< ciso
brief />
Security Advisory and Patch Watch Banner

All news in category “Security Advisory and Patch Watch

2059 articles · page 32 of 103

Critical Auth Bypass in Anritsu Remote Spectrum Monitors

⚠️ Anritsu Remote Spectrum Monitor models MS27100A, MS27101A, MS27102A, and MS27103A contain an inherent authentication bypass (CVE-2026-3356) that permits unauthenticated network users to access and control the device management interface. The vendor reports no planned patch and confirms the issue is a design limitation with no configurable authentication. Successful exploitation can expose signal data, change operational settings, or render devices unavailable. CISA recommends isolating affected devices and restricting network access.
read more →

PX4 MAVLink Missing Authentication Allows Remote Shell

⚠️ A critical authentication flaw (CVE-2026-1579) in the MAVLink protocol used by PX4 Autopilot can allow unauthenticated actors with MAVLink access to execute arbitrary shell commands via the SERIAL_CONTROL message. The issue affects PX4 Autopilot v1.16.0_SITL_latest_stable. PX4 recommends enabling MAVLink 2.0 message signing for all non‑USB links and following the vendor's security hardening guidance to reduce exposure.
read more →

NCSC Urges Immediate Patching of Critical F5 BIG-IP Flaw

⚠️ The UK’s NCSC is urging organisations to immediately patch a critical vulnerability in F5 BIG-IP Access Policy Manager (APM) tracked as CVE-2025-53521, which is under active exploitation and can enable remote code execution when an APM access policy is configured on a virtual server. F5 has reclassified the issue from a denial‑of‑service to RCE with a revised CVSS of 9.8 after new information, and CISA has added it to its KEV catalog with a mandated federal patch deadline. Customers should follow F5’s incident‑handling and forensic guidance, isolate or rebuild affected systems, and report suspected compromises to the NCSC.
read more →

CISA Orders Federal Agencies to Patch Citrix Flaw Urgently

⚠️ CISA has ordered federal agencies to patch Citrix NetScaler appliances for CVE-2026-3055 by Thursday, April 2, after vendors warned the flaw is being actively exploited. The vulnerability arises from insufficient input validation in ADC and Gateway appliances configured as SAML identity providers and can enable unauthenticated attackers to steal admin session IDs and other sensitive information. Watchtowr reported in-the-wild abuse days after Citrix released fixes on March 23, and CISA has added the issue to its KEV Catalog and invoked BOD 22-01.
read more →

Detecting Kerberos Relay via DNS CNAME Abuse and Mitigation

🔒 CrowdStrike outlines detection for CVE-2026-20929, a Kerberos relay vulnerability exploited via DNS CNAME abuse that can enroll certificates from Active Directory Certificate Services (AD CS). Their correlation-based detection flags anomalous certificate-based authentications coincident with unusual AD CS Kerberos service access within a short time window. Customers can enable the provided CRT rule in Falcon Next‑Gen SIEM to activate alerts and support hunting.
read more →

Critical SQL Injection in Fortinet EMS Actively Exploited

⚠️ A critical SQL injection, CVE-2026-21643, is being actively exploited against FortiClient EMS, allowing unauthenticated attackers to execute arbitrary SQL via crafted HTTP requests. The flaw affects EMS 7.4.4 when multi-tenant mode is enabled; Fortinet released 7.4.5 to remediate. Researchers note the endpoint returns database error messages and lacks lockout protections, enabling rapid data extraction and credential theft. Administrators should patch immediately, remove internet exposure, and inspect HTTP headers for anomalous SQL.
read more →

Critical Citrix NetScaler Memory Flaw Actively Exploited

🔒 Citrix disclosed a critical memory overread vulnerability, CVE-2026-3055, in NetScaler ADC and NetScaler Gateway appliances that is being actively exploited to obtain sensitive data. The vendor says the issue affects on-prem appliances configured as a SAML identity provider and impacts versions before 14.1-60.58 and specified older 13.1 builds. Security researchers at watchTowr observed reconnaissance and confirmed exploitation from at least March 27 that can leak authenticated administrative session IDs, potentially enabling full appliance takeover. Administrators should prioritise immediate patching, isolate affected systems, and apply mitigation guidance from the vendor and security teams.
read more →

OpenAI Patches ChatGPT Data, Codex Token Vulnerability

🔒 OpenAI patched two vulnerabilities affecting ChatGPT and Codex that could have allowed covert exfiltration of user data and theft of GitHub tokens. Check Point disclosed a DNS-based side-channel in ChatGPT's Linux execution environment that encoded conversation content into outbound DNS requests, potentially enabling remote shell access. BeyondTrust found a command-injection bug in Codex that allowed branch-name payloads to retrieve GitHub tokens. Both flaws were responsibly disclosed and fixed in February 2026; vendors report no evidence of active exploitation.
read more →

LangChain path traversal bug raises AI pipeline risks

🛡️ Cyera researchers warn that insufficient input validation in AI orchestration tools can expose sensitive enterprise data. A newly disclosed path traversal flaw in LangChain (CVE-2026-34070) lets crafted input resolve paths outside intended directories and read arbitrary host files. Cyera analyzed that alongside an earlier unsafe deserialization issue (CVE-2025-68664) and a SQL injection affecting LangGraph checkpointing (CVE-2025-67644), showing how each flaw maps to distinct data exposures. Maintainers have released fixes; organizations should apply patches and adopt allowlists, sandboxing, safe deserialization practices, and parameterized queries immediately.
read more →

CISA Adds Citrix NetScaler OOB Read to KEV Catalog

⚠️ CISA added CVE-2026-3055, a Citrix NetScaler Out-of-Bounds Read vulnerability, to the Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation. This class of flaw is a frequent attack vector and poses significant risk to the federal enterprise. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by their due dates; CISA urges all organizations to prioritize timely remediation and risk reduction.
read more →

Critical Citrix NetScaler SAML IDP Memory Leak Exploit

⚠️ A critical out-of-bounds read vulnerability (CVE-2026-3055), disclosed by Citrix on March 23, is being actively exploited against NetScaler ADC and NetScaler Gateway appliances configured as SAML Identity Providers. The flaw (CVSS v4.0 9.3) allows unauthenticated attackers to leak memory contents via crafted SAMLRequest payloads. Citrix and security researchers urge immediate patching to the listed firmware releases and recommend checking NetScaler configurations for SAML IDP profiles.
read more →

Microsoft Pauses Windows KB5079391 After Install Errors

⚠️ Microsoft has paused the rollout of a Windows 11 preview update, KB5079391, after reports that installations fail with error 0x80073712. The optional cumulative update targeted Windows 11 24H2 and 25H2 and bundled 29 changes, including Smart App Control, display improvements, improved Windows Hello fingerprint reliability, and Windows RE stability for x64 apps on ARM64 devices. To prevent further impact, Microsoft has temporarily limited the update's availability through Windows Update while it investigates and said the issue will most likely be resolved before the April 14 Patch Tuesday, though no firm timeline was provided.
read more →

Critical FortiClient EMS SQL Injection Now Exploited

🔴 Threat intelligence firm Defused reports active exploitation of a critical SQL injection in Fortinet FortiClient EMS, tracked as CVE-2026-21643. The vulnerability lets unauthenticated attackers inject SQL via the HTTP 'Site' header to the EMS web GUI, enabling arbitrary code or command execution on unpatched systems. Fortinet fixed the issue in 7.4.5; administrators must upgrade immediately and block public access to EMS interfaces. Defused observed first exploitation four days after discovery and Shodan/Shadowserver data indicate many publicly exposed instances.
read more →

File Read Flaw in Smart Slider 3 Hits 500K WordPress Sites

🔒 A file-read vulnerability in Smart Slider 3 allows authenticated users with minimal privileges, including subscribers, to download arbitrary server files. The flaw (CVE-2026-3098) stems from missing capability checks and improper validation in the plugin's AJAX export actions, letting attackers export wp-config.php and other sensitive files. Researcher Dmitrii Ignatyev reported the issue and Wordfence validated the proof-of-concept. Nextendweb released a patch in version 3.5.1.34; site owners should update immediately.
read more →

Active Recon Targets Citrix NetScaler SAML IDP Flaw

🔍 A critical input-validation flaw in Citrix NetScaler ADC and NetScaler Gateway (CVE-2026-3055, CVSS 9.3) is being actively probed in the wild, security firms Defused Cyber and watchTowr report. The bug can cause memory overread and may leak sensitive data when appliances are configured as a SAML Identity Provider. Attackers are enumerating auth methods via /cgi/GetAuthMethods to identify vulnerable SAML IDP setups. Organizations should apply vendor patches immediately.
read more →

CISA Adds F5 BIG-IP CVE-2025-53521 to KEV After Exploitation

⚠️ CISA has added CVE-2025-53521 to its Known Exploited Vulnerabilities (KEV) list after evidence of active exploitation against F5 BIG-IP APM. The flaw, reclassified from a DoS to an RCE with a CVSS v4 score of 9.3, permits unauthenticated remote code execution when an APM access policy is configured on a virtual server. F5 published file, log, and traffic indicators and warned that webshells may run in memory. Organizations and FCEB agencies were directed to apply the vendor fixes by March 30, 2026.
read more →

Apple Issues Lock Screen Alerts for Outdated iOS and iPadOS

🔔 Apple has begun sending Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS, warning users of active web-based attacks and urging them to install a critical update. The alert follows Apple guidance and reports of exploit kits — notably Coruna and DarkSword — used to deliver malware via compromised websites. Users unable to update are advised to enable Lockdown Mode where available. Apple says it is aware of attacks; Kaspersky analysis links Coruna to the Operation Triangulation framework, and researchers warn the kits could democratize zero-day exploits.
read more →

Open VSX Flaw Allowed Malicious VS Code Extensions Live

🛡️ Researchers disclosed a patched bug in Open VSX's pre-publish scanning pipeline that allowed a malicious VS Code extension to pass vetting and go live. The defect, named Open Sesame, arose because a Java service returned a single boolean that conflated 'no scanners configured' with 'scanner failures,' causing failed scans to be treated as harmless. The vulnerability was fixed in Open VSX 0.32.0 after responsible disclosure.
read more →

Critical Langflow RCE Exploited Hours After Disclosure

🚨 Attackers weaponized a critical Langflow remote code execution flaw within hours of disclosure, prompting CISA to add CVE-2026-33017 to its Known Exploited Vulnerabilities catalog. The issue stems from an unauthenticated build_public_tmp API endpoint that accepts workflow data and executes embedded Python code without sandboxing, enabling unauthenticated RCE on versions up to 1.8.2. Langflow released a fix in v1.9.0 and agencies are urged to patch by April 8, 2026.
read more →

CISA Adds F5 BIG-IP RCE to Known Exploited Vulnerabilities

⚠️ CISA has added CVE-2025-53521, a remote code execution vulnerability in F5 BIG-IP, to the Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation. The agency notes this class of flaw is a frequent attacker vector and poses significant risk to the federal enterprise. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by assigned due dates. CISA strongly urges all organizations to prioritize timely remediation, apply vendor fixes or mitigations, and maintain active monitoring to reduce exposure.
read more →