Canadian Centre for Cyber Security Alerts & Advisories

<article data-history-node-id="7191" about="/en/alerts-advisories/cisco-security-advisory-av26-048" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-048<br /><strong>Date: </strong>January 21, 2026</p> <p>On January 21, 2026, Cisco published a security advisory to address a critical vulnerability in the following products:</p> <ul><li>Cisco Unified CM – versions prior to 12.5, 14 and 15</li> <li>Unified CM IM&amp;P – versions prior to 12.5, 14 and 15</li> <li>Unified CM SME – versions prior to 12.5, 14 and 15</li> <li>Webex Calling Dedicated Instance – versions prior to 12.5, 14 and 15</li> <li>Cisco Unity Connection Release – versions prior to 12.5, 14 and 15</li> </ul><p class="mrgn-bttm-md">On January 21, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-20045 to their Known Exploited Vulnerabilities (KEV) Database.</p> <p>The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested recommendations, and apply the necessary updates when available.</p> <ul class="list-unstyled"><li><a href="https://www.cve.org/CVERecord?id=CVE-2026-20045">CISA KEV: CVE-2026-20045</a></li> <li><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b">Cisco Unified Communications Products Remote Code Execution Vulnerability</a></li> <li><a href="https://tools.cisco.com/security/center/publicationListing.x">Cisco Security Advisories</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7190" about="/en/alerts-advisories/gnu-security-advisory-av26-047" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-047<br /><strong>Date: </strong>January 21, 2026</p> <p>On January 21, 2026, GNU published a security advisory to address a vulnerability in the following product. Included was a critical update for the following:</p> <ul><li>GNU InetUtils – versions 1.9.3 to 2.7</li> </ul><p class="mrgn-bttm-md">Open-source reporting indicates that an exploit for CVE-2026-24061 exists in the wild.</p> <p>The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates, when available.</p> <ul class="list-unstyled"><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-24061">NVD – CVE-2026-24061</a></li> <li><a href="https://www.gnu.org/software/inetutils/">Inetutils – GNU network utilities</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7189" about="/en/alerts-advisories/hpe-security-advisory-av26-046" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-046<br /><strong>Date: </strong>January 21, 2026</p> <p>On January 20, 2026, HPE published a security advisory to address a vulnerability in the following products:</p> <ul><li>HPE Alletra 6000 – versions prior to 6.1.2.800, version 6.1.3 versions prior to 6.1.3.300</li> <li>HPE Nimble Storage Hybrid Flash Arrays – versions prior to 6.1.2.800, version 6.1.3 versions prior to 6.1.3.300</li> <li>Nimble Storage All Flash Arrays – versions prior to 6.1.2.800, version 6.1.3 versions prior to 6.1.3.300</li> <li>HPE Alletra 5000 – versions prior to 6.1.2.800, version 6.1.3 versions prior to 6.1.3.300</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04995en_us&amp;docLocale=en_US#hpesbst04995-rev-1-hpe-alletra-6000-hpe-alletra-50-0">HPESBST04995 rev.1 – HPE Alletra 6000, HPE Alletra 5000 and HPE Nimble Storage Array OS, Remote Privilege Elevation</a></li> <li><a href="https://support.hpe.com/connect/s/securitybulletinlibrary?language=en_US">HPE Security Bulletin Library</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7188" about="/en/alerts-advisories/atlassian-security-advisory-av26-045" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-045<br /><strong>Date: </strong>January 21, 2026</p> <p>On January 20, 2026, Atlassian published a security advisory to address vulnerabilities in the following products:</p> <ul><li>Bamboo Data Center and Server – multiple versions</li> <li>Bitbucket Data Center and Server – multiple versions</li> <li>Confluence Data Center and Server – multiple versions</li> <li>Crowd Data Center and Server – versions 7.1.0 to 7.1.2, versions 6.3.0 to 6.3.3</li> <li>Jira Data Center and Server – multiple versions</li> <li>Jira Service Management Data Center and Server – multiple versions</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://confluence.atlassian.com/security/security-bulletin-january-20-2026-1712324819.html">Security Bulletin – January 20 2026</a></li> <li><a href="https://www.atlassian.com/trust/security/advisories">Atlassian Security Advisories and Bulletins</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7187" about="/en/alerts-advisories/gitlab-security-advisory-av26-044" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-044<br /><strong>Date: </strong>January 21, 2026</p> <p>On January 21, 2026, GitLab published a security advisory to address vulnerabilities in the following products:</p> <ul><li>GitLab Community Edition (CE) – versions prior to 18.8.2, 18.7.2 and 18.6.4</li> <li>GitLab Enterprise Edition (EE) – versions prior to 18.8.2, 18.7.2 and 18.6.4</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://about.gitlab.com/releases/2026/01/21/patch-release-gitlab-18-8-2-released/">GitLab Patch Release: 18.8.2, 18.7.2, 18.6.4</a></li> <li><a href="https://about.gitlab.com/releases/categories/releases/">GitLab Releases</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7186" about="/en/alerts-advisories/google-chrome-security-advisory-av26-043" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-043<br /><strong>Date: </strong>January 21, 2026</p> <p>On January 20, 2026, Google published a security advisory to address vulnerabilities in the following product:</p> <ul><li>Stable Channel Chrome for Desktop – versions prior to 144.0.7559.96/.97 (Windows/Mac) and 144.0.7559.96 (Linux)</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates, when available.</p> <ul class="list-unstyled"><li><a href="https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_20.html">Google Chrome Security Advisory</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7185" about="/en/alerts-advisories/oracle-security-advisory-january-2026-quarterly-rollup-av26-042" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-042<br /><strong>Date: </strong>January 21, 2026</p> <p>On January 20, 2026, Oracle published a security advisory to address vulnerabilities in multiple products.</p> <p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://www.oracle.com/security-alerts/cpujan2026.html">Oracle Critical Patch Update Advisory – January 2026</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7182" about="/en/alerts-advisories/juniper-networks-security-advisory-av26-041" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-041<br /><strong>Date: </strong>January 20, 2026</p> <p>On January 14, 2026, Juniper Networks published security advisories to address vulnerabilities in multiple products:</p> <ul><li>Juniper Networks Policy Enforcer – versions prior to 24.1R3</li> <li>Juniper Networks Paragon Automation – versions prior to 24.1.1</li> <li>Junos OS Evolved – multiple versions</li> <li>Junos OS on EX4000 – versions prior to 24.4R2</li> <li>Junos OS on EX4000 – versions prior to 25.2R1-S2 and 25.2R2</li> <li>Junos OS on MX Series – multiple versions</li> <li>Junos OS on QFX5k Series – multiple versions</li> <li>Junos OS on SRX Series – multiple versions</li> <li>Junos OS on EX Series – multiple versions</li> <li>Junos OS – multiple versions</li> <li>Junos Space – versions prior to 24.1R5</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending">Juniper Networks Security Advisories</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7181" about="/en/alerts-advisories/gitlab-security-advisory-av26-040" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-040<br /><strong>Date: </strong>January 19, 2026</p> <p>On January 16, 2026, GitLab published a security advisory to address vulnerabilities in the following products:</p> <ul><li>GitLab Community Edition (CE) – versions prior to 18.8.1</li> <li>GitLab Enterprise Edition (EE) – versions prior to 18.8.1</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates</p> <ul class="list-unstyled"><li><a href="https://about.gitlab.com/releases/2026/01/16/gitlab-18-8-1-released/">GitLab Patch Release: 18.8.1</a></li> <li><a href="https://about.gitlab.com/releases/categories/releases/">GitLab Releases</a></li> </ul><!–CUT & PASTE the French version info –></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7180" about="/en/alerts-advisories/control-systems-abb-security-advisory-av26-039" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-039<br /><strong>Date: </strong>January 19, 2026</p> <p>On January 19, 2026, ABB published security advisories to address vulnerabilities in the following products:</p> <ul><li>Automation Studio – versions prior to 6.5</li> <li>Automation Runtime – version 6.5.0 and prior</li> <li>Automation Runtime – version R4.93 and prior</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and perform the suggested mitigations.</p> <ul class="list-unstyled"><li><a href="https://www.br-automation.com/fileadmin/SA25P004-4f45197f.pdf">Automation Studio Insufficient Server Certificate Validation CVE ID: CVE-2025-11043</a></li> <li><a href="https://www.br-automation.com/fileadmin/SA25P005-26597bd0.pdf">B&amp;R Automation Runtime Improper Handling of Flooding conditions on ANSL Server CVE ID: CVE-2025-11044</a></li> <li><a href="https://global.abb/group/en/technology/cyber-security/alerts-and-notifications">ABB Cyber security alerts and notifications</a></li> </ul><!–CUT & PASTE the French version info –></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7179" about="/en/alerts-advisories/vmware-security-advisory-av26-038" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-038<br /><strong>Date: </strong>January 19, 2026</p> <p>Between January 12 and 18, 2026, VMware published security advisories to address vulnerabilities in multiple Tanzu products.</p> <ul><li>VM<span lang="en" xml:lang="en" xml:lang="en">ware Tanzu GemFire</span> – versions prior to 10.1.6</li> <li>VM<span lang="en" xml:lang="en" xml:lang="en">ware Tanzu GemFire</span> – versions prior to 10.2.1</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36758">Product Release Advisory – VMware Tanzu GemFire 10.1.6</a></li> <li><a href="https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36759">Product Release Advisory – VMware Tanzu GemFire 10.2.1</a></li> <li><a href="https://support.broadcom.com/web/ecx/security-advisory?segment=VT">Security Advisories – Tanzu</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7178" about="/en/alerts-advisories/microsoft-edge-security-advisory-av26-037" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-037<br /><strong>Date: </strong>January 19, 2026</p> <p>On January 14, 2026, Microsoft published a security update to address vulnerabilities in the following product:</p> <ul><li>Microsoft Edge Stable Channel – versions prior to 144.0.3719.82</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update.</p> <ul class="list-unstyled"><li><a href="https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#january-14-2026">Microsoft Edge Stable Channel Release Notes</a></li> </ul><!–CUT & PASTE the French version info –></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7177" about="/en/alerts-advisories/control-systems-cisa-ics-security-advisories-av26-036" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26–036<br /><strong>Date: </strong>January 19, 2026</p> <p>Between January 12 and 18, 2026, CISA published ICS advisories to address vulnerabilities in the following products:</p> <ul><li>AVEVA Process Optimization – versions prior to 2024.1</li> <li>Festo Firmware – multiple applications and all versions</li> <li>Rockwell Automation 432ES-IG3 Series A – version V1.001</li> <li>Rockwell Automation FactoryTalk DataMosaix Private Cloud – version 7.11</li> <li>Rockwell Automation FactoryTalk DataMosaix Private Cloud – version 8.00</li> <li>Rockwell Automation FactoryTalk DataMosaix Private Cloud – version 8.01</li> <li>Schneider Electric EcoStruxure Power Build Rapsody – multiple versions and models</li> <li>Siemens Industrial Edge Device Kit – multiple versions</li> <li>Siemens Industrial Edge Devices – multiple versions and models</li> <li>Siemens RUGGEDCOM APE1808 Devices – contact customer support to receive patch and update information</li> <li>Siemens RUGGEDCOM ROS – versions prior to V5.10.1</li> <li>Siemens SIMATIC and SIPLUS – multiple versions and models</li> <li>Siemens SINEC Security Monitor – version prior to V4.10.0</li> <li>Siemens TeleControl Server Basic – versions prior to V3.1.2.4</li> <li>YoSmart YoLink Mobile Appication – version v1.40.45</li> <li>YoSmart YoLink Smart Hub – version 0382</li> <li>YoSmart server – all versions</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.</p> <ul class="list-unstyled"><li><a href="https://www.cisa.gov/news-events/cybersecurity-advisories">CISA ICS Advisories</a></li> </ul><!–CUT & PASTE the French version info –></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7176" about="/en/alerts-advisories/ubuntu-security-advisory-av26-035" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-035<br /><strong>Date: </strong>January 19, 2026</p> <p>Between January 12 and 18, 2026, Ubuntu published security notices to address vulnerabilities in the Linux kernel affecting the following product:</p> <ul><li>Ubuntu 20.04 LTS</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the web links provided and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://ubuntu.com/security/notices/USN-7922-5">USN-7922-5: Linux kernel (IoT) vulnerabilities</a></li> <li><a href="https://ubuntu.com/security/notices">Ubuntu Security Notices</a></li> </ul><!–CUT & PASTE the French version info –></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7175" about="/en/alerts-advisories/dell-security-advisory-av26-034" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-034<br /><strong>Date: </strong>January 19, 2026</p> <p>Between January 12 and 18, 2026, Dell published security advisories to address vulnerabilities in the following products:</p> <ul><li>Dell Elastic Cloud Storage (ECS) – versions 3.8.1.0 to 3.8.1.7</li> <li>Dell ObjectScale – versions prior to 4.2.0.0</li> <li>Dell PowerScale OneFS – multiple versions</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://www.dell.com/support/kbdoc/en-ca/000415586/dsa-2026-049-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities">DSA-2026-049: Security Update for Dell PowerScale OneFS Multiple Vulnerabilities</a></li> <li><a href="https://www.dell.com/support/kbdoc/en-ca/000415880/dsa-2026-047-security-update-for-dell-ecs-and-objectscale-multiple-vulnerabilities">DSA-2026-047: Security update for Dell ECS and ObjectScale Multiple Vulnerabilities</a></li> <li><a href="https://www.dell.com/support/security/en-ca">Dell Security advisories and notices</a></li> </ul><!–CUT & PASTE the French version info –></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7174" about="/en/alerts-advisories/ibm-security-advisory-av26-033" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-033<br /><strong>Date: </strong>January 19, 2026</p> <p>Between January 12 and 18, 2026, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:</p> <ul><li>IBM Cloud Pak for Business Automation – multiple versions</li> <li>IBM Concert Software – versions 1.0.0 to 2.1.0</li> <li>IBM Datacap Navigator – versions 9.1.7, 9.1.8 and 9.1.9</li> <li>IBM Datacap – versions 9.1.7, 9.1.8 and 9.1.9</li> <li>IBM Library Support for Struts – version 2.5.37</li> <li>IBM Operations Analytics – Log Analysis – versions 1.3.7.0, 1.3.7.1 and 1.3.7.2</li> <li>IBM Robotic Process Automation for Cloud Pak – versions 23.0.0 to 23.0.20.4, versions 30.0.0 to 30.0.0.2</li> <li>IBM Robotic Process Automation – versions 23.0.0 to 23.0.20.4, versions 30.0.0 to 30.0.0.2</li> <li>IBM Security Verify Access Container – versions 10.0 to 10.0.9</li> <li>IBM Sterling External Authentication Server – versions 6.1.1.0 to 6.1.1.1</li> <li>IBM Terracotta – versions 11.1.0.0 to 11.1.0.10</li> <li>IBM Verify Identity Access Container – versions 11.0 to 11.0.1</li> <li>IBM Verify Identity Access – versions 10.0 to 10.0.9</li> <li>IBM Verify Identity Access – versions 11.0 to 11.0.1</li> <li>IBM i Access Family – versions 1.1.9.8 to 1.1.9.10</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://www.ibm.com/support/pages/bulletin/">IBM Product Security Incident Response</a></li> </ul><!–CUT & PASTE the French version info –></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7171" about="/en/alerts-advisories/palo-alto-networks-security-advisory-av26-032" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-032<br /><strong>Date: </strong>January 14, 2026</p> <p>On January 14, 2026, <span lang="en" xml:lang="en" xml:lang="en">Palo Alto Networks</span> published security advisories to address vulnerabilities in the following products:</p> <ul><li>Prisma Browser – versions prior to 142.21.4.163</li> <li>PAN-OS 12.1 – versions prior to 12.1.3-h3</li> <li>PAN-OS 12.1 – versions prior to 12.1.4</li> <li>PAN-OS 11.2 – multiple versions</li> <li>PAN-OS 11.1 – multiple versions</li> <li>PAN-OS 10.2 – multiple versions</li> <li>PAN-OS 10.1 – versions prior to 10.1.14-h20</li> <li>Prisma Access 11.2 – versions prior to 11.2.7-h8</li> <li>Prisma Access 10.2 – versions prior to 10.2.10-h29</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://security.paloaltonetworks.com/PAN-SA-2026-0001">PAN-SA-2026-0001 Chromium: Monthly Vulnerability Update (January 2026)</a></li> <li><a href="https://security.paloaltonetworks.com/CVE-2026-0227">CVE-2026-0227 PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal</a></li> <li><a href="https://security.paloaltonetworks.com/">Palo Alto Network Security Advisories</a></li> </ul><!–CUT & PASTE the French version info –></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7170" about="/en/alerts-advisories/red-hat-security-advisory-av26-031" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p class="mrgn-bttm-md"><strong>Serial number: </strong>AV26-031<br /><strong>Date: </strong>January 14, 2026</p> <p>Between January 5 and 11, 2026, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:</p> <ul><li>Red Hat CodeReady Linux Builder – multiple versions and platforms</li> <li>Red Hat Enterprise Linux – multiple versions and platforms</li> <li>Red Hat Enterprise Linux Server – multiple versions and platforms</li> <li>Red Hat Enterprise Linux for Real Time – multiple versions and platforms</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://access.redhat.com/security/security-updates/security-advisories">Red Hat Security Advisories</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7169" about="/en/alerts-advisories/drupal-security-advisory-av26-030" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p class="mrgn-bttm-md"><strong>Serial number: </strong>AV26-030<br /><strong>Date:</strong> January 14, 2026</p> <p>On January 14, 2026, Drupal published security advisories to address vulnerabilities in the following products:</p> <ul><li>Group invite – versions prior to 2.3.9, version 3.0.0 to versions prior to 3.0.4, version 4.0.0 to versions prior to 4.0.4</li> <li>Role Delegation – version 1.3.0 to versions prior to 1.5.0</li> <li>AT Internet SmartTag – versions prior to 1.0.1</li> <li>AT Internet Piano Analytics – versions prior to 1.0.1, version 2.0.0 to versions prior to 2.3.1</li> <li>Microsoft Entra ID SSO Login – versions prior to 1.0.4</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates or perform the suggested mitigations.</p> <ul class="list-unstyled"><li><a href="https://www.drupal.org/security">Drupal Security Advisories</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7168" about="/en/alerts-advisories/control-systems-schneider-electric-security-advisory-av26-029" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-029<br /><strong>Date: </strong>January 14, 2026</p> <p>On January 13, 2026, Schneider Electric published advisories to address vulnerabilities in the following products:</p> <ul><li>EcoStruxure Power Build Rapsody software – multiple versions</li> <li>Wiser iTRV2 Version Wiser iTRV3, Wiser RTR2, Wiser UFH, Wiser 16A Electrical Heat Switch, Wiser Boiler Relay, Exxact cFMT 16a, Elko cFMT 16a, Odace cFMT 2a, Merten cFMT 16a, Merten cFMT 2a, Wiser Power Micromodule, Wiser FIP Micromodule, Iconic, Wiser Connected Smart Dimmer, Iconic, Wiser Connected Smart Switch, 2AX, Iconic, Wiser Connected Smart Switch, 10AX, Iconic, Connected AC Fan Controller Iconic, Connected Smart Socket, Wiser Connected Application Module 1-Gang, Wiser Connected Application Module 2-Gang, Wiser Connected Push Button Dimmer, Wiser Connected Push Button Switch, Wiser Connected Push Button Shutter, Wiser Connected Motion Dimmer, Wiser Connected Motion Switch, Wiser Connected Rotary Dimmer, Connected Wireless Switch, Micromodule Switch, Micromodule Dimmer, Micromodule Shutter, Connected Single Socket Outlet, Connected Double Socket Outlet, Fuga Connected Socket Outlet, Mureva EV Link – all versions</li> <li>EcoStruxure™ Process Expert – versions prior to 2025</li> <li>EcoStruxure™ Process Expert for AVEVA System Platform – all versions</li> <li>Plant iT/Brewmaxx – version v9.60 and later</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-013-04&amp;p_enDocType=Security+and+Safety+Notice&amp;p_File_Name=SEVD-2026-013-04.pdf">Multiple Vulnerabilities on EcoStruxure Power Build Rapsody</a></li> <li><a href="https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-013-03&amp;p_enDocType=Security+and+Safety+Notice&amp;p_File_Name=SEVD-2026-013-03.pdf">Multiple Third-Party Vulnerabilities on Zigbee Products</a></li> <li><a href="https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-013-02&amp;p_enDocType=Security+and+Safety+Notice&amp;p_File_Name=SEVD-2026-013-02.pdf">Incorrect Default Permissions Vulnerability on EcoStruxure™ Process Expert</a></li> <li><a href="https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-013-01&amp;p_enDocType=Security+and+Safety+Notice&amp;p_File_Name=SEVD-2026-013-01.pdf">Multiple Third-Party Vulnerabilities on ProLeiT Plant iT/Brewmaxx</a></li> <li><a href="https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp">Schneider Electric Security Notifications</a></li> </ul><!–CUT & PASTE the French version info –></div> </div> </div> </div> </div> </article>