Canadian Centre for Cyber Security Alerts & Advisories

<article data-history-node-id="7339" about="/en/alerts-advisories/freebsd-security-advisory-av26-179" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-179<br /><strong>Date: </strong>February 27, 2026</p> <p>On February 24, 2026, FreeBSD published security advisories to address critical vulnerabilities in the following products:</p> <ul><li>FreeBSD – version 14.3</li> <li>FreeBSD – version 13.5</li></ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://www.freebsd.org/security/advisories/FreeBSD-SA-26:04.jail.asc">Jail chroot escape via fd exchange with a different jail (CVE-2025-15576)</a></li> <li><a href="https://www.freebsd.org/security/advisories/FreeBSD-SA-26:05.route.asc">Local DoS and possible privilege escalation via routing sockets (CVE-2026-3038)</a></li> <li><a href="https://www.freebsd.org/security/advisories/">FreeBSD Security Advisories</a></li> </ul><!–CUT & PASTE the French version info –></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7338" about="/en/alerts-advisories/vmware-security-advisory-av26-178" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-178<br /><strong>Date: </strong>February 27, 2026</p> <p>On February 26, 2026, VMware published security advisories to address vulnerabilities in the following products:</p> <ul><li>VMware Tanzu for Postgres – versions prior to 18.2.0, 17.8.0, 16.12.0, 15.16.0 and 14.21.0</li> <li>VMware Tanzu for Postgres on Kubernetes – versions prior to 4.3.2</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37110">Product Release Advisory – VMware Tanzu for Postgres 18.2.0, 17.8.0, 16.12.0, 15.16.0, 14.21.0</a></li> <li><a href="https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37109">Product Release Advisory – VMware Tanzu for Postgres on Kubernetes 4.3.2</a></li> <li><a href="https://support.broadcom.com/web/ecx/security-advisory?segment=VT">Security Advisories – Tanzu</a></li> </ul><!–CUT & PASTE the French version info –></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7337" about="/en/alerts-advisories/microsoft-edge-security-advisory-av26-177" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-177<br /><strong>Date: </strong>February 27, 2026</p> <p>On February 26, 2026, Microsoft published a security update to address vulnerabilities in the following product:</p> <ul><li>Microsoft Edge Stable Channel – versions prior to 145.0.3800.82</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update.</p> <ul class="list-unstyled"><li><a href="https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#february-26-2026">Microsoft Edge Stable Channel Release Notes</a></li> </ul><!–CUT & PASTE the French version info –></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7336" about="/en/alerts-advisories/n8n-security-advisory-av26-176" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-176<br /><strong>Date: </strong>February 26, 2026</p> <p>On February 25, 2026, n8n published security updates to address critical vulnerabilities in the following products:</p> <ul><li>n8n (Merge Node) – multiple versions</li> <li>n8n (Expression Sandbox) – multiple versions</li> <li>n8n (Task Runner Sandbox) – multiple versions</li> <li>n8n (Form Node) – multiple versions</li> <li>n8n (Form Trigger/Chat Trigger/Send &amp; Wait/Webhook/Chat Nodes) – multiple versions</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary update.</p> <ul class="list-unstyled"><li><a href="https://github.com/n8n-io/n8n/security/advisories/GHSA-wxx7-mcgf-j869">Remote Code Execution via Merge Node</a></li> <li><a href="https://github.com/n8n-io/n8n/security/advisories/GHSA-vpcf-gvg4-6qwr">Expression Sandbox Escape Leading to RCE</a></li> <li><a href="https://github.com/n8n-io/n8n/security/advisories/GHSA-jjpj-p2wh-qf23">Sandbox Escape in JavaScript Task Runner</a></li> <li><a href="https://github.com/n8n-io/n8n/security/advisories/GHSA-75g8-rv7v-32f7">Unauthenticated Expression Evaluation via Form Node</a></li> <li><a href="https://github.com/n8n-io/n8n/security/advisories/GHSA-2p9h-rqjw-gm92">Stored XSS via Various Nodes</a></li> <li><a href="https://github.com/n8n-io/n8n/security">n8n Security</a></li> </ul><!–CUT & PASTE the French version info –></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7335" about="/en/alerts-advisories/drupal-security-advisory-av26-175" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-175<br /><strong>Date: </strong>February 26, 2026</p> <p>On February 25, 2026, Drupal published security advisories to address vulnerabilities in the following products:</p> <ul><li>Material Icons – versions prior to 2.0.4</li> <li>Theme Negotiation by Rules – versions prior to 1.2.1</li> <li>Tagify – versions prior to 1.2.49</li> <li>Anti-Spam by CleanTalk – versions prior to 9.7.0</li> <li>CAPTCHA – versions prior to 1.17.0, version 2.0.0 to versions prior to 2.0.10</li> <li>Islandora – versions prior to 2.17.5</li> <li>Drupal Canvas – versions prior to 1.1.1</li> <li>SAML SSO – Service Provider – versions prior to 3.1.3</li> <li>Responsive Favicons – versions prior to 2.0.2</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates or perform the suggested mitigations.</p> <ul class="list-unstyled"><li><a href="https://www.drupal.org/security">Drupal Security Advisories</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7334" about="/en/alerts-advisories/servicenow-security-advisory-av26-174" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-174<br /><strong>Date: </strong>February 26, 2026</p> <p>On February 25, 2026, ServiceNow published a Security Advisory to address vulnerabilities in the following products. Included was a critical update for the following:</p> <ul><li>ServiceNow Australia – versions prior to Australia</li> <li>ServiceNow Xanadu – versions prior to Xanadu Patch 11 Hot Fix 1a</li> <li>ServiceNow Yokohama – versions prior to Yokohama Patch 12 and Patch 10 Hot Fix 1b</li> <li>ServiceNow Zurich – versions prior to Zurich Patch 5 and Patch 4 Hot Fix 3b</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://support.servicenow.com/kb?id=kb_article_view&amp;sysparm_article=KB2693566">[Security Advisory] CVE-2026-0542 – Remote Code Execution in ServiceNow AI Platform</a></li> <li><a href="https://support.servicenow.com/kb?id=kb_article_view&amp;sysparm_article=KB1226057">ServiceNow security advisories</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7333" about="/en/alerts-advisories/vmware-security-advisory-av26-173" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-173<br /><strong>Date: </strong>February 25, 2026</p> <p>Between February 24 and 25, 2026, VMware published security advisories to address critical vulnerabilities in multiple products:</p> <ul><li>VMware Tanzu – multiple versions and platforms</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://support.broadcom.com/web/ecx/security-advisory?segment=VT">Security Advisories – Tanzu</a></li> </ul><!–CUT & PASTE the French version info –></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7332" about="/en/alerts-advisories/juniper-networks-security-advisory-av26-172" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-172<br /><strong>Date: </strong>February 25, 2026</p> <p>On February 25, 2026, Juniper Networks published a security advisory to address vulnerabilities in the following products. Included was a critical update for the following:</p> <ul><li>Junos OS Evolved on PTX Series – 25.4 versions prior to 25.4R1-S1-EVO, 25.4R2-EVO</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://supportportal.juniper.net/s/article/2026-02-Out-of-Cycle-Security-Bulletin-Junos-OS-Evolved-PTX-Series-A-vulnerability-allows-a-unauthenticated-network-based-attacker-to-execute-code-as-root-CVE-2026-21902">2026-02 Out-of-Cycle Security Bulletin: Junos OS Evolved: PTX Series: A vulnerability allows a unauthenticated, network-based attacker to execute code as root (CVE-2026-21902)</a></li> <li><a href="https://supportportal.juniper.net/s/global-search/%40uri#sort=relevancy&amp;f:ctype=[Security%20Advisories">Juniper Networks</a></li> </ul><!–CUT & PASTE the French version info –></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7325" about="/en/alerts-advisories/cisco-security-advisory-av26-166" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p class="mrgn-bttm-md"><strong>Serial number: </strong>AV26-166<br /><strong>Date:</strong> February 25, 2026<br /><strong>Updated:</strong> February 25, 2026</p> <p>On February 25, 2026, Cisco published security advisories to address critical vulnerabilities in the following products:</p> <ul><li>Cisco Catalyst SD-WAN Controller – multiple versions</li> <li>Cisco Catalyst SD-WAN Manager – multiple versions</li> <li>Cisco Nexus 3600 and 9500-R Switching Platform – multiple versions</li> <li>Cisco Nexus 9000 Series Fabric Switches – multiple versions</li> <li>Cisco UCS Software (UCS Manager Mode) – versions prior to 4.3(6e)</li> <li>Cisco UCS Software (Intersight Managed Mode) – versions prior to 4.3(6.260003)</li> </ul><p>Cisco has indicated that CVE-2026-20127 has been exploited.</p> <h2 class="h3">Update 1</h2> <p>On February 25, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-20127 to their Known Exploited Vulnerabilities (KEV) Database.</p> <p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested recommendations, and apply the necessary updates when available.</p> <ul class="list-unstyled"><li><a href="https://tools.cisco.com/security/center/publicationListing.x">Cisco Security Advisories</a></li> <li><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk">Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability</a></li> <li><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v">Cisco Catalyst SD-WAN Vulnerabilities</a></li> <li><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ether-dos-Kv8YNWZ4">Cisco Nexus 3600 and 9500-R Series Switching Platforms Layer 2 Loop Denial of Service Vulnerability</a></li> <li><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-dsnmp-cNN39Uh">Cisco Nexus 9000 Series Fabric Switches in ACI Mode SNMP Denial of Service Vulnerability</a></li> <li><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cpdos-qLsv6pFD">Cisco Nexus 9000 Series Fabric Switches in ACI Mode Denial of Service Vulnerability</a></li> <li><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n3kn9k_aci_lldp_dos-NdgRrrA3">Cisco NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability</a></li> <li><a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-20127">CISA KEV : CVE-2026-20127</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7330" about="/en/alerts-advisories/jetbrains-security-advisory-av26-171" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-171<br /><strong>Date: </strong>February 25, 2026</p> <p>On February 25, 2026, JetBrains published security advisories to address vulnerabilities in the following products:</p> <ul><li>JetBrains TeamCity – versions prior to 2025.11.3</li> <li>JetBrains YouTrack – versions prior to 2025.3.121962</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://www.jetbrains.com/privacy-security/issues-fixed/">JetBrains – Fixed security issues</a></li> </ul><!–CUT & PASTE the French version info –></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7328" about="/en/alerts-advisories/gitlab-security-advisory-av26-170" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-170<br /><strong>Date: </strong>February 25, 2026</p> <p>On February 25, 2026, GitLab published a security advisory to address vulnerabilities in the following products:</p> <ul><li>GitLab Community Edition (CE) – versions prior to 18.9.1, 18.8.5 and 18.7.5</li> <li>GitLab Enterprise Edition (EE) – versions prior to 18.9.1, 18.8.5 and 18.7.5</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://about.gitlab.com/releases/2026/02/25/patch-release-gitlab-18-9-1-released/">GitLab Patch Release: 18.9.1, 18.8.5, 18.7.5</a></li> <li><a href="https://about.gitlab.com/releases/categories/releases/">GitLab Releases</a></li> </ul><!–CUT & PASTE the French version info –></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7331" about="/en/alerts-advisories/amd-security-advisory-av26-169" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-19<br /><strong>Date: </strong>February 25, 2026</p> <p>On February 24, 2026, AMD published a security advisory to address vulnerabilities in the following products:</p> <ul><li>AMD <span lang="en" xml:lang="en" xml:lang="en">Athlon and</span> AMD <span lang="en" xml:lang="en" xml:lang="en">Ryzen Processors</span> – multiple models and versions</li> <li>AMD <span lang="en" xml:lang="en" xml:lang="en">Ryzen Embedded Processors</span> – multiple models and versions</li> <li>AMD EPYC <span lang="en" xml:lang="en" xml:lang="en">and</span> AMD EPYC <span lang="en" xml:lang="en" xml:lang="en">Embedded Series Processors</span> – multiple models and versions</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7059.html"><span lang="en" xml:lang="en" xml:lang="en">Guest Initiated Machine Check Errors</span> AMD-SB-7059</a></li> <li><a href="https://www.amd.com/en/resources/product-security.html">AMD <span lang="en" xml:lang="en" xml:lang="en">Product Security</span></a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7329" about="/en/alerts-advisories/trend-micro-security-advisory-av26-168" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-168<br /><strong>Date: </strong>February 25, 2026</p> <p>On February 24, 2026, Trend Micro published a security advisory to address critical vulnerabilities in the following products:</p> <ul><li>Apex One (on-premise) – versions prior to 2019 (on-prem)</li> <li>Apex One as a service – SaaS</li> <li>Trend Vision One Endpoint – Standard Endpoint Protection – Saas</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://success.trendmicro.com/en-US/solution/KA-0022458"><span class="text-uppercase">security bulletin</span>: Apex One and Apex One (Mac) – February 2026</a></li> <li><a href="https://success.trendmicro.com/en-US/vulnerability-response/">Trend Micro Business Success Vulnerability Response</a></li> </ul><!–CUT & PASTE the French version info –></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7327" about="/en/alerts-advisories/zyxel-security-advisory-av26-167" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-167<br /><strong>Date: </strong>February 25, 2026</p> <p>On February 24, 2026, Zyxel published a security advisory to address vulnerabilities in the following products:</p> <ul><li>4G LTE/5G NR CPE – multiple models and versions</li> <li>DSL/Ethernet CPE – multiple models and versions</li> <li>Fiber ONTs – multiple models and versions</li> <li>Security Routers – multiple models and versions</li> <li>Wireless Extenders – multiple models and versions</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-null-pointer-dereference-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-02-24-2026">Zyxel security advisory for null pointer dereference and command injection vulnerabilities in certain 4G LTE/5G NR CPE, DSL/Ethernet CPE, Fiber ONTs, Security Routers, and Wireless Extenders</a></li> <li><a href="https://www.zyxel.com/global/en/support/security-advisories">Zyxel Advisories</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7326" about="/en/alerts-advisories/al26-004-critical-vulnerability-affecting-cisco-catalyst-sd-wan-cve-2026-20127" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Number:</strong> AL26-004<br /><strong>Date:</strong> February 25, 2026</p> <h2>Audience</h2> <p>This Alert is intended for <abbr title="information technology">IT</abbr> professionals and managers.</p> <h2>Purpose</h2> <p>An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The Canadian Centre for Cyber Security ("Cyber Centre") is also available to provide additional assistance regarding the content of this Alert to recipients as requested</p> <h2>Details</h2> <p>The Canadian Centre for Cyber Security (Cyber Centre) is aware of active exploitation of Cisco Catalyst Software-Defined Wide Area Network (SD-WAN) devices<sup id="fn1-rf"><a class="fn-lnk" href="#fn1"><span class="wb-inv">Footnote </span>1</a></sup><sup id="fn2-rf"><a class="fn-lnk" href="#fn2"><span class="wb-inv">Footnote </span>2</a></sup>. In response to the Cisco security advisory released on February 25, 2026<sup id="fn3-rf"><a class="fn-lnk" href="#fn3"><span class="wb-inv">Footnote </span>3</a></sup>, the Cyber Centre issued AV26-166<sup id="fn4-rf"><a class="fn-lnk" href="#fn4">4</a></sup> on February 25, 2026.</p> <p>Tracked as CVE-2026-20127<sup id="fn5-rf"><a class="fn-lnk" href="#fn5"><span class="wb-inv">Footnote </span>5</a></sup>, this vulnerability is a critical Improper Authentication vulnerability (CWE-287)<sup id="fn6-rf"><a class="fn-lnk" href="#fn6"><span class="wb-inv">Footnote </span>6</a></sup> affecting the peering authentication process of Cisco Catalyst <abbr title="Software-Defined Wide Area Network">SD-WAN</abbr> Controller (formerly <abbr title="Software-Defined Wide Area Network">SD-WAN</abbr> vSmart) and Cisco Catalyst <abbr title="Software-Defined Wide Area Network">SD-WAN</abbr> Manager (formerly <abbr title="Software-Defined Wide Area Network">SD-WAN</abbr> vManage). It could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.</p> <p>Cisco Catalyst <abbr title="Software-Defined Wide Area Network">SD-WAN</abbr> Controller systems that have internet-exposed management or control planes and have ports exposed are at risk of compromise.</p> <p>This vulnerability affects the following deployment types:</p> <ul><li>On-Prem Deployment</li> <li>Cisco Hosted <abbr title="Software-Defined Wide Area Network">SD-WAN</abbr> Cloud – Cisco Managed</li> <li>Cisco Hosted <abbr title="Software-Defined Wide Area Network">SD-WAN</abbr> Cloud – FedRAMP Environment</li> <li>Cisco Hosted <abbr title="Software-Defined Wide Area Network">SD-WAN</abbr> Cloud</li> </ul><p>The Cyber Centre is aware of incidents involving CVE-2026-20127. The reports indicate that malicious rogue peers were added to the configuration of affected organization’s <abbr title="Software-Defined Wide Area Network">SD-WAN</abbr>. This allowed multiple follow-up actions including administrative access, persistence and long-term access to <abbr title="Software-Defined Wide Area Network">SD-WAN</abbr> networks.</p> <h2>Suggested actions</h2> <p>The Cyber Centre recommends that organizations upgrade affected Cisco Catalyst <abbr title="Software-Defined Wide Area Network">SD-WAN</abbr> instances to a fixed version:</p> <div class="table-responsive"> <table class="table"><thead><tr><th scope="col">Affected product</th> <th scope="col">Affected versions</th> <th scope="col">Fixed versions</th> </tr></thead><tbody><tr><td>Cisco Catalyst <abbr title="Software-Defined Wide Area Network">SD_WAN</abbr> Release</td> <td>Earlier than <span class="nowrap">20.9<sup id="fn*a-rf"><a class="fn-lnk" href="#fn*"><span class="wb-inv">Footnote </span>*</a></sup></span></td> <td>Migrate to a fixed release.</td> </tr><tr><td>Cisco Catalyst <abbr title="Software-Defined Wide Area Network">SD_WAN</abbr> Release</td> <td>20.9</td> <td>20.9.8.2 (Estimated release February 27, 2026)</td> </tr><tr><td>Cisco Catalyst <abbr title="Software-Defined Wide Area Network">SD_WAN</abbr> Release</td> <td><span class="nowrap">20.11<sup id="fn*b-rf"><a class="fn-lnk" href="#fn*"><span class="wb-inv">Footnote </span>*</a></sup></span></td> <td>20.12.6.1</td> </tr><tr><td>Cisco Catalyst <abbr title="Software-Defined Wide Area Network">SD_WAN</abbr> Release</td> <td>20.12.5</td> <td>20.12.5.3</td> </tr><tr><td>Cisco Catalyst <abbr title="Software-Defined Wide Area Network">SD_WAN</abbr> Release</td> <td>20.12.6</td> <td>20.12.6.1</td> </tr><tr><td>Cisco Catalyst <abbr title="Software-Defined Wide Area Network">SD_WAN</abbr> Release</td> <td><span class="nowrap">20.13<sup id="fn*c-rf"><a class="fn-lnk" href="#fn*"><span class="wb-inv">Footnote </span>*</a></sup></span></td> <td>20.15.4.2</td> </tr><tr><td>Cisco Catalyst <abbr title="Software-Defined Wide Area Network">SD_WAN</abbr> Release</td> <td><span class="nowrap">20.14<sup id="fn*d-rf"><a class="fn-lnk" href="#fn*"><span class="wb-inv">Footnote </span>*</a></sup></span></td> <td>20.15.4.2</td> </tr><tr><td>Cisco Catalyst <abbr title="Software-Defined Wide Area Network">SD_WAN</abbr> Release</td> <td>20.15</td> <td>20.15.4.2</td> </tr><tr><td>Cisco Catalyst <abbr title="Software-Defined Wide Area Network">SD_WAN</abbr> Release</td> <td><span class="nowrap">20.16<sup id="fn*e-rf"><a class="fn-lnk" href="#fn*"><span class="wb-inv">Footnote </span>*</a></sup></span></td> <td>20.18.2.1</td> </tr><tr><td>Cisco Catalyst <abbr title="Software-Defined Wide Area Network">SD_WAN</abbr> Release</td> <td>20.18</td> <td>20.18.2.1</td> </tr></tbody><thead></thead></table></div> <p>The Cyber Centre also recommends organizations to:</p> <ul><li>Collect artifacts, including virtual snapshots and logs from <abbr title="Software-Defined Wide Area Network">SD-WAN</abbr> technology</li> <li>Fully patch <abbr title="Software-Defined Wide Area Network">SD-WAN</abbr> technology including those that are affected by <span class="nowrap">CVE-2026-20127</span></li> <li>Hunt for evidence of compromise as detailed in the Hunt Guide<sup id="fn7-rf"><a class="fn-lnk" href="#fn7"><span class="wb-inv">Footnote </span>7</a></sup>; and</li> <li>Implement Cisco’s <abbr title="Software-Defined Wide Area Network">SD-WAN</abbr> hardening guidance<sup id="fn8-rf"><a class="fn-lnk" href="#fn8"><span class="wb-inv">Footnote </span>8</a></sup></li> </ul><p>Cisco’s Catalyst <abbr title="Software-Defined Wide Area Network">SD-WAN</abbr> hardening guidance should be reviewed in full and includes advice on the following:</p> <ul><li>Network perimeter controls: Ensure control components are behind a firewall, isolate <abbr title="virtual private network">VPN</abbr> 512 (management) interfaces, and use <abbr title="internet protocol">IP</abbr> blocks for manually provisioned edge <abbr title="internet protocol">IP</abbr>s.</li> <li><abbr title="Software-Defined Wide Area Network">SD-WAN</abbr> Manager access: Replace the self-signed certificate for the web user interface</li> <li>Control and data plane security: Use pairwise keying</li> <li>Session timeout: Limit to the shortest period possible</li> <li>Logging: Forward to a remote syslog server</li> </ul><p>In addition, the Cyber Centre strongly recommends that organizations review and implement the Cyber Centre’s Top 10 <abbr title="information technology">IT</abbr> Security Actions with an emphasis on the following topics<sup id="fn9-rf"><a class="fn-lnk" href="#fn9"><span class="wb-inv">Footnote </span>9</a></sup>.</p> <ul><li>Consolidating, monitoring, and defending internet gateways</li> <li>Patch operating systems and applications</li> <li>Harden operating systems and applications</li> <li>Isolate web-facing applications</li> </ul><p>Should activity matching the content of this alert be discovered, recipients are encouraged to report via <a href="/en/incident-management">My Cyber Portal</a>, or email <a href="mailto:contact@cyber.gc.ca">contact@cyber.gc.ca</a>.</p> <h2>References</h2> <aside class="wb-fnote" role="note"><dl><dt>*</dt> <dd id="fn*"> <p>These releases have reached End of Software Maintenance.</p> <p class="fn-rtn"><a href="#fn*-rf"><span class="wb-inv">Return to footnote</span>*<span class="wb-inv"> referrer</span></a></p> </dd> <dt>Footnote 1</dt> <dd id="fn1"> <p><a href="https://www.cisco.com/site/us/en/learn/topics/networking/what-is-sd-wan.html">What is SD-WAN? Software-Defined WAN (SDWAN)</a></p> <p class="fn-rtn"><a href="#fn1-rf"><span class="wb-inv">Return to footnote</span>1<span class="wb-inv"> referrer</span></a></p> </dd> <dt>Footnote 2</dt> <dd id="fn2"> <p><a href="https://blog.talosintelligence.com/uat-8616-sd-wan/">Active exploitation of Cisco Catalyst SD-WAN by UAT-8616</a></p> <p class="fn-rtn"><a href="#fn2-rf"><span class="wb-inv">Return to footnote</span>2<span class="wb-inv"> referrer</span></a></p> </dd> <dt>Footnote 3</dt> <dd id="fn3"> <p><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk">Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability</a></p> <p class="fn-rtn"><a href="#fn3-rf"><span class="wb-inv">Return to footnote</span>3<span class="wb-inv"> referrer</span></a></p> </dd> <dt>Footnote 4</dt> <dd id="fn4"> <p><a href="/en/alerts-advisories/cisco-security-advisory-av26-166">Cisco security advisory (AV26-166)</a></p> <p class="fn-rtn"><a href="#fn4-rf"><span class="wb-inv">Return to footnote</span>4<span class="wb-inv"> referrer</span></a></p> </dd> <dt>Footnote 5</dt> <dd id="fn5"> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-20127">NVD – CVE-2026-20127</a></p> <p class="fn-rtn"><a href="#fn5-rf"><span class="wb-inv">Return to footnote</span>5<span class="wb-inv"> referrer</span></a></p> </dd> <dt>Footnote 6</dt> <dd id="fn6"> <p><a href="https://cwe.mitre.org/data/definitions/287.html">CWE-287: Improper Authentication</a></p> <p class="fn-rtn"><a href="#fn6-rf"><span class="wb-inv">Return to footnote</span>6<span class="wb-inv"> referrer</span></a></p> </dd> <dt>Footnote 7</dt> <dd id="fn7"> <p><a href="https://www.cyber.gov.au/sites/default/files/2026-02/ACSC-led%20Cisco%20SD-WAN%20Hunt%20Guide.pdf">CISCO SD-WAN <span class="text-uppercase">THREAT HUNT GUIDE</span></a></p> <p class="fn-rtn"><a href="#fn7-rf"><span class="wb-inv">Return to footnote</span>7<span class="wb-inv"> referrer</span></a></p> </dd> <dt>Footnote 8</dt> <dd id="fn8"> <p><a href="https://sec.cloudapps.cisco.com/security/center/resources/Cisco-Catalyst-SD-WAN-HardeningGuide">Cisco Catalyst SD-WAN Hardening Guide</a></p> <p class="fn-rtn"><a href="#fn8-rf"><span class="wb-inv">Return to footnote</span>8<span class="wb-inv"> referrer</span></a></p> </dd> <dt>Footnote 9</dt> <dd id="fn9"> <p><a href="/en/guidance/top-10-it-security-actions-protect-internet-connected-networks-and-information-itsm10089">Top 10 IT security actions to protect Internet connected networks and information (ITSM.10.089)</a></p> <p class="fn-rtn"><a href="#fn9-rf"><span class="wb-inv">Return to footnote</span>9<span class="wb-inv"> referrer</span></a></p> </dd> </dl></aside></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7324" about="/en/alerts-advisories/solarwinds-security-advisory-av26-165" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-165<br /><strong>Date: </strong>February 24, 2026</p> <p>On February 24, 2026, SolarWinds published security advisories to address critical vulnerabilities in the following product:</p> <ul><li>SolarWinds Serv-U – versions prior to 15.5.4</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40538">SolarWinds Serv-U Broken Access Control Remote Code Execution Vulnerability (CVE-2025-40538)</a></li> <li><a href="https://www.solarwinds.com/trust-center/security-advisories">SolarWinds Security Vulnerabilities</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7323" about="/en/alerts-advisories/hpe-security-advisory-av26-164" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-164<br /><strong>Date: </strong>February 24, 2026</p> <p>On February 24, 2026, HPE published a security advisory to address a vulnerability in the following product:</p> <ul><li>HPE ProLiant AMD DL/XL Servers – multiple versions and models</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf05021en_us&amp;docLocale=en_US#hpesbhf05021-rev-1-certain-hpe-proliant-amd-dl-xl-0">HPESBHF05021 rev.1 – Certain HPE ProLiant AMD DL/XL Servers Using Certain AMD EPYC Processors, AMD-SB-7059: Guest Initiated Machine Check Errors, Denial of Service Vulnerability</a></li> <li><a href="https://support.hpe.com/connect/s/securitybulletinlibrary?language=en_US">HPE Security Bulletin Library</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7322" about="/en/alerts-advisories/control-systems-abb-security-advisory-av26-163" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-163<br /><strong>Date: </strong>February 24, 2026</p> <p>On February 24, 2026, ABB published security advisories to address vulnerabilities in the following products:</p> <ul><li>AC500 V3 firmware – versions prior to 3.9.0</li> <li>Automation Builder – versions prior to 2.9.0</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and perform the suggested mitigations.</p> <ul class="list-unstyled"><li><a href="https://search.abb.com/library/Download.aspx?DocumentID=3ADR011524&amp;LanguageCode=en&amp;DocumentPartId=&amp;Action=Launch">AC500 V3 Multiple vulnerabilities – CVE IDs: CVE-2025-2595, CVE-2025-41659, CVE-2025-41691</a></li> <li><a href="https://search.abb.com/library/Download.aspx?DocumentID=3ADR011525&amp;LanguageCode=en&amp;DocumentPartId=&amp;Action=Launch">ABB Automation Builder Gateway for Windows with insecure defaults CVE ID: CVE-2024-41975</a></li> <li><a href="https://global.abb/group/en/technology/cyber-security/alerts-and-notifications">ABB Cyber security alerts and notifications</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7321" about="/en/alerts-advisories/vmware-security-advisory-av26-162" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-162<br /><strong>Date: </strong>February 24, 2026</p> <p>On February 24, 2026, VMware published a security advisory to address vulnerabilities in the following products:</p> <ul><li>VMware Cloud Foundation – versions prior to 9.0.2.0</li> <li>VMware vSphere Foundation – versions prior to 9.0.2.0</li> <li>VMware Aria Operations – versions prior to 8.18.6</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947">VMSA-2026-0001: VMware Aria Operations updates address multiple vulnerabilities (CVE-2026-22719, CVE-2026-22720 and CVE-2026-22721)</a></li> <li><a href="https://support.broadcom.com/web/ecx/security-advisory?segment=VC">Security Advisories – VMware Cloud Foundation</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7320" about="/en/alerts-advisories/sonicwall-security-advisory-av26-161" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-161<br /><strong>Date: </strong>February 24, 2026</p> <p>On February 24, 2026, SonicWall published a security advisory to address vulnerabilities in the following products:</p> <ul><li>Gen7 hardware Firewalls – version 7.0.1-5169 and prior</li> <li>Gen7 virtual Firewalls (NSv) – version 7.3.1-7013 and prior</li> <li>Gen8 Firewalls – version 8.1.0-8017 and prior</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0001">SonicOS multiple post-authentication vulnerabilities – SNWLID-2026-0001</a></li> <li><a href="https://psirt.global.sonicwall.com/vuln-list">SonicWall Security Advisories</a></li> </ul></div> </div> </div> </div> </div> </article>