0.3
• UCB - IBM UrbanCode Build – version 6.1.7 to 6.1.7.9
• UCR - IBM UrbanCode Release – versions 6.2.5 to 6.2.5.11
• WebSphere Extreme Scale – version 8.6.1.0 to 8.6.1

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• IBM Product Security Incident Response

Serial number: AV26-096
Date: February 9, 2026
Updated: March 30, 2026

On February 6, 2026, Fortinet published a security advisory to address a critical vulnerability in the following product:

• FortiClientEMS 7.4 – version 7.4.4

Update 1

Open-source reporting indicates that CVE-2026-21643 is being exploited in the wild.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• SQLi in administrative interface – FG-IR-25-1142 (CVE-2026-21643)
• CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
• Fortinet PSIRT Advisories

Serial number: AV25-669
Date: October 15, 2025
Updated: March 27, 2026

On October 15, 2025, F5 published a security advisory to address vulnerabilities in the following products:

• BIG-IP (all modules) – versions 17.5.0 to 17.5.1, versions 17.1.0 to 17.1.2, versions 16.1.0 to 16.1.6, versions 15.1.0 to 15.1.10
• BIG-IP AFM – version 17.5.0, versions 17.1.0 to 17.1.2, versions 15.1.0 to 15.1.10
• BIG-IP APM – versions 17.5.0 to 17.5.1, versions 17.1.0 to 17.1.2, versions 16.1.0 to 16.1.6, versions 15.1.0 to 15.1.10
• BIG-IP APM, APM with SWG, SSL Orchestrator, SSL Orchestrator with SWG – version 17.5.0, versions 17.1.0 to 17.1.2, versions 16.1.0 to 16.1.6, versions 15.1.0 to 15.1.10
• BIG-IP ASM – versions 17.1.0 to 17.1.2, versions 16.1.0 to 16.1.5
• BIG-IP Advanced WAF/ASM – versions 17.5.0 to 17.5.1, versions 17.1.0 to 17.1.2, versions 16.1.0 to 16.1.6, versions 15.1.0 to 15.1.10
• BIG-IP Next CNF – versions 2.0.0 to 2.1.0, versions 1.1.0 to 1.4.1
• BIG-IP Next SPK – versions 2.0.0 to 2.1.0, versions 1.7.0 to 1.9.2
• BIG-IP Next for Kubernetes – versions 2.0.0 to 2.1.0
• BIG-IP PEM – version 17.5.0, versions 17.1.0 to 17.1.2, versions 16.1.0 to 16.1.6, versions 15.1.0 to 15.1.10
• BIG-IP SSL Orchestrator – version 17.5.0, versions 17.1.0 to 17.1.2, versions 16.1.0 to 16.1.5, versions 15.1.0 to 15.1.10
• F5OS-A – versions 1.8.0 to 1.8.1, versions 1.5.1 to 1.5.3
• F5OS-C – version 1.8.0 to 1.8.1, versions 1.6.0 to 1.6.2
• NGINX App Protect WAF – versions 4.5.0 to 4.6.0

On October 15, 2025, F5 also published security incident K000154696 advising that threat actors exfiltrated files from BIG-IP products and they are not aware of active exploitation of any undisclosed F5 vulnerabilities.

Update 1

F5 indicates that CVE-2025-53521 has been exploited.

On March 27, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-53521 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users/administrators to review the links provided below, to identify F5 BIG-IP products, evaluate and address any potential compromise on any networked managed interface exposed to the public internet and apply F5 security updates.

• K000156741: BIG-IP APM vulnerability CVE-2025-53521
• K000160486: Indicators of Compromise for c05d5254
• CISA KEV: CVE-2025-53521
• K000154696: F5 Security Incident
• K53108777: Hardening your F5 system
• F5 Quarterly Security Notification (October 2025)

Serial number: AV26-293
Date: March 27, 2026

On March 26, 2026, Microsoft published a security update to address vulnerabilities in the following product:

• Microsoft Edge Stable Channel – versions prior to 146.0.3856.84

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update.

• Microsoft Edge Stable Channel Release Notes

Serial number: AV26-292
Date: March 27, 2026

On March 25, 2026, Ericsson published a security advisory to address vulnerabilities in the following product:

• Ericsson Indoor Connect 8855 – versions prior to 2025.Q3

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates if available.

• Security Bulletin – Ericsson Indoor Connect 8855, March, 2026
• Ericsson Security Advisories

Serial number: AV26-291
Date: March 27, 2026

Between March 25 and 26, 2026, FreeBSD published security advisories to address vulnerabilities in the following products:

• FreeBSD – version 14.x
• FreeBSD – version 15.0
• FreeBSD – version 13.5

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• TCP: remotely exploitable DoS vector (mbuf leak) (CVE-2026-4247)
• Remote denial of service via null pointer dereference (CVE-2026-4652)
• Remote code execution via RPCSEC_GSS packet validation (CVE-2026-4747)
• pf silently ignores certain rules (CVE-2026-4748)
• FreeBSD Security Advisories

Serial number: AV26-290
Date: March 27, 2026

On March 26, 2026, Siemens published a security advisory to address vulnerabilities in the following products. Included were updates for the following products:

• CPCI85 Central Processing/Communication – versions prior to V26.10
• RTUM85 RTU Base – versions prior to V26.10
• SICORE Base system – versions prior to V26.10.0

The Cyber Centre encourages users and administrators to review the web links provided, perform the suggested mitigations and apply the necessary updates.

• SSA-246443: Multiple Vulnerabilities in SICAM 8 Products
• Siemens Security Advisories

Serial number: AV26-289
Date: March 27, 2026

On March 26, 2026, WatchGuard published security advisories to address vulnerabilities in the following products:

• Fireware OS – versions prior to 2026.2
• Fireware OS – versions prior to 12.12

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• WatchGuard Firebox Insecure Deserialization in Fireware Access Portal (CVE-2026-4266)
• WatchGuard Security Advisories

Serial number: AV26-288
Date: March 26, 2026

Between March 23 and 26, 2026, Spring published security advisories to address vulnerabilities in the following products:

• Spring Cloud Config – versions prior to 3.1.3, 4.1.9, 4.2.6, 4.3.2 and 5.0.2
• Spring AI – versions prior to 1.0.5 and 1.1.4

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• CVE-2026-22739: Spring Cloud Config Profile Substitution Can Allow Unintended Access To Files And Enable SSRF Attacks
• CVE-2026-22743: Server-Side Request Forgery via Filter Expression Keys in Neo4jVectorStore
• CVE-2026-22744: RediSearch Query via Unescaped TAG Filter Values in RedisVectorStore
• CVE-2026-22742: Server-Side Request Forgery in BedrockProxyChatModel via Unvalidated Media URL Fetching
• CVE-2026-22738: SpEL Injection via Unescaped Filter Key in SimpleVectorStore Leads to Remote Code Execution
• Spring Security Advisories

Serial number: AV26-287
Date: March 26, 2026

On March 26, 2026, HPE published a security advisory to address a vulnerability in the following product:

• HPE Telco Service Orchestrator – versions prior to v5.5.1

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• HPESBNW05031 rev.1 - HPE Telco Service Orchestrator, Multiple Vulnerabilities
• HPE Security Bulletin Library

Serial number: AV26-286
Date: March 26, 2026

On March 26, 2026, ABB published a security advisory to address vulnerabilities in the following product:

• ABB Ability Camera Connect – version 2.0.0.42 and prior

The Cyber Centre encourages users and administrators to review the provided web links and perform the suggested mitigations.

• ABB Ability Camera Connect Vulnerabilities in outdated 3rd party component (SQLite 3.2.4)
• ABB Cyber security alerts and notifications

Serial number: AV26-285
Date: March 26, 2026

On March 25, 2026, Grafana published a security advisory to address vulnerabilities in the following products:

• Grafana – versions prior to 12.4.2, 12.3.6, 12.2.8, 12.1.10 and 11.6.14

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Grafana security release: Critical and high severity security fixes for CVE-2026-27876 and CVE-2026-27880
• Grafana Blog

Serial number: AV26-283
Date: March 26, 2026
Updated: March 26, 2026

On March 22, 2026, Aqua Security published a security advisory to address a critical vulnerability in the following products:

• trivy – version v0.69.4
• trivy dockerhub images – versions v0.69.5 and v0.69.6
• setup-trivy – versions prior to v0.2.6
• trivy-action – versions prior to v0.35.0

Open-source reporting indicates that CVE-2026-33634 has been exploited.

Update 1

On 26 March 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026‑33634 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.

• Trivy ecosystem supply chain temporarily compromised
• Aqua Security Advisories
• CISA KEV:CVE-2026-33634

Serial number: AV26-284
Date: March 26, 2026

On March 25, 2026, Squid published security advisories to address vulnerabilities in the following product:

• Squid – versions prior to 7.5

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.

• SQUID-2026:1 Denial of Service in ICP Request handling
• SQUID-2026:2 Denial of Service in ICP Request handling
• SQUID-2026:3 Out of Bounds Read in ICP message handling
• Squid Security Advisories

Serial number: AV26-282
Date: March 26, 2026

On March 23, 2026, PTC published a security advisory to address vulnerabilities in the following products:

• PTC Windchill PDMLink – multiple versions
• PTC FlexPLM – multiple versions

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates, once available.

• Critical RCE vulnerability reported in Windchill
• PTC Advisory Center

Serial number: AV26-281
Date: March 25, 2026

On March 25, 2026, Cisco published a security advisory to address vulnerabilities in the following products:

• Cisco Catalyst 9300 Series Switches
• Cisco Catalyst 9200 Series Switches
• Cisco Catalyst 9000 Series Switches
• Cisco Catalyst ESS9300 Embedded Series Switches
• Cisco IOS Software
• Cisco IOS XE Software
• Cisco Secure Firewall ASA Software
• Cisco Secure FTD Software
• Cisco Catalyst IE9310 and IE9320 Rugged Series Switches
• Cisco IE3500 and IE3505 Rugged Series Switches
• Cisco Catalyst CW9800H Wireless Controllers
• Cisco Catalyst CW9800M Wireless Controllers
• Cisco Catalyst CW9800H1 Wireless Controllers
• Cisco Meraki MS390
• Cisco Catalyst SD-WAN Manager

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested recommendations, and apply the necessary updates when available.

• Cisco Event Response: March 2026 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication
• Cisco Security Advisories

Serial number: AV26-280
Date: March 25, 2026

On March 25, 2026, ISC published security advisories to address vulnerabilities in the following products:

• ISC BIND 9 – versions 9.11.0 to 9.16.50
• ISC BIND 9 – versions 9.18.0 to 9.18.46
• ISC BIND 9 – versions 9.20.0 to 9.20.20
• ISC BIND 9 – versions 9.21.0 to 9.21.19
• BIND Supported Preview Edition – versions 9.11.3-S1 to 9.16.50-S1
• BIND Supported Preview Edition – versions 9.18.11-S1 to 9.18.46-S1
• BIND Supported Preview Edition – versions 9.20.9-S1 to 9.20.20-S1

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• CVE-2026-1519: Excessive NSEC3 iterations cause high CPU load during insecure delegation validation
• CVE-2026-3104: Memory leak in code preparing DNSSEC proofs of non-existence
• CVE-2026-3119: Authenticated query containing a TKEY record may cause named to terminate unexpectedly
• CVE-2026-3591: A stack use-after-return flaw in SIG(0) handling code may enable ACL bypass
• BIND 9 Security Vulnerability Matrix

Serial number: AV26-279
Date: March 25, 2026

On March 25, 2026, Hitachi published security advisories to address vulnerabilities in the following products:

• Hitachi Ops Center Administrator (Linux) – versions 10.2.0 to versions prior to 11.0.8
• Hitachi Infrastructure Analytics Advisor (English version, Linux) – all versions
• Hitachi Ops Center Analyzer (English version, Linux) – versions 10.0.0-00 to versions prior to 11.0.5-00

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.

• Open Redirect Vulnerability in Hitachi Ops Center Administrator (CVE-2026-1166)
• Vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer (CVE-2026-2072)
• Hitachi Vulnerability Information

Serial number: AV26-278
Date: March 25, 2026

On March 25, 2026, n8n published security updates to address vulnerabilities in the following products:

• n8n (Merge Node) – multiple versions
• n8n (Community Edition) – multiple versions
• n8n (Binary Data Inline HTML Rendering) – multiple versions
• n8n (GSuiteAdmin Node) – multiple versions
• n8n (Form Trigger/Chat Trigger Nodes) – multiple versions

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update.

• n8n Security

Serial number: AV26-277
Date: March 25, 2026

On March 24, 2026, Nodejs published security advisories to address vulnerabilities in the following products:

• Node.js 20 – versions prior to v20.20.2 (LTS)
• Node.js 22 – versions prior to v22.22.2 (LTS)
• Node.js 24 – versions prior to v24.14.1 (LTS)
• Node.js 25 – versions prior to v25.8.2 (Current)

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Node.js 20.20.2 (LTS)
• Node.js 22.22.2 (LTS)
• Node.js 24.14.1 (LTS)
• Node.js 25.8.2 (Current)
• Nodejs Releases

Serial number: AV26-276
Date: March 25, 2026

On March 25, 2026, GitLab published a security advisory to address vulnerabilities in the following products:

• GitLab Community Edition (CE) – versions prior to 18.10.1, 18.9.3 and 18.8.7
• GitLab Enterprise Edition (EE) – versions prior to 18.10.1, 18.9.3 and 18.8.7

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• GitLab Patch GitLab Patch Release: 18.10.1, 18.9.3, 18.8.7
• GitLab Releases

Serial number: AV26-274
Date: March 24, 2026

On March 23, 2026, CERT@VDE published a security advisory to address vulnerabilities in the following products:

• Helmholz myREX24V2 – firmware versions 2.19.3 and prior
• Helmholz myREX24V2.virtual – firmware versions 2.19.3 and prior

The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates.

• Helmholz: Multiple Vulnerabilities in myREX24V2 / myREX24V2.virtual

Serial number: AV26-273
Date: March 24, 2026

On March 24, 2026, F5 published a security advisory to address vulnerabilities in the following products:

• NGINX Plus – versions R32 to R36
• NGINX Open Source – versions 1.0.0 to 1.29.6 and 0.5.13 to 0.9.7

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• K000160336: Out-of-band Security Notification (March 24, 2026)

Serial number: AV26-272
Date: March 24, 2026

On March 24, 2026, VMware published a security advisory to address critical vulnerabilities in the following products:

• VMware Tanzu for Postgres – versions prior to 18.3.0
• VMware Tanzu for Postgres – versions prior to 17.9.0
• VMware Tanzu for Postgres – versions prior to 16.13.0
• VMware Tanzu for Postgres – versions prior to 15.17.0
• VMware Tanzu for Postgres – versions prior to 14.22.0

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Product Release Advisory - VMware Tanzu for Postgres 18.3.0, 17.9.0, 16.13.0, 15.17.0, 14.22.0
• Security Advisories – Tanzu

Serial number: AV26-271
Date: March 24, 2026

On March 24, 2026, Mozilla published security advisories to address vulnerabilities in the following products:

• Firefox – versions prior to 149
• Firefox ESR – versions prior to 115.34
• Firefox ESR – versions prior to 140.9

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Security Vulnerabilities fixed in Firefox 149
• Security Vulnerabilities fixed in Firefox ESR 115.34
• Security Vulnerabilities fixed in Firefox ESR 140.9
• Mozilla Security Advisories

Serial number: AV26-270
Date: March 24, 2026

On March 23, 2026, Google published a security advisory to address vulnerabilities in the following product:

• Stable Channel Chrome for Desktop – versions prior to 146.0.7680.164/165 (Windows/Mac) and 146.0.7680.164 (Linux)

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates, when available.

• Google Chrome Security Advisory

Serial number: AV26-269
Date: March 23, 2026

On March 20, 2026, VMware published security advisories to address vulnerabilities in multiple Tanzu products.

The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates.

• Security Advisories - Tanzu

Serial number: AV26-268
Date: March 23, 2026

On March 20, 2026, Microsoft published a security update to address vulnerabilities in the following product:

• Microsoft Edge Stable Channel – versions prior to 146.0.3856.72

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update.

• Microsoft Edge Stable Channel Release Notes

Serial number: AV25-300
Date: May 28, 2025
Updated: March 23, 2026

On April 7, 2025, Craft CMS published a security advisory to address a critical vulnerability in the following product:

• Craft CMS – versions prior to 9.15, 4.14.15 and 5.6.17

Craft CMS has received reports that CVE-2025‑32432 has been exploited.

Update 1

On March 20, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025‑32432 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates, when available.

• Craft CMS and CVE-2025‑32432
• Craft CMS Security Articles
• CISA KEV: CVE-2025‑32432