Canadian Government Cyber Alerts

<article data-history-node-id="7557" about="/en/alerts-advisories/microsoft-security-advisory-april-2026-monthly-rollup-av26-352" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-352<br /><strong>Date: </strong>April 14, 2026<br /><strong>Updated: </strong>April 17, 2026</p> <p>On April 14, 2026, Microsoft published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products:</p> <ul><li>.NET 10.0 installed on Linux</li> <li>.NET 10.0 installed on Mac OS</li> <li>.NET 10.0 installed on Windows</li> <li>.NET 8.0 installed on Linux</li> <li>.NET 8.0 installed on Mac OS</li> <li>.NET 8.0 installed on Windows</li> <li>.NET 9.0 installed on Linux</li> <li>.NET 9.0 installed on Mac OS</li> <li>.NET 9.0 installed on Windows</li> <li>Azure Logic Apps</li> <li>Azure Monitor Agent</li> <li>Microsoft .NET Framework</li> <li>Microsoft .NET Framework 3.5 AND 4.8.1</li> <li>Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2</li> <li>Microsoft 365 Apps for Enterprise</li> <li>Microsoft Defender Antimalware Platform</li> <li>Microsoft Dynamics 365</li> <li>Microsoft Excel 2016</li> <li>Microsoft HPC Pack 2019</li> <li>Microsoft Office 2016</li> <li>Microsoft Office 2019</li> <li>Microsoft Office LTSC 2021</li> <li>Microsoft Office LTSC 2024</li> <li>Microsoft Office LTSC for Mac 2021</li> <li>Microsoft Office LTSC for Mac 2024</li> <li>Microsoft Power Apps</li> <li>Microsoft PowerPoint 2016</li> <li>Microsoft SQL Server 2016</li> <li>Microsoft SQL Server 2017</li> <li>Microsoft SQL Server 2019</li> <li>Microsoft SQL Server 2022</li> <li>Microsoft SQL Server 2025</li> <li>Microsoft SharePoint Enterprise Server 2016</li> <li>Microsoft SharePoint Server 2019</li> <li>Microsoft SharePoint Server Subscription Edition</li> <li>Microsoft Visual Studio 2022</li> <li>Microsoft Visual Studio Code CoPilot Chat Extension</li> <li>Office Online Server</li> <li>PowerShell</li> <li>Remote Desktop client for Windows Desktop</li> <li>Windows 10</li> <li>Windows 11</li> <li>Windows Admin Center</li> <li>Windows App Client for Windows Desktop</li> <li>Windows Server 2012</li> <li>Windows Server 2012 R2</li> <li>Windows Server 2016</li> <li>Windows Server 2019</li> <li>Windows Server 2022</li> <li>Windows Server 2025</li> </ul><p>Microsoft has received reports that CVE-2026-32201 has been exploited.</p> <p>On April 14, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-32201 to their Known Exploited Vulnerabilities (KEV) Database.</p> <h2 class="h3">Update 1</h2> <p>Open-source reporting indicates that the CVE-2026-33825 vulnerability is being exploited in the wild.</p> <p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://msrc.microsoft.com/update-guide/releaseNote/2026-Apr">April 2026 Security Updates</a></li> <li><a href="https://msrc.microsoft.com/update-guide/en-us">Security Update Guide</a></li> <li><a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-32201">CISA KEV: CVE-2026-32201</a></li> <li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33825">CVE-2026-33825 Detail</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7571" about="/en/alerts-advisories/jetbrains-security-advisory-av26-364" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-364<br /><strong>Date: </strong>April 17, 2026</p> <p>On April 17, 2026, JetBrains published a security advisory to address a vulnerability in the following product:</p> <ul><li>JetBrains Youtrack – versions prior to 2025.3.131383</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://www.jetbrains.com/privacy-security/issues-fixed/">JetBrains – Fixed security issues</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7570" about="/en/alerts-advisories/hashicorp-security-advisory-av26-363" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-363<br /><strong>Date: </strong>April 17, 2026</p> <p>On April 16, 2026, HashiCorp published security advisories to address vulnerabilities in the following products:</p> <ul><li>Vault Community Edition – multiple versions</li> <li>Vault Enterprise Edition – multiple versions</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://discuss.hashicorp.com/t/hcsec-2026-05-vault-kvv2-metadata-and-secret-deletion-policy-bypass-denial-of-service/77342">HCSEC-2026-05 – Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service</a></li> <li><a href="https://discuss.hashicorp.com/t/hcsec-2026-06-vault-vulnerable-to-server-side-request-forgery-in-acme-challenge-validation-via-attacker-controlled-dns/77343">HCSEC-2026-06 – Vault Vulnerable to Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS</a></li> <li><a href="https://discuss.hashicorp.com/c/security/52">HashiCorp Security</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7569" about="/en/alerts-advisories/microsoft-edge-security-advisory-av26-362" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-362<br /><strong>Date: </strong>April 17, 2026</p> <p>On April 16, 2026, Microsoft published a security update to address vulnerabilities in the following product:</p> <ul><li>Microsoft Edge Stable Channel – versions prior to 147.0.3912.72</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update.</p> <ul class="list-unstyled"><li><a href="https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#april-16-2026">Microsoft Edge Stable Channel Release Notes</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7529" about="/en/alerts-advisories/apache-activemq-security-advisory-av26-330" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number:</strong> AV26-330<br /><strong>Date:</strong> April 8, 2026<br /><strong>Update:</strong> April 16, 2026</p> <p class="mrgn-bttm-md">On April 8, 2026, Apache published a security advisory to address a vulnerability in the following products:</p> <ul><li>Apache ActiveMQ Broker – versions prior to 5.19.4</li> <li>Apache ActiveMQ Broker – 6.0.0 versions prior to 6.2.3</li> </ul><h2 class="h3">Update 1</h2> <p>On April 16, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-34197 to their Known Exploited Vulnerabilities (KEV) Database.</p> <p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt">CVE-2026-34197</a></li> <li><a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-34197">CISA KEV: CVE-2026-34197</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7568" about="/en/alerts-advisories/hpe-security-advisory-av26-361" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-361<br /><strong>Date: </strong>April 16, 2026</p> <p>On April 16, 2026, HPE published a security advisory to address vulnerabilities in the following product:</p> <ul><li>HPE Cray Supercomputing EX420 Compute Blade – versions prior to 1.91</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbcr05043en_us&amp;docLocale=en_US#hpesbcr05043-rev-1-hpe-cray-supercomputing-ex-serv-0">HPESBCR05043 rev.1 – HPE Cray Supercomputing EX Servers Using Intel Processors, INTEL-SA-01397, 2026.1 IPU, Intel Trust Domain Extensions (Intel TDX) module Advisory, Multiple Vulnerabilities</a></li> <li><a href="https://support.hpe.com/connect/s/securitybulletinlibrary?language=en_US">HPE Security Bulletin Library</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7567" about="/en/alerts-advisories/nginx-ui-security-advisory-av26-360" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-360<br /><strong>Date: </strong>April 16, 2026</p> <p>On April 10, 2026, Nginx UI published a security advisory to address a critical vulnerability in the following product:</p> <ul><li>Nginx UI – version v2.3.5 and prior</li> </ul><p>Open-source reporting indicates that the CVE-2026-33032 vulnerability is being exploited in the wild.</p> <p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates, when available.</p> <ul class="list-unstyled"><li><a href="https://github.com/0xJacky/nginx-ui/releases/tag/v2.3.6">Nginx UI – CVE-2026-33032</a></li> <li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33032">NVD – CVE-2026-33032 Detail</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7566" about="/en/alerts-advisories/drupal-security-advisory-av26-359" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-359<br /><strong>Date: </strong>April 16, 2026</p> <p>On April 15, 2026, Drupal published a security advisory to address a critical vulnerability in the following product:</p> <ul><li>Drupal core – multiple versions</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates or perform the suggested mitigations.</p> <ul class="list-unstyled"><li><a href="https://www.drupal.org/sa-core-2026-001">Drupal core – Critical – Cross-site scripting – SA-CORE-2026-001</a></li> <li><a href="https://www.drupal.org/security">Drupal Security Advisories</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7565" about="/en/alerts-advisories/google-chrome-security-advisory-av26-358" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-358<br /><strong>Date: </strong>April 15, 2026</p> <p>On April 15, 2026, Google published a security advisory to address vulnerabilities in the following product:</p> <ul><li>Stable Channel Chrome for Desktop – versions prior to 147.0.7727.101/102 (Windows/Mac) and 147.0.7727.101 (Linux)</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates, when available.</p> <ul class="list-unstyled"><li><a href="https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html">Google Chrome Security Advisory</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7564" about="/en/alerts-advisories/cisco-security-advisory-av26-357" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-357<br /><strong>Date: </strong>April 15, 2026</p> <p>On April 15, 2026, Cisco published security advisories to address vulnerabilities in the following products. Included were critical updates for the following:</p> <ul><li>Cisco Identity Services Engine (ISE) – multiple versions</li> <li>Cisco ISE Passive Identity Connector (ISE-PIC) – multiple versions</li> <li>Cisco Webex Services (cloud-based, configured to use SSO integration with Control Hub)</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested recommendations, and apply the necessary updates when available.</p> <ul class="list-unstyled"><li><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ">Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities</a></li> <li><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverepv">Cisco Identity Services Engine Remote Code Execution Vulnerabilities</a></li> <li><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL">Cisco Webex Services Certificate Validation Vulnerability</a></li> <li><a href="https://tools.cisco.com/security/center/publicationListing.x">Cisco Security Advisories</a></li> </ul><!–CUT & PASTE the French version info –></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7563" about="/en/alerts-advisories/splunk-security-advisory-av26-356" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-356<br /><strong>Date: </strong>April 15, 2026</p> <p>On April 15, 2026, Splunk published security advisories to address vulnerabilities in the following products:</p> <ul><li>Splunk Operator for Kubernetes Add-on – versions prior to 3.1.0</li> <li>Splunk MCP Server – versions prior to 1.0.3</li> <li>Splunk IT Service Intelligence (ITSI) – versions prior to 4.21.2</li> <li>Splunk Enterprise – multiple versions</li> <li>Splunk Cloud Platform – multiple versions</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://advisory.splunk.com/advisories">Splunk Security Advisories</a></li> </ul><!–CUT & PASTE the French version info –></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7562" about="/en/alerts-advisories/amd-security-advisory-av26-355" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-355<br /><strong>Date: </strong>April 15, 2026</p> <p>On April 14, 2026, AMD published security advisories to address vulnerabilities in the following products:</p> <ul><li>AMD EPYC Processors – multiple versions and models</li> <li>AMD Ryzen Processors – multiple versions and models</li> <li>AMD Ryzen Embedded Processors – multiple versions and models</li> <li>AMD EPYC Embedded Processors – multiple versions and models</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the web links provided and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7054.html">Incorrect use of LocateProtocol Service of the EFI_BOOT_Services table in SMI Handler – AMD-SB-7054</a></li> <li><a href="https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3016.html">IOMMU Write Buffer Vulnerability – AMD-SB-3016</a></li> <li><a href="https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3034.html">SEV-SNP Routing Misconfiguration – AMD-SB-3034</a></li> <li><a href="https://www.amd.com/en/resources/product-security.html">AMD Product Security</a></li> </ul><!–CUT & PASTE the French version info –></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7560" about="/en/alerts-advisories/tenable-security-advisory-av26-354" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-354<br /><strong>Date: </strong>April 14, 2026</p> <p>On April 14, 2026, Tenable published a security advisory to address critical vulnerabilities in the following product:</p> <ul><li>Tenable Identity Exposure – versions prior to 3.77.17</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://www.tenable.com/security/tns-2026-11">[R2] Tenable Identity Exposure Version 3.77.17 Fixes Multiple Vulnerabilities</a></li> <li><a href="https://www.tenable.com/security">Tenable Product Security Advisories</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7558" about="/en/alerts-advisories/adobe-security-advisory-av26-353" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-353<br /><strong>Date: </strong>April 14, 2026</p> <p>On April 14, 2026, Adobe published security advisories to address vulnerabilities in the following products:</p> <ul><li>Acrobat 2024 – version Win: 24.001.30362 and prior, Mac: 24.001.30360 and prior</li> <li>Acrobat DC – version 26.001.21411 and prior</li> <li>Acrobat Reader DC – version 26.001.21411 and prior</li> <li>Adobe Bridge – version 15.1.4 (LTS) and prior, version 16.0.2 and prior</li> <li>Adobe Connect Desktop Application – version 2025.3 and prior</li> <li>Adobe Connect – version 12.10 and prior</li> <li>Adobe DNG Software Development Kit (SDK) – versions DNG SDK 1.7.1 build 2502 and prior</li> <li>Adobe Experience Manager (AEM) Screens – version 6.5 Service Pack 24 and prior, version Feature Pack 11.7 and prior</li> <li>Adobe FrameMaker – version 2022 Release Update 8 and prior</li> <li>Adobe InCopy – version 21.2 and prior, version 20.5.2 and prior</li> <li>Adobe InDesign – version ID21.22 and prior, version ID20.5.2 and prior</li> <li>ColdFusion 2023 – version Update 18 and prior</li> <li>ColdFusion 2025 – version Update 6 and prior</li> <li>Illustrator 2025 – version 29.8.5 and prior</li> <li>Illustrator 2026 – version 30.2 and prior</li> <li>Photoshop 2026 – version 27.4 and prior</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://helpx.adobe.com/security.html">Adobe Security Advisories</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7556" about="/en/alerts-advisories/fortinet-security-advisory-av26-351" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-351<br /><strong>Date: </strong>April 14, 2026</p> <p>On April 14, 2026, Fortinet published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:</p> <ul><li>FortiSandbox 4.4 – versions 4.4.0 to 4.4.8</li> <li>FortiSandbox 5.0 – versions 5.0.0 to 5.0.5</li> <li>FortiAnalyzer Cloud 7.6 – versions 7.6.2 to 7.6.4</li> <li>FortiManager Cloud 7.6 – versions 7.6.2 to 7.6.4</li> <li>FortiDDoS-F 7.2 – versions 7.2.1 to 7.2.2</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-26-100">OS Command Injection through API endpoint</a></li> <li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-26-112">Unauthenticated Authentication bypass and Privilege escalation in FortiSandbox</a></li> <li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-26-121">Heap-based buffer overflow in oftpd daemon</a></li> <li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-26-119">SQL Injection via API</a></li> <li><a href="https://www.fortiguard.com/psirt?filter=1&amp;version=&amp;severity=5&amp;severity=4&amp;severity=3&amp;severity=2">Fortinet PSIRT Advisories</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7555" about="/en/alerts-advisories/control-systems-schneider-electric-security-advisory-av26-350" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-350<br /><strong>Date: </strong>April 14, 2026</p> <p>On April 14, 2026, Schneider Electric published advisories to address vulnerabilities in the following products:</p> <ul><li>Easergy MiCOM Px40 Series – multiple versions and models</li> <li>Connexium Managed Switches TCSESM – all versions</li> <li>Modicon Managed Switches MCSESM, MCSESP – all versions</li> <li>Modicon Redundancy Switches MCSESR – all versions</li> <li>PowerChute Serial Shutdown – version 1.4 and prior</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-03&amp;p_enDocType=Security+and+Safety+Notice&amp;p_File_Name=SEVD-2026-104-03.pdf">Use of Hard-coded Credentials vulnerability on Easergy MiCOM Px40 Series (PDF)</a></li> <li><a href="https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-02&amp;p_enDocType=Security+and+Safety+Notice&amp;p_File_Name=SEVD-2026-104-02.pdf">Third-Party vulnerability on Modicon Networking Managed Switches (PDF)</a></li> <li><a href="https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&amp;p_enDocType=Security+and+Safety+Notice&amp;p_File_Name=SEVD-2026-104-01.pdf">Multiple Vulnerabilities on PowerChute™ Serial Shutdown (PDF)</a></li> <li><a href="https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp">Schneider Electric Security Notifications</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7552" about="/en/alerts-advisories/sap-security-advisory-april-2026-monthly-rollup-av26-349" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-349<br /><strong>Date: </strong>April 14, 2026</p> <p>On April 14, 2026, SAP published security advisories to address vulnerabilities in multiple products. Included were updates for the following:</p> <ul><li>SAP Business Planning and Consolidation and SAP Business Warehouse – versions HANABPC 810, BPC4HANA 300, SAP_BW 750, 752, 753, 754, 755, 756, 757, 758 and 816</li> <li>SAP ERP and SAP S/4 HANA (Private Cloud and On-Premise) – versions SAP_FIN 618, 720, 730, EA-FIN 617, 700, SAPSCORE 135, S4CORE 102, 103, 104, 105, 106, 107, 108, 109, EA-APPL 600, 602, 603, 604, 605 and 606</li> <li>SAP BusinessObjects Business Intelligence Platform – versions ENTERPRISE 430, 2025 and 2027</li> <li>SAP Human Capital Management for SAP S/4HANA – versions S4HCMRXX 100, 101, 102, SAP_HRRXX 600, 604 and 608</li> <li>SAP Business Analytics and SAP Content Management – versions S4HCMRXX 100, 101, 102, SAP_HRRXX 600, 604 and 608</li> <li>SAP S/4HANA OData Service (Manage Reference Equipment) – version S4CORE 109</li> <li>SAP S/4HANA Backend OData Service (Manage Reference Structures) – version S4CORE 109</li> <li>SAP S/4HANA Frontend OData Service (Manage Reference Structures) – version UIS4H 109</li> <li>SAP Supplier Relationship Management (SICF Handler in SRM Catalog) – versions SRM_SERVER 702, 713 and 714</li> <li>SAP NetWeaver Application Server Java (Web Dynpro Java) – version WD-RUNTIME 7.50</li> <li>SAP NetWeaver Application Server ABAP – versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 and SAP_BASIS 816</li> <li>SAP HANA Cockpit and HANA Database Explorer – version SAP_HANA_COCKPIT 2.0</li> <li>SAP S/4HANA (Private Cloud and On-Premise) – versions S4CORE 105, 106, 107, 108, 109, FI-CA 606, 616, 617 and 618</li> <li>Material Master Application – versions S4CORE 102, 103, 104, 105, 106, 107, 108, 109, SCM_BASIS 700, SCM_BASIS 701, SCM_BASIS 702, SCM_BASIS 712, SCM_BASIS 713 and SCM_BASIS 714</li> <li>SAP S/4HANA OData Service (Manage Technical Object Structures) – version S4CORE 109</li> <li>SAP S4CORE (Manage Journal Entries) – versions S4CORE 104, 105, 106, 107 and 108</li> <li>SAP BusinessObjects Business Intelligence Platform – versions ENTERPRISE 430, 2025 and 2027</li> <li>SAP NetWeaver Application Server ABAP – versions SAP_UI 758 and 816</li> <li>SAP Landscape Transformation – versions DMIS 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020, S4CORE 102, 103, 104, 105, 106, 107, 108 and 109</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations, and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2026.html">SAP Security Patch Day – April 2026</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7551" about="/en/alerts-advisories/samsung-mobile-security-advisory-av26-348" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-348<br /><strong>Date: </strong>April 14, 2026</p> <p>On April 7, 2026, Samsung published a security update to address vulnerabilities in the following product:</p> <ul><li>Samsung mobile devices – versions prior to SMR-APR-2026 Release 1</li> </ul><p>The most recent security update resolves multiple identified vulnerabilities.</p> <p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update.</p> <ul class="list-unstyled"><li><a href="https://security.samsungmobile.com/securityUpdate.smsb?year=2026&amp;month=04">Samsung Security Updates</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7550" about="/en/alerts-advisories/control-systems-siemens-security-advisory-av26-347" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-347<br /><strong>Date: </strong>April 14, 2026</p> <p>On April 14, 2026, Siemens published a security advisory to address vulnerabilities in the following products. Included were updates for the following products:</p> <ul><li>Siemens Software Center – versions prior to V3.5.8.2</li> <li>Simcenter 3D – versions prior to V2506.6000</li> <li>Simcenter Femap – versions prior to V2506.0002</li> <li>Simcenter STAR-CCM+ – versions prior to V2602</li> <li>Solid Edge SE2025 – versions prior to V225.0 Update 13</li> <li>Solid Edge SE2026 – versions prior to V226.0 Update 04</li> <li>Tecnomatix Plant Simulation – versions prior to V2504.0008</li> <li>SINEC NMS – versions prior to V4.0 SP3 with UMC</li> <li>RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) – versions prior to V5.8</li> <li>SIPROTEC 5 – CP300 Devices – multiple versions and models</li> <li>SIPROTEC 5 Communication Modules – multiple versions and models</li> <li>SIPROTEC 5 Compact 7SX800 (CP050) – versions V8.70 to V9.30</li> <li>SIMATIC CN 4100 – hardware versions prior to FS 05</li> <li>SIMATIC Field PG – all versions</li> <li>SIMATIC IPC family – all versions</li> <li>SIMATIC IPC MD-57A – versions prior to V30.01.10</li> <li>SIMATIC ITP1000 – all versions</li> <li>Industrial Edge Management Pro V1 – versions V1.7.6 to V1.15.17</li> <li>Industrial Edge Management Pro V2 – versions V2.0.0 to V2.1.1</li> <li>Industrial Edge Management Virtual – versions V2.2.0 to V2.8.0</li> <li>SINEC NMS – versions prior to V4.0 SP3</li> <li>RUGGEDCOM CROSSBOW Station Access Controller (SAC) – versions prior to V5.8</li> <li>SCALANCE W-700 IEEE 802.11n family – versions prior to V6.6.0</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the web link provided, perform the suggested mitigations and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://www.siemens.com/global/en/products/services/cert.html#SecurityPublications">Siemens Security Advisories</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7548" about="/en/alerts-advisories/control-systems-abb-security-advisory-av26-346" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-346<br /><strong>Date: </strong>April 13, 2026</p> <p>On April 13, 2026, ABB published security advisories to address vulnerabilities in the following product:</p> <ul><li>ABB CI868 AC800M product line (System 800xA) for IEC 61850 – multiple firmware versions</li> <li>ABB CI850 Symphony Plus SD Series product line for IEC 61850 – multiple firmware versions</li> <li>ABB PM 877 Symphony Plus MR (Melody Rack) product line for IEC 61850 – firmware version 3.10 to 3.52</li> <li>ABB S+ Operations using IEC 61850 – multiple versions</li> <li>ABB Ability Symphony Plus – multiple versions</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and perform the suggested mitigations.</p> <ul class="list-unstyled"><li><a href="https://search.abb.com/library/Download.aspx?DocumentID=7PAA020125&amp;LanguageCode=en&amp;DocumentPartId=&amp;Action=Launch">Denial of Service Vulnerabilities in System 800xA, Symphony Plus IEC 61850 communication stack CVE ID: CVE-2025-3756 </a></li> <li><a href="https://search.abb.com/library/Download.aspx?DocumentID=7PAA017341&amp;LanguageCode=en&amp;DocumentPartId=&amp;Action=Launch">PostgreSQL vulnerabilities in ABB Ability Symphony Plus Engineering CVE ID: CVE-2023-5869, CVE-2023-39417, CVE-2024-7348, CVE-2024-0985 </a></li> <li><a href="https://global.abb/group/en/technology/cyber-security/alerts-and-notifications">ABB Cyber security alerts and notifications</a></li> </ul><!–CUT & PASTE the French version info –></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7547" about="/en/alerts-advisories/microsoft-edge-security-advisory-av26-345" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-345<br /><strong>Date: </strong>April 13, 2026</p> <p>On April 10, 2026, Microsoft published a security update to address vulnerabilities in the following product:</p> <ul><li>Microsoft Edge Stable Channel – versions prior to 147.0.3912.60</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update.</p> <ul class="list-unstyled"><li><a href="https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#april-10-2026">Microsoft Edge Stable Channel Release Notes</a></li> </ul><!–CUT & PASTE the French version info –></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7541" about="/en/alerts-advisories/adobe-acrobat-security-advisory-av26-340" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-340<br /><strong>Date: </strong>April 13, 2026</p> <p>On April 12, 2026, Adobe published a security advisory to address a critical vulnerability in the following products:</p> <ul><li>Acrobat Mac – versions prior to 24.001.30360</li> <li>Acrobat Windows – versions prior to 24.001.30362</li> <li>Acrobat DC – versions prior to 26.001.21411</li> <li>Acrobat Reader DC – versions prior to 26.001.21411</li> </ul><p>Adobe is aware of CVE-2026-34621 being exploited in the wild.</p> <h2 class="h3"> Update 1 </h2> <p> On April 13, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-34621 to their Known Exploited Vulnerabilities (KEV) Database. </p> <p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://helpx.adobe.com/security/products/acrobat/apsb26-43.html">Security update available for Adobe Acrobat Reader – APSB26-43</a></li> <li><a href="https://helpx.adobe.com/security.html">Adobe Security Advisories</a></li> <li><a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-34621">CISA KEV: CVE-2026-34621</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7248" about="/en/alerts-advisories/fortinet-security-advisory-av26-096" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-096<br /><strong>Date: </strong>February 9, 2026<br /><strong>Updated: </strong>April 13, 2026</p> <p>On February 6, 2026, Fortinet published a security advisory to address a critical vulnerability in the following product:</p> <ul><li>FortiClientEMS 7.4 – version 7.4.4</li> </ul><h2 class="h3">Update 1</h2> <p class="mrgn-bttm-md">Open-source reporting indicates that CVE-2026-21643 is being exploited in the wild.</p> <h2 class="h3">Update 2</h2> <p class="mrgn-bttm-md">On April 13, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-21643 to their Known Exploited Vulnerabilities (KEV) Database.</p> <p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://www.fortiguard.com/psirt/FG-IR-25-1142">SQLi in administrative interface – FG-IR-25-1142 (CVE-2026-21643)</a></li> <li><a href="https://cwe.mitre.org/data/definitions/89.html">CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)</a></li> <li><a href="https://www.fortiguard.com/psirt?filter=1&amp;version=&amp;severity=5&amp;severity=4&amp;severity=3&amp;severity=2">Fortinet PSIRT Advisories</a></li> <li><a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-21643">CISA KEV: CVE-2026-21643</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7536" about="/en/alerts-advisories/tenable-security-advisory-av26-336" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-336<br /><strong>Date:</strong> April 9, 2026<br /><strong>Updated:</strong> April 13, 2026</p> <p class="mrgn-bttm-md">On April 9, 2026, Tenable published a security advisory to address vulnerabilities in the following product:</p> <ul><li>Tenable Security Center – version 6.5.0 to 6.8.0</li> </ul><p><strong>Update 1</strong><br /> On April 13, 2026, Tenable updated affected products reflected above.</p> <p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://www.tenable.com/security/tns-2026-10">[R2] Stand-alone Security Patch Available for Tenable Security Center Versions 6.5.1, 6.6.0, 6.7.2 and 6.8.0: SC202604.1</a></li> <li><a href="https://www.tenable.com/security">Tenable Product Security Advisories</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7546" about="/en/alerts-advisories/wolfssl-security-advisory-av26-344" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-344<br /><strong>Date: </strong>April 13, 2026</p> <p>On April 9, 2026, wolfSSL published a security advisory to address vulnerabilities in the following product:</p> <ul><li>wolfSSL – versions 3.12.0 to versions prior to 5.9.1</li> </ul><p>CVE-2026-5194 is listed as critical with a CVSS score of 9.3.</p> <p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://github.com/wolfSSL/wolfssl/releases">wolfssl</a></li> <li><a href="https://github.com/advisories/GHSA-f5h9-5q52-qrx7">Missing hash/digest size and OID checks allow digests…</a></li> <li><a href="https://cwe.mitre.org/data/definitions/295.html">CWE-295 Improper Certificate Validation</a></li> <li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-5194">CVE-2026-5194</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7545" about="/en/alerts-advisories/dell-security-advisory-av26-343" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-343<br /><strong>Date: </strong>April 13, 2026</p> <p>Between April 6 and 12, 2026, Dell published security advisories to address vulnerabilities in multiple products:</p> <ul><li>Connectrix Switches and Directors – versions prior to sannav_ova_9x_os_02_2026</li> <li>Data Protection Advisor – versions 19.9 to 19.12 SP2</li> <li>Dell AX System – multiple versions and models</li> <li>Dell Data Protection Central – versions 19.9 to 19.12 with Data Protection Central OS Update prior to dpc-osupdate-1.1.26-1</li> <li>Dell EMC Isilon OneFS – versions 8.2.2 and prior</li> <li>Dell EMC PowerScale – version 9.0.0</li> <li>Dell Integrated System for Microsoft Azure Stack Hub 16G – versions prior to 2603</li> <li>Dell Networking OS10 – versions prior to 10.6.1.1</li> <li>Dell PowerProtect DP Series Appliance – versions prior to 2.7.9 with Data Protection Central OS Update prior to dpc-osupdate-1.1.26-1</li> <li>Dell PowerScale OneFS – multiple versions</li> <li>Elastic Cloud Storage – versions prior to 3.8.1.7</li> <li>ObjectScale – versions prior to 4.1.0.3 and 4.2.00</li> <li>PowerSwitch Z9664F-ON – versions prior to 3.54.5.1-11</li> <li>PowerSwitch S5448F-ON – versions prior to 3.54.5.1-14</li> <li>PowerSwitch S9664F-ON – versions prior to 3.54.5.1-11</li> <li>PowerSwitch E3200-ON – versions prior to 3.57.5.1-6</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://www.dell.com/support/security/en-ca">Dell Security advisories and notices</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7543" about="/en/alerts-advisories/ibm-security-advisory-av26-342" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-342<br /><strong>Date: </strong>April 13, 2026</p> <p>Between April 6 and 12, 2026, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:</p> <ul><li>DevOps Test Performance – versions 11.0 to 11.0.7</li> <li>EDB PGAI – multiple versions and models</li> <li>EDB PGAI Databases – version 18.0</li> <li>IBM App Connect Operator – multiple versions</li> <li>IBM App Connect Enterprise Certified Containers Operands – multiple versions</li> <li>IBM ApplinX – version 11.1</li> <li>IBM Cloud Pak for AIOps – versions 4.1.0 to 4.12.0</li> <li>IBM DataPower Gateway – multiple versions and models</li> <li>IBM Knowledge Catalog Premium Cartridge – multiple versions</li> <li>IBM Planning Analytics Local – versions 2.1.0 to 2.1.18</li> <li>IBM OpenAPI SDK Generator (Node.js) – version 5.4.9</li> <li>IBM Operations Analytics – Log Analysis – multiple versions</li> <li>IBM Storage Defender Copy Data Management – versions 2.2.0.0 to 2.2.28.1</li> <li>IBM Storage Sentinel Anomaly Scan Engine – versions 1.1.0 to 1.1.11</li> <li>IBM Tivoli Business Service Manager – version 6.2.0</li> <li>IBM Tivoli Business Netcool Impact – version 7.1.1</li> <li>IBM Tivoli Network Manager IP Edition – versions 4.2 GA to 4.2.0.23</li> <li>ITCAM for Transactions – version 7.4.0.2</li> <li>Rational Performance Tester – multiple versions</li> <li>watsonx.data – version 2.3</li> <li>watsonx Code Assistant On Prem – multiple versions</li> <li>IBM watsonx Orchestrate Developer Edition – versions 1.4.0 to 2.6.0</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://www.ibm.com/support/pages/bulletin/ ">IBM Product Security Incident Response</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7542" about="/en/alerts-advisories/red-hat-security-advisory-av26-341" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-341<br /><strong>Date: </strong>April 13, 2026</p> <p>Between April 6 and 12, 2026, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:</p> <ul><li>Red Hat CodeReady Linux Builder – multiple versions and platforms</li> <li>Red Hat Enterprise Linux – multiple versions and platforms</li> <li>Red Hat Enterprise Linux Server – multiple versions and platforms</li> <li>Red Hat Enterprise Linux for Real Time – multiple versions and platforms</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://access.redhat.com/security/security-updates/security-advisories">Red Hat Security Advisories</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7540" about="/en/alerts-advisories/control-systems-cisa-ics-security-advisories-av26-339" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-339<br /><strong>Date: </strong>April 13, 2026</p> <p>Between April 6 and 12, 2026, CISA published ICS advisories to address vulnerabilities in the following products:</p> <ul><li>Contemporary Controls BASC 2OT – BASControl20 3.1</li> <li>GPL Odorizers GPL750 – multiple versions and models</li> <li>Mitsubishi Electric GENESIS64 and ICONICS – multiple versions and models</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.</p> <ul class="list-unstyled"><li><a href="https://www.cisa.gov/news-events/cybersecurity-advisories">CISA ICS Advisories</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7539" about="/en/alerts-advisories/ubuntu-security-advisory-av26-338" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-338<br /><strong>Date: </strong>April 13, 2026</p> <p>Between April 6 and 12, 2026, Ubuntu published security notices to address vulnerabilities in the Linux kernel affecting the following products:</p> <ul><li>Ubuntu 14.04 LTS</li> <li>Ubuntu 16.04 LTS</li> <li>Ubuntu 18.04 LTS</li> <li>Ubuntu 20.04 LTS</li> <li>Ubuntu 22.04 LTS</li> <li>Ubuntu 24.04 LTS</li> <li>Ubuntu 25.10</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the web link provided and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://ubuntu.com/security/notices">Ubuntu Security Notices</a></li> </ul></div> </div> </div> </div> </div> </article>