< ciso
brief />
Security Advisory and Patch Watch Banner

All news in category “Security Advisory and Patch Watch

2059 articles · page 27 of 103

Critical Vulnerabilities in Anviz CX Series & CrossChex

⚠️ CISA published an advisory describing multiple critical vulnerabilities in Anviz products, including CX2 Lite, CX7, and CrossChex Standard. Issues range from unauthenticated firmware uploads and command injection to credential exposure and cleartext administrative sessions, any of which can lead to remote code execution and full device compromise. The advisory lists numerous CVEs with example CVSS up to 9.8 and notes no vendor response; organizations are urged to isolate affected devices and apply defensive mitigations immediately.
read more →

CISA Adds Apache ActiveMQ CVE to KEV Catalog (Apr 2026)

⚠️ CISA added CVE-2026-34197 — an Apache ActiveMQ improper input validation vulnerability — to the KEV Catalog after evidence of active exploitation. The advisory notes this vulnerability type is a frequent attack vector and poses significant risk to the federal enterprise. CISA reminds Federal Civilian Executive Branch agencies to follow BOD 22-01 remediation deadlines and strongly urges all organizations to prioritize timely mitigation.
read more →

Critical Weak Password Issue in Horner Automation PLCs

🔒 Horner Automation products contain a weak-password vulnerability (CVE-2026-6284) that allows network attackers to brute-force credentials and gain unauthorized access to PLC systems and services. Affected versions include Cscape v10.0, XL7 v15.60, and XL4 v16.32.0. The vulnerability is scored CVSS 3.1 9.1 (Critical) and is associated with CWE-521: Weak Password Requirements. Horner has released fixes—update to Cscape v10.2 SP2 and the latest XL4/XL7 firmware—and operators should minimize network exposure and use secure remote access.
read more →

Cisco Patches Critical Webex and Identity Services Flaws

🛡️ Cisco has released updates to address four critical vulnerabilities across Webex Services and Identity Services Engine (ISE) that could permit arbitrary code execution and user impersonation. A cloud-side SSO certificate validation flaw (CVE-2026-20184, CVSS 9.8) can allow unauthenticated impersonation, while three ISE input validation issues (CVE-2026-20147, CVE-2026-20180, CVE-2026-20186; CVSS 9.9) enable remote command or code execution when an attacker has appropriate credentials. Cisco provides specific patch levels and migration guidance and advises customers to apply updates or upload a new IdP SAML certificate to Control Hub where applicable.
read more →

Critical Architectural Flaw in MCP Threatens AI Supply Chain

⚠️ Researchers have identified a critical, systemic vulnerability in MCP, the open source model context protocol developed by Anthropic. An Ox Security report published on April 15 says an architectural decision in official MCP SDKs causes the STDIO interface to execute arbitrary commands even when a local server process fails to start, enabling attackers to run malicious commands without sanitization. The flaw could expose API keys, chat histories, internal databases and other sensitive data across thousands of instances, and Ox Security reports that Anthropic has declined to change the protocol.
read more →

April update may fail to install on Windows Server 2025

⚠️ Microsoft is investigating reports that the April KB5082063 cumulative security update fails to install on some Windows Server 2025 systems, with affected devices returning 0x800F0983 installation errors. The company says it is monitoring diagnostic telemetry and observed recurring failures after the April 14, 2026 release. A limited number of servers may also boot into BitLocker recovery and request recovery keys, a condition Microsoft says typically affects enterprise-managed configurations. Microsoft is continuing its investigation and will share additional details as they become available.
read more →

Critical Nginx UI Auth-Bypass (MCP) Flaw Actively Exploited

⚠️ A critical authentication bypass in nginx-ui (CVE-2026-33032) allows unauthenticated attackers to invoke privileged MCP actions via an unprotected /mcp_message endpoint. Exploitation can write, modify, and reload Nginx configuration files, enabling full server takeover from a single request. NGINX issued fixes (starting with 2.3.4, latest secure build 2.3.6) after disclosures; administrators should update and audit exposed instances immediately.
read more →

Critical 'MCPwn' Flaw in nginx UI Enables Full Takeover

⚠️ Pluto Security has published a full analysis of a critical vulnerability, CVE-2026-33032, in the nginx UI configuration tool that has been actively exploited since March. The flaw, rated CVSS 9.8, is caused by an unauthenticated MCP endpoint (/mcp_message) — dubbed MCPwn — which allows attackers to inject configs and trigger automatic nginx reloads. The vendor recommends applying the 2.3.4 patch released March 15; short-term mitigations include disabling MCP, locking access to trusted IPs, and reviewing logs for suspicious configuration changes.
read more →

CISA Flags Exploited Windows Task Host Vulnerability

⚠️ CISA warned federal agencies that a Windows Task Host privilege escalation flaw, tracked as CVE-2025-60710, is being treated as actively exploited and must be patched. The issue affects Windows 11 and Windows Server 2025 and arises from a link-following weakness in the Task Host that lets a local user with basic permissions elevate to SYSTEM. Agencies were given two weeks under BOD 22-01 to remediate; CISA urges all organizations to apply the patch or vendor mitigations immediately.
read more →

Critical nginx-ui MCP Authentication Bypass Exploited

🔒 A critical authentication bypass in nginx-ui (CVE-2026-33032, CVSS 9.8) is being actively exploited in the wild, allowing a single unauthenticated API request to take full control of exposed servers. The flaw stems from a missing authentication check on the /mcp_message endpoint while the companion /mcp endpoint retained middleware, exposing 12 MCP tools—seven of which enable destructive actions such as injecting configs, reloading services and intercepting traffic. Maintainers issued a fix in v2.3.4 the day after disclosure; organisations should update immediately, disable MCP if they cannot patch, restrict access to management interfaces and review logs and configurations for unauthorized changes.
read more →

Critical nginx-ui Authentication Bypass Enables Takeover

⚠️ A critical authentication-bypass flaw (CVE-2026-33032) in nginx-ui is being actively exploited to seize control of Nginx services. The issue stems from the MCP integration exposing two endpoints; /mcp_message lacks the AuthRequired() middleware and the default IP whitelist is treated as "allow all," permitting unauthenticated invocation of management tools. Update to v2.3.4 immediately or disable MCP and restrict access as interim mitigations.
read more →

April Patch Tuesday: Critical Flaws in SAP, Adobe, Microsoft

🔒 April's Patch Tuesday addresses critical vulnerabilities across major vendors. Patches fix a near-critical SQL injection in SAP (CVE-2026-27681) that enables arbitrary database commands, an actively exploited RCE in Adobe Acrobat Reader (CVE-2026-34621), and numerous high-severity Microsoft, Fortinet, and ColdFusion issues. FortiSandbox fixes close authentication-bypass and command-injection holes, while Adobe's ColdFusion updates remediate multiple code execution and path-traversal flaws. Organizations should prioritize vendor updates and apply mitigations where immediate patching is not possible.
read more →

Some Windows Servers Require BitLocker Key After Apr Update

🔐 Microsoft confirmed that some Windows Server 2025 devices may boot into BitLocker recovery after installing the April 2026 security update KB5082063. The issue affects very specific enterprise configurations where a Group Policy or registry setting includes PCR7 in the TPM platform validation profile while System Information reports Secure Boot State PCR7 Binding as 'Not Possible' and the Windows UEFI CA 2023 certificate is present but the 2023-signed Boot Manager is not yet running. Microsoft says the recovery key entry is required only once and has published workarounds: remove the Group Policy before deployment or apply a Known Issue Rollback (KIR) to prevent triggering BitLocker recovery.
read more →

Microsoft April Patch Fixes Two Zero-Day Vulnerabilities

🔒 Microsoft released its April Patch Tuesday update addressing an unusually large set of CVEs, including two zero-day flaws. CVE-2026-32201 is being actively exploited and is a SharePoint server spoofing vulnerability that can manipulate how information is presented to users. The second, CVE-2026-33825, is a publicly disclosed elevation-of-privilege bug in Microsoft Defender that could allow system-level access if chained with other exploits. Administrators are urged to prioritise these fixes and also review a high-risk IKEv2 remote code execution issue rated CVSS 9.8.
read more →

Microsoft Patches SharePoint Zero-Day, 168 Other Flaws

🛡️ Microsoft released updates addressing 169 vulnerabilities across its product portfolio, including an actively exploited SharePoint spoofing flaw (CVE-2026-32201) and 168 additional issues rated from Low to Critical. The fixes primarily remediate privilege escalation, information disclosure, and remote code execution weaknesses, and include a high-severity IKEv2 RCE (CVE-2026-33824, CVSS 9.8) and a publicly known Microsoft Defender privilege escalation (CVE-2026-33825). Organizations are urged to prioritize patches for actively exploited CVEs and critical RCEs and to follow Microsoft and CISA guidance for mitigations.
read more →

April Patch Tuesday: Windows, SharePoint, SAP Fixes

🔒 Microsoft’s April Patch Tuesday addresses 167 vulnerabilities, including an actively exploited SharePoint Server zero-day and a critical Windows IKE remote code execution bug. Administrators should prioritize CVE-2026-32201 in SharePoint and the 9.8-rated CVE-2026-33824 in the Windows IKE service. Temporary mitigations—blocking UDP ports 500/4500 or restricting traffic to known peers—reduce risk but do not replace patching. Teams must also apply critical SAP fixes and validate Microsoft Defender and Active Directory protections.
read more →

Microsoft Adds Protections for Malicious RDP Files Now

🔒 Microsoft has added new protections in the April 2026 cumulative updates to help block malicious Remote Desktop (.rdp) files commonly used in phishing campaigns. After the update users see a one-time educational prompt and, on subsequent opens, a security dialog that lists local resource redirections with every option disabled by default. Unsigned files receive a 'Caution: Unknown remote connection' warning and unknown publisher label. Administrators can temporarily disable the dialog via a registry policy but Microsoft advises keeping the protections enabled.
read more →

Microsoft Patch Tuesday April 2026: 167 Vulnerabilities Fixed

🔒 Microsoft released its April 2026 Patch Tuesday updates addressing 167 security flaws across Windows and related products, including a SharePoint Server zero-day (CVE-2026-32201) and a publicly disclosed Windows Defender privilege escalation dubbed BlueHammer. Google Chrome and Adobe issued emergency fixes for actively exploited zero-days. Administrators should prioritize patches for SharePoint, SQL Server, and Defender and restart browsers to ensure Chromium-based updates are applied.
read more →

Microsoft April 2026 Patch Tuesday: 165 Vulnerabilities

🔒 Microsoft released its April 2026 Patch Tuesday addressing 165 vulnerabilities across Windows, Office, .NET and server components, including eight rated critical. Critical issues include a .NET DoS (CVE-2026-23666), Remote Desktop and Office use-after-free flaws that can lead to code execution (CVE-2026-32157, CVE-2026-32190), multiple Word local code-execution bugs (CVE-2026-33114, CVE-2026-33115), and an IKEv2 double-free enabling remote code execution (CVE-2026-33824). Talos notes SharePoint vulnerability CVE-2026-32201 is being exploited in the wild and has released Snort rules; administrators should prioritize exposed services and apply mitigations such as blocking UDP 500/4500 if IKE is unused.
read more →

Microsoft Issues Windows 10 KB5082200 Extended ESU

🔒 Microsoft has released the Windows 10 KB5082200 extended security update to address the April 2026 Patch Tuesday fixes, including two zero-day vulnerabilities. After installation, Windows 10 is updated to build 19045.7184 and Windows 10 Enterprise LTSC 2021 to build 19044.7184. The update adds Remote Desktop (.rdp) phishing protections, introduces dynamic Secure Boot status indicators in Windows Security, and fixes BitLocker recovery issues on certain Intel Connected Standby devices. Devices enrolled in ESU or running Enterprise LTSC can install via Windows Update.
read more →