< ciso
brief />
Security Advisory and Patch Watch Banner

All news in category “Security Advisory and Patch Watch

2059 articles · page 33 of 103

Windows 11 KB5079391 Preview Adds Smart App Control

🛡️ Microsoft released the KB5079391 preview cumulative update for Windows 11 24H2 and 25H2, delivering 29 non-security changes and optional fixes. The update lets administrators and users toggle Smart App Control on or off without reinstalling the OS via Settings > Windows Security > App & Browser Control. It also introduces display reliability enhancements, including support for monitors reporting refresh rates above 1000 Hz, native USB4 monitor connections, and improved HDR behavior. Installers can apply the preview via Windows Update or the Microsoft Update Catalog; installation is optional unless automatic preview updates are enabled.
read more →

LangChain and LangGraph Flaws Expose Files and Secrets

🔒 Researchers disclosed three vulnerabilities in LangChain and LangGraph that can expose filesystem files, environment secrets, and conversation history. The flaws — a path traversal, insecure deserialization, and an SQL injection — provide independent attack paths enabling exfiltration of Docker configs, API keys, and stored chats. Patches are available for the affected packages and organizations are urged to update immediately and audit prompt templates, deserialization paths, and checkpoint metadata.
read more →

CISA Warns: Critical Langflow RCE (CVE-2026-33017)

🔴 CISA warns that a critical code-injection vulnerability, CVE-2026-33017, in the Langflow AI workflow framework is being actively exploited for remote code execution. The flaw impacts Langflow versions 1.8.1 and earlier and can be triggered with a single crafted HTTP request due to unsandboxed flow execution, allowing attackers to build public flows without authentication. Administrators should upgrade to Langflow 1.9.0, disable or restrict the vulnerable endpoint, rotate keys and secrets, and avoid exposing Langflow directly to the internet. CISA added the issue to its Known Exploited Vulnerabilities list and set an April 8 deadline for agencies covered by BOD 22-01.
read more →

Talos: Critical Bugs Found in Canva, TP-Link, HikVision

🔒 Cisco Talos disclosed multiple vulnerabilities impacting Canva Affinity, TP-Link Archer AX53, and HikVision face recognition terminals. Researchers identified 19 EMF-related issues in Canva Affinity, including out-of-bounds reads and a type confusion that can lead to memory corruption and arbitrary code execution. TP-Link’s AX53 contains 10 vulnerabilities across tmpServer, tdpServer and SSH hostkey handling that range from buffer overflows to write-what-where flaws and credential exposure via MITM. A HikVision SADP XML parser stack-based buffer overflow can be triggered by a malicious network packet. All identified issues have been patched following coordinated disclosure; users should apply vendor updates and consider Snort rule coverage for detection.
read more →

Rapid Weaponization of Critical Oracle WebLogic RCE

⚠ A critical Oracle WebLogic RCE (CVE-2026-21962, CVSS 10.0) was weaponized the same day public exploit code was released, a CloudSEK honeypot study found. The high-interaction honeypot, run between January 22 and February 3, 2026, recorded immediate automated scanning and exploitation attempts. Researchers also observed probes for older WebLogic flaws and widespread generic web reconnaissance. Organizations are urged to apply patches, restrict console access, deploy WAFs and monitor logs.
read more →

Claude Chrome Extension Flaw Allowed Silent Prompting

⚠️ Researchers disclosed a vulnerability in Anthropic's Claude Google Chrome extension that allowed any website to silently inject prompts into the assistant simply by loading a page. Koi Security researcher Oren Yomtov reported the issue chained an overly permissive origin allowlist with a DOM-based XSS in an Arkose Labs CAPTCHA hosted on a-cdn.claude.ai. Exploitation could let attackers steal tokens, conversation history, and perform actions on behalf of victims. Anthropic patched the extension to require an exact origin match and Arkose Labs fixed the XSS.
read more →

OpenCode OC Messaging & USSD Gateway Vulnerability

⚠️ OpenCode Systems' OC Messaging and USSD Gateway version 6.32.2 contain an improper access control vulnerability (CVE-2025-70614, CVSS 3.1 Base Score 8.1) that can allow an authenticated low-privileged user to access SMS messages outside their tenant by providing a crafted company/tenant identifier. OpenCode released version 6.33.11 on 2026-01-06 to remediate the issue. Administrators should upgrade affected systems to 6.33.11 or later and limit network exposure of messaging gateways.
read more →

Critical CLI Escape in WAGO Managed Switches (CVE-2026-3587)

⚠️ An unauthenticated remote attacker can trigger a hidden CLI function in WAGO industrial managed switches to escape the restricted interface and gain full control of the device. The vulnerability is tracked as CVE-2026-3587 and classified under CWE-912. CISA rates the issue CRITICAL with a CVSS v3.1 base score of 10.0. Operators should install vendor fixed firmware or, as an interim measure, disable SSH and Telnet.
read more →

PTC Windchill and FlexPLM Critical Remote Code Execution

⚠️CISA reports a critical remote code execution vulnerability (CVE-2026-4681) affecting PTC Windchill and FlexPLM, with a CVSS v3.1 base score of 10.0. The issue stems from deserialization of untrusted data (CWE-94) and could allow unauthenticated attackers to run arbitrary code. PTC is developing a patch and advises immediate application of documented workarounds and updated Apache or IIS configurations to protect public, file, and replica servers.
read more →

CISA Adds One Vulnerability to Known Exploited Catalog

⚠ CISA has added one vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2026-33634, an Aqua Security Trivy issue involving embedded malicious code that CISA reports is being actively exploited. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by their due dates; CISA urges all organizations to prioritize timely patching and mitigation. CISA will continue to update the catalog as new evidence of exploitation emerges.
read more →

Critical Citrix NetScaler Memory Leak: CVE-2026-3055

🔔 A new critical out-of-bounds read vulnerability, CVE-2026-3055, affects customer-managed Citrix NetScaler ADC and NetScaler Gateway appliances configured as SAML IDPs and is rated 9.3 on the CVSS scale. The flaw allows unauthenticated remote attackers to leak potentially sensitive memory from the appliance, risking exposure of credentials and secrets. Citrix is urging immediate installation of updated builds and defenders should reduce public exposure and prioritize patching.
read more →

PolyShell Exploits Hit 56% of Vulnerable Magento Stores

🔔 Mass exploitation of the PolyShell vulnerability in Magento Open Source and Adobe Commerce began on March 19, with Sansec reporting attacks on 56.7% of vulnerable stores within days of public disclosure. The issue resides in Magento’s REST API, which accepts file uploads for custom cart options and can allow polyglot files to enable remote code execution or account takeover via stored XSS when server configurations permit. Adobe released a patch in 2.4.9-beta1 on March 10, 2026, but no stable production fix is yet available; Sansec has published IPs and IOCs and warns of a WebRTC-based payment skimmer used in some intrusions.
read more →

Chained Cisco Catalyst 9300 Flaws Could Cause DoS Outage

🔒 Cisco's Catalyst 9300 switches contain four vulnerabilities — two of which can be chained to escalate privileges and induce a denial-of-service by forcing the device into maintenance mode. Opswat's Unit 515 CIP Lab reported CVE-2026-20114 (command injection) and CVE-2026-20110 (insufficient sanitization), which together allow a low-privileged Lobby Ambassador account to gain higher privileges. Cisco released fixes in its March 25, 2026 IOS and IOS XE advisory; administrators should run the Software Checker, enable MFA for Lobby Ambassador accounts, and, where possible, set the privilege level for the 'start maintenance' command from the CLI.
read more →

Citrix urges urgent patching for NetScaler ADC and Gateway

⚠️ Citrix has released patches for two NetScaler vulnerabilities, including a critical memory overread (CVE-2026-3055) that affects appliances configured as SAML identity providers and can expose session tokens. The vendor also fixed CVE-2026-4368, a race-condition flaw on Gateway and AAA configurations that may cause user session mix-ups. Citrix strongly urges administrators to install the specified updates immediately and offers guidance to locate and remediate affected instances.
read more →

CISA Adds Langflow Code Injection to KEV Catalog Entry

⚠️ CISA has added CVE-2026-33017 — a Langflow code injection vulnerability — to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by the specified due dates. CISA urges all organizations to prioritize timely remediation to reduce exposure to active threats.
read more →

TP-Link patches critical Archer NX router auth bypass

🔒 TP-Link released firmware updates for its Archer NX200, NX210, NX500, and NX600 routers to fix multiple vulnerabilities, including a critical authentication bypass that can permit unauthenticated firmware uploads via certain HTTP CGI endpoints. The vendor additionally removed a hardcoded cryptographic key and patched two command injection flaws that require administrative access. TP-Link warned customers to install the latest firmware immediately to block potential attacks. Failure to update may leave devices susceptible to takeover or configuration manipulation.
read more →

PTC warns of imminent RCE threat in Windchill, FlexPLM

⚠️ PTC has alerted customers to a critical vulnerability (CVE-2026-4681) in Windchill and FlexPLM that could enable remote code execution via deserialization of trusted data. German authorities (BKA) have taken emergency action to warn organizations, citing an imminent threat. Patches are under development, and PTC published an Apache/IIS rule mitigation that denies access to the affected servlet path without breaking functionality. The vendor also released IoCs and detection guidance; if mitigation is not possible, prioritize disconnecting internet-facing instances or shutting down the service.
read more →

Citrix urges immediate patching for NetScaler flaws

⚠️Citrix has released a security bulletin for NetScaler ADC and NetScaler Gateway addressing two vulnerabilities: CVE-2026-3055 (critical out-of-bounds read, CVSS 9.3) and CVE-2026-4368 (race condition, CVSS 7.7). The issues affect customer-managed appliances with specific SAML IDP or Gateway/AAA configurations rather than default installs or Citrix-managed cloud instances. Cloud Software Group recommends immediate installation of the vendor-published patches and notes a temporary Global Deny List mitigation available for select 14.1 builds while upgrades are scheduled.
read more →

Schneider Electric Foxboro DCS Deserialization Flaw Patched

🔒 Schneider Electric has disclosed a deserialization of untrusted data vulnerability (CVE-2026-1286) impacting EcoStruxure Foxboro DCS versions prior to CS 8.1. An authenticated administrative user who opens a malicious project file could compromise confidentiality and integrity and potentially achieve remote code execution on a workstation (CVSS 3.1: 6.5). Schneider released CS 8.1 which requires FX-V3 licenses and a reboot; standard upgrade procedures apply. Until patched, follow mitigations such as restricting files to trusted sources, enforcing least privilege, and isolating DCS networks.
read more →

Memory Leak in Grassroots DICOM 3.2.2 Could Cause DoS

⚠ The Grassroots DICOM (GDCM) 3.2.2 library contains a memory leak vulnerability (CVE-2026-3650) that can be triggered by parsing specially crafted DICOM files with non-standard VR types. Successful exploitation can cause extensive heap allocations that are not released, producing resource exhaustion and a denial-of-service condition. This issue is rated High with a CVSS v3.1 base score of 7.5. Users should follow defensive best practices and monitor vendor distribution channels for updates.
read more →