ZDI: Upcoming Advisories The following is a list of vulnerabilities discovered by Zero Day Initiative researchers that are yet to be publicly disclosed. The affected vendor has been contacted on the specified date and while they work on a patch for these vulnerabilities, TrendAI customers are protected from exploitation by IPS filters delivered ahead of public disclosure. Once the affected vendor patches the vulnerability, we publish an accompanying security advisory which describes the issue, including links to the vendor’s fixes.
- ZDI-CAN-30380: Apple
on April 9, 2026 at 5:00 amA CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Michael DePlante (@izobashi) of TrendAI Zero Day Initiative’ was reported to the affected vendor on: 2026-04-09, 1 days ago. The vendor is given until 2026-08-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-30375: Adobeon April 9, 2026 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘DongHyeon Hwang (kind_killerwhale)’ was reported to the affected vendor on: 2026-04-09, 1 days ago. The vendor is given until 2026-08-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-28694: AVGon April 9, 2026 at 5:00 am
A CVSS score 7.3 AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2026-04-09, 1 days ago. The vendor is given until 2026-08-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-29340: OriginLabon April 9, 2026 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘rgod’ was reported to the affected vendor on: 2026-04-09, 1 days ago. The vendor is given until 2026-08-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-30385: OpenSSLon April 9, 2026 at 5:00 am
A CVSS score 3.1 AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N severity vulnerability discovered by ‘TrendAI Zero Day Initiative’ was reported to the affected vendor on: 2026-04-09, 1 days ago. The vendor is given until 2026-08-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-29335: OriginLabon April 9, 2026 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘rgod’ was reported to the affected vendor on: 2026-04-09, 1 days ago. The vendor is given until 2026-08-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-29333: OriginLabon April 8, 2026 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘rgod’ was reported to the affected vendor on: 2026-04-08, 2 days ago. The vendor is given until 2026-08-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-29541: Oracleon April 8, 2026 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Mat Powell of TrendAI Zero Day Initiative’ was reported to the affected vendor on: 2026-04-08, 2 days ago. The vendor is given until 2026-08-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-30379: OpenSSLon April 8, 2026 at 5:00 am
A CVSS score 6.5 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L severity vulnerability discovered by ‘FuzzOps of TrendAI Zero Day Initiative’ was reported to the affected vendor on: 2026-04-08, 2 days ago. The vendor is given until 2026-08-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-29338: OriginLabon April 8, 2026 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘rgod’ was reported to the affected vendor on: 2026-04-08, 2 days ago. The vendor is given until 2026-08-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-29542: Oracleon April 8, 2026 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Mat Powell of TrendAI Zero Day Initiative’ was reported to the affected vendor on: 2026-04-08, 2 days ago. The vendor is given until 2026-08-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-29259: MaterialXon April 8, 2026 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘David Bors (@davidxbors), Catalin Iovita (@cataliniovita)’ was reported to the affected vendor on: 2026-04-08, 2 days ago. The vendor is given until 2026-08-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-29429: BlueZon April 8, 2026 at 5:00 am
A CVSS score 7.1 AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘p0her’ was reported to the affected vendor on: 2026-04-08, 2 days ago. The vendor is given until 2026-08-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-30364: Linuxon April 8, 2026 at 5:00 am
A CVSS score 7.1 AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:L severity vulnerability discovered by ‘Nicholas Zubrisky (@NZubrisky) of TrendAI Research’ was reported to the affected vendor on: 2026-04-08, 2 days ago. The vendor is given until 2026-08-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-29543: Oracleon April 8, 2026 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Mat Powell of TrendAI Zero Day Initiative’ was reported to the affected vendor on: 2026-04-08, 2 days ago. The vendor is given until 2026-08-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-29324: Backblazeon April 7, 2026 at 5:00 am
A CVSS score 6.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H severity vulnerability discovered by ‘hamdi’ was reported to the affected vendor on: 2026-04-07, 3 days ago. The vendor is given until 2026-08-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-29318: Fabric.json April 7, 2026 at 5:00 am
A CVSS score 4.0 AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N severity vulnerability discovered by ‘nedlir’ was reported to the affected vendor on: 2026-04-07, 3 days ago. The vendor is given until 2026-08-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-29165: Kohaon April 7, 2026 at 5:00 am
A CVSS score 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Shukrulloh Raximov’ was reported to the affected vendor on: 2026-04-07, 3 days ago. The vendor is given until 2026-08-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-29326: Backblazeon April 7, 2026 at 5:00 am
A CVSS score 6.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H severity vulnerability discovered by ‘hamdi’ was reported to the affected vendor on: 2026-04-07, 3 days ago. The vendor is given until 2026-08-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-29327: Backblazeon April 7, 2026 at 5:00 am
A CVSS score 6.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H severity vulnerability discovered by ‘hamdi’ was reported to the affected vendor on: 2026-04-07, 3 days ago. The vendor is given until 2026-08-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-30351: Splunkon April 7, 2026 at 5:00 am
A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Vladislav Berghici of TrendAI Research’ was reported to the affected vendor on: 2026-04-07, 3 days ago. The vendor is given until 2026-08-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-29330: Backblazeon April 7, 2026 at 5:00 am
A CVSS score 6.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H severity vulnerability discovered by ‘hamdi’ was reported to the affected vendor on: 2026-04-07, 3 days ago. The vendor is given until 2026-08-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-29328: Backblazeon April 7, 2026 at 5:00 am
A CVSS score 6.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H severity vulnerability discovered by ‘hamdi’ was reported to the affected vendor on: 2026-04-07, 3 days ago. The vendor is given until 2026-08-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-28208: Allegraon April 7, 2026 at 5:00 am
A CVSS score 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by ‘Swagat Kumar Mishra’ was reported to the affected vendor on: 2026-04-07, 3 days ago. The vendor is given until 2026-08-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-29148: ASUSon April 7, 2026 at 5:00 am
A CVSS score 6.3 AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L severity vulnerability discovered by ‘Mirae’ was reported to the affected vendor on: 2026-04-07, 3 days ago. The vendor is given until 2026-08-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-29886: Adobeon April 2, 2026 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Brandon Evans’ was reported to the affected vendor on: 2026-04-02, 8 days ago. The vendor is given until 2026-07-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-30052: Microsofton April 1, 2026 at 5:00 am
A CVSS score 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘mad31k’ was reported to the affected vendor on: 2026-04-01, 9 days ago. The vendor is given until 2026-07-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-30179: TrendAIon April 1, 2026 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Lays (@_L4ys) of TRAPA Security’ was reported to the affected vendor on: 2026-04-01, 9 days ago. The vendor is given until 2026-07-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-30288: Samsungon April 1, 2026 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Michael DePlante (@izobashi) of TrendAI Zero Day Initiative’ was reported to the affected vendor on: 2026-04-01, 9 days ago. The vendor is given until 2026-07-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-30002: TrendAIon April 1, 2026 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Lays (@_L4ys) of TRAPA Security’ was reported to the affected vendor on: 2026-04-01, 9 days ago. The vendor is given until 2026-07-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
