Serial number: AV26-614
Date: June 17, 2026

On June 17, 2026, Splunk published security advisories to address vulnerabilities in the following product. Included was a critical update for the following:

• Splunk AI Toolkit – versions prior to 5.7.4

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• OS Command Injection in the btool Configuration Helper in Splunk AI Toolkit
• Splunk Security Advisories

Serial number: AV26-613
Date: June 17, 2026

On June 17, 2026, Cisco published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following product:

Cisco ISE (Identity Services Engine) and Cisco ISE-PIC (Passive Identity Connector)

• Cisco ISE and ISE-PIC Releases prior to 3.3 - all versions
• Cisco ISE and ISE-PIC Release 3.3 - versions prior to 3.3 Patch 11
• Cisco ISE and ISE-PIC Release 3.4 - versions prior to 3.4 Patch 6
• Cisco ISE and ISE-PIC Release 3.5 - versions prior to 3.5 Patch 4 (August 2026)

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates, when available.

• Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities
• Cisco Security Advisories

Serial number: AV26-612
Date: June 17, 2026

On June 17, 2026, F5 published a security advisory to address vulnerabilities in the following products:

• F5 DoS for NGINX - version 4.9.0
• F5 WAF for NGINX Instance Manager - versions 5.9.0 to 5.13.1
• NGINX App Protect DoS - versions 4.3.0 to 4.7.0
• NGINX App Protect WAF - versions 5.2.0 to 5.8.0 and 4.10.0 to 4.16.0
• NGINX Open Source - versions 1.30.0 to 1.30.2 and 1.31.0 to 1.31.1
• NGINX Instance Manager - versions 2.17.0 to 2.22.0
• NGINX Gateway Fabric - multiple versions
• NGINX Ingress Controller - multiple versions
• NGINX Plus - version 37.0.0 R33 to 37.01 R36

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• K000161614: Out-of-band Security Notification (June 17, 2026)
• MyF5

Serial number: AV26-611
Date: June 17, 2026

On June 17, 2026, Mitel published a security advisory to address vulnerabilities in the following products. Included were critical updates for the following:

• MiCollab - multiple versions
• MiVoice Business Solution Virtual Instance (MiVB SVI) - version 2.1.0.9-2 and prior

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Mitel Product Security Advisory MISA-2026-0005
• Mitel Security Bulletins

Serial number: AV26-610
Date: June 17, 2026

On June 16, 2026, Moxa published security advisories to address vulnerabilities in the following products:

• NPort 6000-G2 Series - version v1.1.0 and prior
• NPort W2150A-W4/W2250A-W4 Series - firmware version v1.5 and prior
• NPort W2150A/W2250A Series - firmware version v2.3 and prior

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates. 

• CVE-2026-10825: Improper Validation of Input Vulnerability in Serial Device Servers
• CVE-2026-10828, CVE-2026-10829: Use of Externally-Controlled Format String and Stack-based Buffer Overflow Vulnerabilities in Serial Device Servers
• Moxa Security Advisories (en anglais seulement)

Serial number: AV26-609
Date: June 17, 2026

On June 16, 2026, Google published a security advisory to address vulnerabilities in the following product:

• Stable Channel Chrome for Desktop – versions prior to0.7827.155/.156 (Windows/Mac), and 149.0.7827.155 (Linux)

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates, when available.

• Google Chrome Security Advisory

Serial number: AV26-608
Date: June 17, 2026

On June 16, 2026, Atlassian published a security advisory to address vulnerabilities, including some critical ones, in the following products:

• Bamboo Data Center and Server - multiple versions
• Bitbucket Data Center and Server - multiple versions
• Confluence Data Center and Server - multiple versions
• Crowd Data Center and Server - multiple versions
• Fisheye/Crucible - versions 4.9.0 to 4.9.10
• Jira Data Center and Server - multiple versions
• Jira Service Management Data Center and Server - multiple versions

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Security Bulletin - June 16 2026
• Atlassian Security Advisories and Bulletins

Serial number: AV26-607
Date: June 17, 2026

On June 16, 2026, Microsoft published a security advisory to address a vulnerability in the following product:

• Microsoft Malware Protection Engine

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates when available.

• Microsoft Defender Elevation of Privilege Vulnerability (CVE-2026-50656)

Serial number: AV26-606
Date: June 17, 2026

On June 16, 2026, JetBrains published a security advisory to address vulnerability in the following product:

• JetBrains GoLand – versions prior to 2026.1.3

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• JetBrains – Fixed security issues

Serial number: AV26-605
Date: June 17, 2026

On June 16, 2026, Oracle published a security advisory to address vulnerabilities in multiple products. Included were critical updates for the following:

• APM - Application Performance Management
• Identity Manager
• Identity Manager Connector
• JD Edwards EnterpriseOne Accounts Payable
• JD Edwards EnterpriseOne General Ledger
• JD Edwards EnterpriseOne Human Resources Management
• JD Edwards EnterpriseOne Order Promising
• JD Edwards EnterpriseOne Project Costing
• JD Edwards EnterpriseOne Tools
• MySQL Cluster
• MySQL NDB Cluster
• MySQL Router
• MySQL Server
• MySQL Shell
• Oracle Access Manager
• Oracle Agile PLM
• Oracle Application Development Framework (ADF)
• Oracle Coherence
• Oracle Communications Convergent Charging Controller
• Oracle Communications Network Charging and Control
• Oracle Communications Network Integrity
• Oracle Data Integrator
• Oracle E-Business Suite
• Oracle Enterprise Manager Base Platform
• Oracle GoldenGate
• Oracle Solaris
• Oracle Unified Directory
• Oracle VM VirtualBox
• Oracle Virtual Directory
• Oracle WebCenter Content
• Oracle WebCenter Enterprise Capture
• Oracle WebCenter Portal
• Oracle WebCenter Sites
• PeopleSoft Enterprise CS Campus Community
• PeopleSoft Enterprise CS Student Financials
• PeopleSoft Enterprise PT PeopleTools
• Siebel Applications
• WebCenter Content: Imaging
• WebLogic Server

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Oracle Critical Patch Update Advisory – June 2026

Serial number: AV26-604
Date: June 16, 2026

On June 16, 2026, Mozilla published security advisories to address vulnerabilities in the following products:

• Firefox – versions prior to 152
• Firefox for iOS – versions prior to 152
• Firefox EST – versions prior to 140.12
• Firefox ESR – versions prior to 115.37

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Mozilla Foundation Security Advisory 2026-59
• Mozilla Foundation Security Advisory 2026-58
• Mozilla Foundation Security Advisory 2026-57
• Mozilla Foundation Security Advisory 2026-56
• Mozilla Security Advisories

Serial number: AV26-603
Date: June 16, 2026

On June 16, 2026, Zyxel published a security advisory to address vulnerabilities in the following products:

• GS1900 series switches – multiple versions and models

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Zyxel security advisory for stack-based buffer overflow vulnerability in GS1900 series switches
• Zyxel Advisories

Serial number: AV26-351
Date: April 14, 2026
Updated: June 16, 2026

On April 14, 2026, Fortinet published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• FortiSandbox 4.4 – versions 4.4.0 to 4.4.8
• FortiSandbox 5.0 – versions 5.0.0 to 5.0.5
• FortiAnalyzer Cloud 7.6 – versions 7.6.2 to 7.6.4
• FortiManager Cloud 7.6 – versions 7.6.2 to 7.6.4
• FortiDDoS-F 7.2 – versions 7.2.1 to 7.2.2

Update 1

Open-source reporting indicates that CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089 have been exploited.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• OS Command Injection through API endpoint
• Unauthenticated Authentication bypass and Privilege escalation in FortiSandbox
• Heap-based buffer overflow in oftpd daemon
• SQL Injection via API
• Fortinet PSIRT Advisories

Serial number: AV26-602
Date: June 15, 2026

On June 15, 2026, Cisco published a security advisory to address a vulnerability in the following product:

• Cisco Catalyst SD-WAN Manager – multiple versions and all deployment types

Cisco is aware of exploitation of this vulnerability.

On June 15, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-20262 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates, when available.

• Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability (CVE-2026-20262)
• Cisco Security Advisories
• CISA KEV: CVE-2026-20262

Serial number: AV26-601
Date: June 15, 2026

Between June 8 and 14, 2026, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder – multiple versions and platforms
• Red Hat Enterprise Linux – multiple versions and platforms
• Red Hat Enterprise Linux Server – multiple versions and platforms
• Red Hat Enterprise Linux for Real Time – multiple versions and platforms

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Red Hat Security Advisories

Serial number: AV26–600
Date: June 15, 2026

Between June 8 and 14, 2026, CISA published ICS advisories to address vulnerabilities in the following products:

• Schneider Electric Modicon Network Managed Switches – all versions
• Siemens KACO Blueplanet Inverters – multiple versions and models
• Schneider Electric EcoStruxure Panel Servers – multiple versions and models
• Yarbo Android/IOS mobile application – versions prior to v3.17.4
• Yarbo Cloud MQTT infrastructure – all versions
• Naxclow IoT Platform – all versions
• Brickcom Cameras – multiple versions and models

The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.

• CISA ICS Advisories

Serial number: AV26-599
Date: June 15, 2026

Between June 8 and 14, 2026, Ubuntu published security notices to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS

The Cyber Centre encourages users and administrators to review the web link provided and apply the necessary updates.

• Ubuntu Security Notices

Serial number: AV26-598
Date: June 15, 2026

Between June 8 and 14, 2026, Dell published security advisories to address vulnerabilities in multiple products:

• Dell NativeEdge Orchestrator – versions prior to 4.2.0.0
• iDRAC Tools – versions prior to 11.4.1.0
• PowerEdge – multiple versions
• PowerScale – multiple versions
• PowerStore – multiple versions

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• DSA-2026-273: Dell PowerStore T Security Update for Multiple Vulnerabilities
• DSA-2026-256: Security Update for Dell Native Edge Orchestrator (EO)
• DSA-2026-237: Security Update for Dell PowerScale OneFS Multiple Third-Party Component Vulnerabilities
• Dell Security advisories and notices

Serial number: AV26-597
Date: June 15, 2026

Between June 8 and 14, 2026, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• IBM Aspera Shares – versions 1.9.9 to 1.11.2
• IBM Automation Decision Services – multiple versions
• IBM Cloud Pak for Applications – multiple versions
• IBM Cloud Pak for Data System (CPDS) – versions 1.0.0.0 to 1.0.10.0
• IBM DevOps Code ClearCase – version 11.0
• IBM Enterprise Application Runtimes – versions 1.0 and 1.1
• IBM Enterprise Build of Quarkus – versions 3.27.0 to 3.27.3.SP2
• IBM Event Processing – versions 1.5.0 to 1.5.2
• IBM Guardium Key Lifecycle Manager (SKLM/GKLM) – version 4.1
• IBM Maximo Scheduler Optimization – multiple versions
• IBM Observability with Instana (OnPrem) – versions Build 1.0.285 to 1.0.317
• IBM Process Automation Manager Open Edition Starter Kit for Banking – version 9.3.1
• IBM Rational ClearCase – version 10.0.0
• IBM Rational ClearCase – version 9.1
• IBM Rational ClearQuest – versions 9.1 to 9.1.0.11, versions 10.0 to 10.0.10
• IBM Rational Developer for i (RDi) – version 9.9
• IBM Software Support App (iOS) – versions 4.0.0 to 4.0.1
• IBM Software Support app (Android) – versions 4.0.0 to 4.0.1
• IBM Tivoli Monitoring – versions 6.3.0.7 to 6.3.0.7 Service Pack 22
• IBM Tivoli Network Manager IP Edition – versions 4.2 GA to 4.2.0.24
• IBM Verify Identity Access Digital Credentials – versions 24.06 to 26.03
• IBM WebSphere Application Server Liberty – versions 17.0.0.3 to 26.0.0.5
• IBM WebSphere Application Server – multiple versions
• IBM WebSphere Hybrid Edition – version 5.1
• IBM i – multiple versions
• IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data – versions 4.8.4 to 4.8.5
• IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data – versions 5.0.0 to 5.3.2
• IBM watsonx Orchestrate Developer Edition – versions 1.4.0 to 2.10.0
• ICP – Discovery – versions 5.0.0 to 5.3.1
• Langflow OSS – versions 1.0.0 to 1.8.4
• SPSS Collaboration and Deployment Services – multiple versions
• Technical Support Appliance – multiple versions

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• IBM Product Security Incident Response

Serial number: AV26–596
Date: June 12, 2026

On June 12, 2026, FreePBX published security advisories to address vulnerabilities in the following products:

• FreePBX Security-Reporting ucp (FreePBX 16) – versions prior to 0.39
• FreePBX Security-Reporting ucp (FreePBX 17) – versions prior to 0.7
• FreePBX Security-Reporting superfecta (FreePBX 16) – versions prior to 16.0.40
• FreePBX Security-Reporting superfecta (FreePBX 17) – versions prior to 17.0.7

The Cyber Centre encourages users and administrators to review the web links provided, apply the necessary updates and perform the suggested mitigations.

• Authenticated Command Injection in FreePBX UCP Interface
• Authenticated Superfecta Arbitrary PHP Code Execution (RCE via Unsafe File Inclusion)
• FreePBX Security Advisories

Serial number: AV26-595
Date: June 12, 2026

On June 11, 2026, GeoServer published a security advisory to address vulnerabilities in the following products:

• GeoServer – versions prior to 3.0.0
• GeoTools – versions prior to 35.0
• GeoWebCache – versions prior to 2.0.0

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• GeoServer 3.0.0 Release
• GeoServer

Serial number: AV26-587
Date: June 11, 2026
Updated: June 12, 2026

On June 10, 2026, Oracle published a security advisory to address a critical vulnerability in the following product:

• PeopleSoft Enterprise PeopleTools – versions 8.61 and 8.62

Open-source reporting indicates that CVE-2026-35273 is being exploited in the wild.

Update 1

On June 12, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-35273 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links and perform the suggested mitigations.

• Oracle Security Alert Advisory - CVE-2026-35273
• Oracle Critical Patch Updates, Security Alerts and Bulletins
• CISA KEV: CVE-2026-35273

Serial number: AV26-594
Date: June 12, 2026

On June 12, 2026, Moxa published a security advisory to address vulnerabilities in the following products:

• UC-1200A / UC-2200A /UC-3400A /UC-4400A /UC-8200 series– multiple versions and models
• V1200 Series – version v1.2.0 and prior
• V3200 / V3400 series – version v1.1 and prior
• V2406C WL Models – version v1.2 and prior

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates. 

• CVE-2026-9266: Missing Required Cryptographic Step Vulnerability in Industrial Computers
• Moxa Security Advisories

Serial number: AV26-593
Date: June 12, 2026

On June 11, 2026, Google published a security advisory to address vulnerabilities in the following product:

• Stable Channel Chrome for Desktop – versions prior to 149.0.7827.114/115 (Windows/Mac), and 149.0.7827.114 (Linux)

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates, when available.

• Google Chrome Security Advisory

Serial number: AV26-592
Date: June 12, 2026

Between June 10 and 11, 2026, Spring published security advisories to address vulnerabilities in the following products:

• Spring Cloud Sleuth – versions 3.1.0 to 3.1.13
• Spring Statemachine – multiple versions
• Spring Cloud Gateway – multiple versions
• Spring Integration – multiple versions
• Spring for GraphQL – multiple versions

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Spring Security Advisories

Serial number: AV26-591
Date: June 12, 2026

On June 9, 2026, Microsoft published a security update to address vulnerabilities in the following product:

• Microsoft Edge Stable Channel – versions prior to 149.0.4022.62

Microsoft has indicated that CVE-2026-11645 has an available exploit.

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update.

• Microsoft Edge Stable Channel Release Notes

Serial number: AV26-567
Date: June 9, 2026
Updated: June 11, 2026

On June 9, 2026, Ivanti published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Ivanti Sentry – versions 10.5.1, 10.6.1, 10.7.0 and prior
• Ivanti Endpoint Manager Mobile – versions 12.9.0, 12.8.0.2, 12.7.0.1 and prior

Update 1

On June 11, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-10520 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Security Advisory Ivanti Sentry (CVE-2026-10520, CVE-2026-10523)
• Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2026-6973 and CVE-2026-10727)
• Ivanti Security Advisories
• CISA KEV: CVE-2026-10520

Serial number: AV26-590
Date: June 11, 2026

On June 11, 2026, Check Point published a security advisory to address a vulnerability in the following product:

• Identity Agent – versions prior to 81.087.0000

The Cyber Centre encourages users and administrators to review the provided web links and perform the suggested mitigations.

• Check Point Response to CVE-2026-10847- Identity Agent Local Privilege Escalation Vulnerability
• Check Point Security

Serial number: AV26-589
Date: June 11, 2026

On June 10, 2026, Ubiquiti published a security advisory to address vulnerabilities in the following products. Included were critical updates for the following:

• UID Enterprise Agent – version 1.61.3 and prior
• UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UCK, UCKP, UCK-Enterprise, UNVR, UNVR-Pro, UNVR-Instant, ENVR, ENVR-Core, UNVR-G2, UNVR-G2-Pro, UCG-Ultra, UCG-Max, UCG-Industrial and UCG-Fiber – version 5.1.12 and prior
• UniFi OS Server – version 5.0.8 and prior
• UDM-Beast – version 5.1.11 and prior
• UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4 and UNAS-Pro-8 – version 5.1.10 and prior
• Express – version 4.0.14 and prior

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Ubiquiti UniFi - Security Advisory Bulletin 065
• Ubiquiti UniFi Security Releases

Serial number: AV26-588
Date: June 11, 2026

On June 10, 2026, GitLab published a security advisory to address vulnerabilities in the following products:

• GitLab Community Edition (CE) – versions prior to 19.0.2, 18.11.5 and 18.10.8
• GitLab Enterprise Edition (EE) – versions prior to 19.0.2, 18.11.5 and 18.10.8

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• GitLab Patch Release: 19.0.2, 18.11.5, 18.10.8
• GitLab Releases

Serial number: AV26-586
Date: June 10, 2026

On June 10, 2026, Splunk published security advisories to address vulnerabilities in the following products:

• Splunk SOAR – versions prior to 8.5.0
• Splunk Enterprise – multiple versions and platforms
• Splunk Cloud Platform – multiple versions and platforms

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Splunk Security Advisories

Serial number: AV26-585
Date: June 10, 2026

On June 9, 2026, Broadcom published a security advisory to address vulnerabilities in the following product. Included was a critical update for the following:

• VMware Tanzu for Valkey on Kubernetes – versions prior to 3.4.1

The Cyber Centre encourages users and administrators to review the web links provided and apply the necessary updates.

• Product Release Advisory - VMware Tanzu for Valkey on Kubernetes 3.4.1
• Security Advisories - Tanzu

Serial number: AV26-584
Date: June 10, 2026

On June 10, 2026, n8n published security advisories to address vulnerabilities in multiple products:

• n8n (Credential Exfiltration) – multiple versions
• n8n (Cross-Tenant Credential) – multiple versions
• n8n (n8n MCP Browser) – versions 2.26.2 to 2.25.7
• n8n(SecurityScorecard Node) – multiple versions

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update.

• Credential Exfiltration via Permission Bypass
• Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints
• n8n MCP Browser HTTP Transport Exposes Unauthenticated Browser-Control Sessions
• SecurityScorecard Node Leaks API Token to User-Controlled Host
• n8n Security

Serial number: AV26-483
Date: June 10, 2026

On June 10, 2026, Palo Alto Networks published security advisories to address vulnerabilities in the following products:

• Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.0 – versions prior to 1.2.0
• Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.0 – versions prior to 1.2.0
• Prisma Browser – versions prior to 148.18.4.217

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.

• CVE-2026-0274 Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration
• PAN-SA-2026-0008 Chromium: Monthly Vulnerability Update (June 2026)
• Palo Alto Network Security Advisories

Serial number: AV26-582
Date: June 10, 2026

On June 10, 2026, HPE published a security advisory to address vulnerabilities in the following products:

• HPE Telco Suite – multiple versions and models

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• HPESBNW05061 rev.1 - HPE Telco Suite, Multiple Vulnerabilities
• HPE Security Bulletin Library

Serial number: AV26-581
Date: June 10, 2026

On June 10, 2026, Erlang published security advisories to address vulnerabilities in the following products:

• OTP – versions prior to 27.3.4.13, 28.5.0.2 and 29.0.2
• erts (OTP) – versions prior to 15.2.7.9, 16.4.0.2 and 17.0.2
• inets (otp) – versions prior to 9.7.1, 9.6.2.2 and 9.3.2.6
• ssl (OTP) – versions prior to 11.7.2, 11.6.0.2 and 11.2.12.9

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Unbounded Stack Buffer Overflow in SCTP Error Cause Parsing in inet_drv
• Distribution-over-TLS LAN Allowlist is Silently Bypassed
• httpc leaks Authorization header to cross-origin redirect targets
• Erlang Security

Serial number: AV26-580
Date: June 10, 2026

On June 10, 2026, ABB published a security advisory to address a vulnerability in the following products:

• PPC3100 – versions prior to 1.8.1
• C50 – versions prior to 1.8.0
• C80 – versions prior to 1.8.0
• FT50 – versions prior to 1.8.1
• MT50 – versions prior to 1.8.1
• T30 – versions prior to 1.8.0
• T80 – versions prior to 1.8.0
• T50 – versions prior to 1.8.1

The Cyber Centre encourages users and administrators to review the provided web links and perform the suggested mitigations.

• XZ Utils vulnerability impacting B&R Products CVE ID: CVE-2025-31115 (PDF)
• ABB Cyber security alerts and notifications

Serial number: AV26–579
Date: June 10, 2026

On June 10, 2026, FreePBX published a security advisory to address a vulnerability in the following product:

• FreePBX Security-Reporting music (FreePBX 16) – versions 16.0.4 and prior
• FreePBX Security-Reporting music (FreePBX 17) – versions 17.0.6 and prior

The Cyber Centre encourages users and administrators to review the web links provided, apply the necessary updates and perform the suggested mitigations.

• Authenticated Remote Code Execution in FreePBX Music on Hold (MoH) Module
• FreePBX Security Advisories

Serial number: AV26-578
Date: June 10, 2026

On June 10, 2026, Jenkins published a security advisory to address vulnerabilities in the following products:

• Jenkins weekly – version 2.567 and prior
• Jenkins LTS – version 2.555.2 and prior

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Jenkins Security Advisory 2026-06-10
• Jenkins Security Advisories

Serial number: AV26-577
Date: June 10, 2026

On June 9, 2025, AMD published security advisories to address vulnerabilities in multiple products.

• Versal Prime Series Gen 2
• Versal AI Edge Series Gen 2
• AMD Management Console (AMC) – versions prior to 14.0.0
• AMD Ryzen Master – versions prior to 2.14.3
• AMD µProf – versions prior to 5.3

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.

• ARM CPU Vulnerability: Bypass of Stage 1 translation, Stage-2 translation, or GPT Protection
• AMD Auto Updater Vulnerability
• AMD Product Security

Serial number: AV26-576
Date: June 10, 2026

On June 9, 2026, FreeBSD published security advisories to address vulnerabilities in the following product:

• FreeBSD – all supported versions

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• FreeBSD Security Advisories

Serial number: AV26-575
Date: June 10, 2026

On June 9, 2026, Mozilla published a security advisory to address vulnerabilities in the following products:

• Focus for iOS – versions prior to 151.3.1
• Klar for iOS – versions prior to 151.3.1

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Mozilla Foundation Security Advisory 2026-55
• Mozilla Security Advisories

Serial number: AV26-574
Date: June 10, 2026

Between June 9 and 10, 2026, Spring published security advisories to address vulnerabilities in the following products:

• Spring AMQP – multiple versions
• Spring Authorization Server – multiple versions
• Spring Web Services – multiple versions
• Spring Web Flow – multiple versions
• Spring REST Docs – multiple versions
• Spring Data Commons – multiple versions
• Spring Data Relational – multiple versions
• Spring Security – multiple versions
• Spring Data MongoDB – multiple versions
• Spring Data JDBC – multiple versions
• Spring Data KeyValue – multiple versions
• Spring Data R2DBC – multiple versions
• Spring Data Redis – multiple versions
• Spring Data REST – multiple versions
• Spring for Apache Kafka – multiple versions
• Spring for Apache Pulsar – multiple versions
• Spring Data Commons (transitively affects all Spring Data store modules) – multiple versions

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Spring Security Advisories

Serial number: AV26-573
Date: June 10, 2026

On June 9, 2026, HPE published a security advisory to address a vulnerability in the following product:

• HPE ProLiant RL300 Gen11 – versions prior to 1.84_04-02-2026

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• HPESBHF05057 rev.1 - HPE RL300 Server Using Arm Processors, Local Disclosure of Privileged Information
• HPE Security Bulletin Library

Serial number: AV26-572
Date: June 10, 2026

On June 9, 2026, OpenSSL published security advisories to address vulnerabilities in the following product:

• OpenSSL – versions 4.0.0 to versions prior to 4.0.1
• OpenSSL – versions 3.6.0 to versions prior to 3.6.3
• OpenSSL – versions 3.5.0 to versions prior to 3.5.7
• OpenSSL – versions 3.4.0 to versions prior to 3.4.6
• OpenSSL – versions 3.0.0 to versions prior to 3.0.21
• OpenSSL – versions 1.1.1 to versions prior to 1.1.1zh
• OpenSSL – versions 1.0.2 to versions prior to 1.0.2zq

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• OpenSSL Vulnerabilities

Serial number: AV26-551
Date: June 5, 2026
Updated: June 9, 2026

On June 4, 2026, Cisco published a security advisory to address a vulnerability in the following product:

• Cisco Catalyst SD-WAN Manager

Update 1

On June 9, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-20245 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates, when available.

• Cisco Catalyst SD-WAN Manager Authenticated Privilege Escalation Vulnerability (CVE-2026-20245)
• Cisco Security Advisories
• CISA KEV: CVE-2026-20245

Serial number: AV26-571
Date: June 9, 2026

On June 9, 2026, HPE published a security advisory to address vulnerabilities in the following products:

• HPE Aruba Networking Management Software (Airwave) – version 8.3.0.6 and prior
• HPE Aruba Networking Private 5G Management Dashboard – all versions

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• HPESBNW05064 rev.1 - Status of NGINX ngx_http_rewrite_module Vulnerability (CVE-2026-42945) in HPE Aruba Networking Products
• HPE Security Bulletin Library

Serial number: AV26-570
Date: June 9, 2026

On June 9, 2026, Adobe published security advisories to address critical vulnerabilities in the following products:

• Adobe Experience Manager (AEM) – version AEM Cloud Service (CS)
• Adobe Experience Manager (AEM) – version 6.5 LTS SP1 and prior
• Adobe Experience Manager (AEM) – version SP24 and prior
• Adobe Experience Manager 6.5 LTS – version SP1 and prior
• Adobe Experience Manager 6.5 – version 6.5.24.0 and prior
• Adobe InDesign – version ID21.3 and prior
• Adobe InDesign – version ID20.5.3 and prior
• Adobe InCopy – version 21.3 and prior
• Adobe InCopy – version 20.5.3 and prior
• Adobe Substance 3D Sampler – version 6.0.0 and prior
• Content Credentials JS SDK – version @contentauth/c2pa-web@0.8.3 and prior
• Content Credentials Rust SDK – version c2pa-v0.85.1 and prior
• Adobe Dreamweaver – version 21.7 and prior
• Adobe Acrobat – version 26.001.21651 and prior
• Adobe Reader – version 26.001.21651 and prior
• Adobe 2024 – version 24.001.30365 and prior
• Adobe ColdFusion 2025 – Update 8 and prior
• Adobe ColdFusion 2023 – Update 19 and prior
• Adobe Format Plugins – version 1.1.52 and prior
• Adobe Campaign Classic – version ACC v7: 7.4.3 build 9394 and prior

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Adobe Security Advisories

Serial number: AV26-569
Date: June 9, 2026

On June 9, 2026, Microsoft published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products:

• .NET 10.0
• .NET 8.0
• .NET 9.0
• ASP.NET
• Azure Connected Machine Agent
• Azure HorizonDB
• Azure Kubernetes Service
• Azure Local
• Azure Logic Apps
• Azure Machine Learning
• Azure Monitor Agent
• Azure Monitor Agent Metrics Extension
• Azure Orbital Spatio
• Azure Privileged Identity Management (PIM)
• Azure Resource Manager
• Azure SDK
• Azure Stack Edge
• Azure Stack HCI
• Azure Virtual Network Gateway
• Copilot Chat
• Linux kernel - Microsoft MANA Network Driver
• M365 Copilot for Desktop
• Microsoft .NET Framework
• Microsoft 365
• Microsoft 365 Copilot
• Microsoft Authenticator
• Microsoft Bing
• Microsoft Confluence SAML SSO plugin
• Microsoft Data Formulator
• Microsoft Defender for Endpoint for Mac
• Microsoft Dynamics 365
• Microsoft Edge
• Microsoft Entra ID
• Microsoft Excel
• Microsoft Excel 2016
• Microsoft Exchange Online
• Microsoft Exchange Server
• Microsoft Global Secure Access (GSA)
• Microsoft Graph
• Microsoft JIRA SAML SSO plugin
• Microsoft Live Share Canvas SDK
• Microsoft Malware Protection Engine
• Microsoft Office
• Microsoft Office 2016
• Microsoft Office 2019
• Microsoft Office 365
• Microsoft Office LTSC
• Microsoft Outlook for iOS
• Microsoft PC Manager
• Microsoft Planetary Computer Pro (GeoCatalog)
• Microsoft Power Pages
• Microsoft PowerPoint for Android
• Microsoft PowerToys
• Microsoft SQL Server 2016
• Microsoft SQL Server 2017
• Microsoft SQL Server 2019
• Microsoft SQL Server 2022
• Microsoft SQL Server 2025
• Microsoft SharePoint Enterprise Server 2016
• Microsoft SharePoint Server 2019
• Microsoft Teams
• Microsoft Visual Studio
• Microsoft Visual Studio 2026
• Microsoft Word
• Microsoft Word 2016
• Nuance PowerScribe 360
• Nuance PowerScribe One
• Office Online Server
• Power Automate for Desktop
• PowerScribe One
• Remote Desktop client
• Visual Studio
• Visual Studio Code
• Windows 10
• Windows 11
• Windows Admin Center
• Windows Admin Center in Azure Portal
• Windows App Client
• Windows Narrator Braille
• Windows Server 2012
• Windows Server 2016
• Windows Server 2019
• Windows Server 2022
• Windows Server 2025

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• June 2026 Security Updates

<

Serial number: AV26-561
Date: June 9, 2026

On June 8, 2026, Google published a security advisory to address vulnerabilities in the following product:

• Stable Channel Chrome for Desktop – versions prior to 149.0.7827.102/.103 (Windows/Mac), and 149.0.7827.102 (Linux)

Google is aware that an exploit for CVE-2026-11645 exists in the wild.

Update 1

On June 9, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-11645 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates, when available.

• Google Chrome Security Advisory
• CISA KEV: CVE-2026-11645