< ciso
brief />
Security Advisory and Patch Watch Banner

All news in category “Security Advisory and Patch Watch

2058 articles · page 25 of 103

CISA flags new SD-WAN flaw as actively exploited in attacks

⚠️ CISA has flagged an information-disclosure vulnerability in Catalyst SD-WAN Manager (CVE-2026-20133) as actively exploited and gave federal agencies four days to secure affected systems. Cisco released patches in late February, stating the flaw is caused by insufficient file system access restrictions that can allow unauthenticated API access to sensitive OS information. CISA added the issue to its Known Exploited Vulnerabilities Catalog on April 20 and directed agencies to follow Emergency Directive 26-03 and Cisco hardening guidance or discontinue affected cloud services if mitigations are unavailable.
read more →

Zero Motorcycles Bluetooth Pairing Vulnerability Reported

🔒 Zero Motorcycles firmware versions 44 and earlier contain a Bluetooth pairing flaw (CVE-2026-1354) that can allow an attacker to forcibly pair with a motorcycle while it is in pairing mode. Once paired and in proximity, an attacker could use over-the-air firmware update capability to upload malicious firmware. The motorcycle must remain paired and within range for the entire update. Zero recommends secure pairing practices, physical key security, and plans a firmware update in May 2026; users should install updates when available.
read more →

Siemens SCALANCE W-700 Series Multiple Firmware Flaws

⚠️ Siemens SCALANCE W-700 series devices with firmware earlier than V6.6.0 are affected by multiple security vulnerabilities. Siemens released firmware V6.6.0 to address these issues and urges operators to update affected units promptly. Temporary mitigations include reducing Wi‑Fi power, restricting physical access, disabling A‑MSDU if available, and minimizing network exposure of control devices. Several flaws could allow remote attackers to execute actions or cause denial of service; some carry high or critical CVSS scores.
read more →

Silex SD-330AC and AMC Manager: Multiple Critical Flaws

⚠️ Silex Technology released updates addressing multiple serious vulnerabilities in SD-330AC and AMC Manager that could permit remote code execution, denial-of-service, or unauthenticated configuration changes. Affected versions include SD-330AC ≤ 1.42 and AMC Manager ≤ 5.0.2; vendor fixes are SD-330AC firmware 1.50+ and AMC Manager 5.1.0+. CISA notes CVSS scores up to 9.8 and recommends applying vendor updates and interim mitigations such as disabling HTTP/HTTPS for impacted functions, setting web-interface passwords, and disabling SNMP.
read more →

Multiple critical vulnerabilities in SenseLive X3050 devices

⚠️ The CISA advisory reports multiple high-severity vulnerabilities in SenseLive X3050 (V1.523) that can allow an attacker on the network to bypass authentication, obtain administrative access, and perform unauthorized firmware operations. Affected issues include hard-coded credentials, missing authentication and authorization, insufficient session handling, cleartext management traffic, CSRF, and unsafe configuration controls that may destabilize device operation. CISA notes no known public exploitation to date; administrators should reduce exposure and contact the vendor.
read more →

Siemens RUGGEDCOM CROSSBOW SAM-P Privilege Escalation

🔒 Siemens has identified a privilege escalation vulnerability (CVE-2026-27668) in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) that permits authenticated User Administrators to grant themselves access to any device group. The issue affects SAM-P versions prior to V5.8; Siemens has released V5.8 to remediate the flaw and recommends immediate updates. Operators should also minimize network exposure and follow established industrial security guidelines.
read more →

Siemens Industrial Edge Management Authentication Bypass

🔒 Siemens has disclosed an authorization bypass vulnerability in Industrial Edge Management that may allow an unauthenticated remote attacker to circumvent authentication and access connected devices using the product's remote connection feature. Tracked as CVE-2026-33892, the flaw has a CVSS v3.1 base score of 7.1 (High). Siemens released patched versions and urges operators to update immediately and restrict network access to affected systems.
read more →

Siemens SINEC NMS Authorization Bypass Vulnerability

⚠ Siemens ProductCERT reports an authorization bypass in SINEC NMS prior to V4.0 SP3 that permits an authenticated attacker to reset the password of any user account. The vulnerability arises from improper validation of authorization when processing password reset requests. Siemens has released V4.0 SP3 to remediate the flaw and CISA republished the vendor advisory. Until systems are updated, organizations should apply network restrictions, isolate control networks, and require secure remote access.
read more →

Hardy Barth Salia EV Charge Controller Vulnerabilities

🚨 CISA warns that the Hardy Barth Salia EV Charge Controller running firmware up to 2.3.81 contains two file‑upload vulnerabilities that can crash devices and may enable remote code execution. The issues are tracked as CVE-2025-5873 (CVSS 6.3) and CVE-2025-10371 (CVSS 7.3) and have public proof‑of‑concepts. Hardy Barth did not respond to coordination requests; operators should minimize network exposure and contact the vendor or eCharge for remediation guidance.
read more →

Siemens TPM 2.0 Vulnerability (CVE-2025-2884) Advisory

🔒 The Siemens TPM 2.0 reference implementation contains a vulnerability (CVE-2025-2884) in the CryptHmacSign helper that can perform an out‑of‑bounds read because it does not validate the signature scheme against the signature key algorithm. Successful exploitation could result in information disclosure or denial of service of the TPM. Siemens ProductCERT has published fixes for many affected SIMATIC and IPC models and is preparing additional updates; where fixes are not yet available, CISA and Siemens recommend network isolation and other mitigations.
read more →

Siemens SINEC NMS UMC Authentication Bypass Vulnerability

⚠️ A vulnerability in Siemens SINEC NMS when used with the User Management Component (UMC) allows an unauthenticated remote attacker to bypass authentication and gain unauthorized access to the application. Tracked as CVE-2026-24032 and scored CVSS v3.1 7.3 (High), the flaw stems from insufficient validation of user identity in the UMC. Siemens released an update; operators should upgrade to V4.0 SP3 or later. Limit network exposure, isolate control networks behind firewalls, and follow Siemens' industrial security guidance when applying fixes.
read more →

Siemens RUGGEDCOM CROSSBOW SAC: SQLite Vulnerability

⚠️ Siemens reports a vulnerability in RUGGEDCOM CROSSBOW Station Access Controller (SAC) that can lead to memory corruption, denial of service, or possible arbitrary code execution. The issue is tied to a numeric truncation error in older SQLite releases (prior to 3.50.2) and is tracked as CVE-2025-6965. Siemens recommends updating SAC to V5.8 or later and ensuring SQLite is at least version 3.50.2 to mitigate the risk.
read more →

Siemens Analytics Toolkit: Certificate Validation Flaw

🔒 Multiple Siemens analytics applications are affected by improper certificate validation in the Siemens Analytics Toolkit, which could allow an unauthenticated remote attacker to conduct man-in-the-middle (MITM) attacks. Affected products include Siemens Software Center, Simcenter 3D, Simcenter Femap, Simcenter STAR-CCM+, Solid Edge, and Tecnomatix Plant Simulation. Siemens has released vendor fixes; CISA and Siemens recommend applying the updates immediately, minimizing network exposure, and following operational security guidance to isolate control system networks and secure remote access.
read more →

Actively Exploited Apache ActiveMQ Flaw Impacts 6,400 Servers

🔐 Shadowserver reported that over 6,400 publicly exposed Apache ActiveMQ servers are vulnerable to an actively exploited code injection bug tracked as CVE-2026-34197. The flaw, discovered by Horizon3 researcher Naveen Sunkavally with the help of the Claude AI assistant after 13 years, permits authenticated actors to execute arbitrary code. Apache issued patches on March 30 in ActiveMQ Classic 6.2.3 and 5.19.4, and CISA has warned of in-the-wild exploitation and ordered federal agencies to secure affected systems.
read more →

Google Patches Antigravity IDE Prompt Injection Flaw

🛡️ Google has patched a critical prompt-injection vulnerability in its agentic IDE Antigravity that could allow attackers to achieve arbitrary code execution. Researchers at Pillar Security found that the find_by_name tool passed unsanitized input to the native fd search utility, enabling injection of the -X (exec-batch) flag to run staged scripts. Because this call executes before Strict Mode constraints are applied, an attacker can stage a malicious file and trigger it via a crafted search pattern. The issue was disclosed January 7 and fixed by Google on February 28.
read more →

CISA Adds Eight Exploited Flaws to KEV Catalog, Fixes Needed

⚠️ CISA added eight vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation and highlighting three flaws in Cisco Catalyst SD-WAN Manager. The list includes high-impact issues such as CVE-2025-32975 (Quest KACE SMA, CVSS 10.0) and authentication, path traversal, and XSS flaws in PaperCut, TeamCity, Kentico, and Zimbra. CISA noted prior ties of CVE-2023-27351 to Lace Tempest and recent Arctic Wolf telemetry on KACE abuse; Cisco confirmed active exploitation of two SD-WAN flaws in March 2026. Federal civilian agencies are urged to remediate the three Cisco vulnerabilities by April 23, 2026, and the remaining flaws by May 4, 2026.
read more →

Critical SGLang RCE via Malicious GGUF Model (CVE-2026-5760)

⚠️ A critical vulnerability (CVE-2026-5760) in SGLang allows remote code execution via specially crafted GGUF model files. The flaw targets the /v1/rerank endpoint, where a malicious tokenizer.chat_template containing a Jinja2 SSTI payload is rendered using an unsandboxed jinja2.Environment(), enabling arbitrary Python execution. Researcher Stuart Beck reported the issue to CERT/CC, which recommends replacing jinja2.Environment() with ImmutableSandboxedEnvironment to mitigate the risk. No patch was obtained during coordination.
read more →

CISA Adds Eight Vulnerabilities to KEV Catalog After Exploitation

⚠️ CISA added eight vulnerabilities to the Known Exploited Vulnerabilities (KEV) Catalog after observed active exploitation. The additions include flaws affecting PaperCut NG/MF, JetBrains TeamCity, Kentico Xperience, Quest KACE SMA, Synacor Zimbra, and multiple issues in Cisco Catalyst SD‑WAN Manager. Under BOD 22‑01, Federal Civilian Executive Branch agencies must remediate cataloged CVEs by the prescribed due dates; CISA strongly urges all organizations to prioritize timely remediation as part of routine vulnerability management.
read more →

Anthropic MCP Design Flaw Enables Remote Code Execution

⚠️ OX Security disclosed a systemic "by design" vulnerability in Anthropic's Model Context Protocol (MCP) SDK that permits remote command execution across reference implementations (Python, TypeScript, Java, Rust). Unsafe defaults in MCP's STDIO configuration produced 10 vulnerabilities affecting projects such as LiteLLM, LangChain, and Flowise, impacting over 7,000 public servers and 150 million downloads. Several downstream vendors have issued patches, but Anthropic has declined to change the protocol reference implementation, leaving an ongoing AI supply-chain risk.
read more →

Microsoft issues emergency Windows Server OOB updates

⚠️Microsoft has released out-of-band updates to address multiple issues affecting Windows Server systems after the April 2026 cumulative patches. An installation failure impacting KB5082063 on Windows Server 2025 and LSASS crashes that can force domain controllers into restart loops are the primary problems. Microsoft published OOB fixes for Server 2025 (KB5091157) — which resolves both issues — and separate updates for 23H2, 2022, 2019, 2016 and Azure hotpatch editions; some Server 2025 devices may also enter BitLocker recovery after KB5082063.
read more →