Patch management

Cybersecurity News Security Advisory

Security Flaw in LMDeploy Exploited in 12 hours is CVE-2026-33626

CVE-2026-33626 vulnerbility in LLMDeploy

Continue Reading
Security Advisory

Apache ActiveMQ Vulnerability CVE-2026-34197 Exploited in the Wild

CVE-2026-34197, an Apache ActiveMQ flaw

Continue Reading
Security Advisory

Microsoft April 2026 Patch Tuesday- Fixes 165 Flaws including 2 Zero-Days

Summary: Microsoft released its April 2026 Patch Tuesday addressing 165 security vulnerabilities across Windows, Office, SharePoint, Microsoft Defender, .NET Framework, Azure, SQL Server and other components.

The April release brings in relevant update and significant accessibility improvements, display and hardware enhancements, and several quality-of-life additions across Settings and File Explorer. 

The first of the two zero-days is CVE-2026-32201, a spoofing vulnerability leading to cross-site scripting (XSS) in Microsoft SharePoint Server.The issue stems from an input validation failure that lets an attacker inject malicious scripts through improperly sanisised input fields.

Elevation of privilege (EoP) vulnerabilities accounted for 57.1% of the vulnerabilities patched this month, followed by information disclosure vulnerabilities and remote code execution (RCE) vulnerabilities at 12.3% each.

OEMMicrosoft
SeverityCritical
Date of Announcement2026-04-14
No. of Vulnerability165
Actively ExploitedYes
Exploited in WildYes
Advisory Version1.0

Overview

This is the second-largest Patch Tuesday release in Microsoft’s history. The update includes two zero-day vulnerabilities one actively exploited in the wild (SharePoint spoofing) and one publicly disclosed (Microsoft Defender privilege escalation linked to the BlueHammer exploit).

Here are the CVE addresses for Microsoft April 2026:

  • 165 Microsoft CVEs
  • 82 Non Microsoft CVEs

Breakdown of April 2026 Vulnerabilities

  • 93 Elevation of Privilege (EoP)
  • 20 Remote Code Execution
  • 21 Information Disclosure
  • 10 Denial of Service (DoS)
  • 9 Spoofing
  • 13 Security Feature Bypass
Vulnerability NameCVE IDProduct AffectedSeverityCVSS Score
Windows Internet Key Exchange (IKE) Service Extensions RCECVE-2026-33824Windows IKE ServiceCritical9.8
Windows TCP/IP Remote Code Execution (Wormable via IPv6)CVE-2026-33827Windows TCP/IP StackCritical9.8
Windows Active DirectoryRemote Code ExecutionCVE-2026-33826Windows Active DirectoryCritical9.1
Remote Desktop Client Remote Code ExecutionCVE-2026-32157Remote Desktop ClientHigh8.8
Microsoft Office Remote Code Execution (Preview Pane)CVE-2026-32190Microsoft OfficeHigh8.4
Microsoft Word Remote Code Execution (Preview Pane)CVE-2026-33114Microsoft WordHigh8.4
Microsoft  Word Remote Code Execution (Preview Pane)CVE-2026-33115Microsoft WordHigh8.4

Technical Summary

This month’s Patch Tuesday is largely driven by Elevation of Privilege vulnerabilities, which make up a significant portion of the fixes and can be leveraged by attackers after initial access to escalate privileges and move laterally.

The release also includes several critical remote code execution issues in core Windows components. Notably, vulnerabilities such as those affecting the Windows IKE service and TCP/IP stack demonstrate the risk of unauthenticated or low-interaction exploitation, particularly in network-exposed scenarios. Other issues in Office, Word, and Remote Desktop highlight continued risk from user-driven attack vectors such as malicious documents and crafted connection files.

The update also addresses zero-day vulnerabilities, including one actively exploited and another publicly disclosed prior to patching, increasing the urgency for remediation.

Key vulnerabilities in this cycle show a mix of attack paths from preview pane-based document exploitation to wormable network flaws and Active Directory-based code execution through authenticated access.

This combination of network-level and user-interaction-based risks, along with the volume of privilege escalation issues, makes this a high-priority update cycle. Organizations should prioritize testing and deployment to reduce exposure across both endpoint and infrastructure layers.

CVE IDSystem AffectedVulnerability DetailsImpact
CVE-2026-33824Windows IKE Service ExtensionsUnauthenticated attacker can send crafted UDP packets to IKEv2-enabled systems (UDP 500/4500), achieving full remote code execution with no prior access requiredRemote Code Execution
CVE-2026-32190Microsoft OfficeExploitation via preview pane allows execution of malicious payload without explicit user interaction beyond viewing fileRemote Code Execution
CVE-2026-33114 / 33115Microsoft WordMalicious document processed via preview triggers RCE; commonly used in phishing delivery chainsRemote Code Execution
CVE-2026-32157Remote Desktop ClientRCE triggered when user connects using a crafted RDP file; attack surface includes lateral movement scenariosRemote Code Execution
CVE-2026-33827Windows TCP/IP StackRace condition in IPv6/IPsec stack enables unauthenticated wormable RCE across enterprise networksRemote Code Execution
CVE-2026-33826Windows Active DirectoryAuthenticated attacker executes code via crafted RPC calls within domain; high likelihood of privilege chainingRemote Code Execution

Key Affected Products and Services

April 2026 updates address vulnerabilities across:

  • Windows Core Components

Kernel, TCP/IP stack, Active Directory, IKE Service, BitLocker, NTFS, SMB, and Remote Desktop components are impacted, including critical RCE and privilege escalation vulnerabilities.

  • Microsoft Office Suite

Word, Excel, and PowerPoint are affected by multiple remote code execution vulnerabilities, including cases exploitable through the preview pane.

  • SharePoint & Collaboration

SharePoint Server (2016, 2019, Subscription Edition) is impacted, including an actively exploited zero-day vulnerability requiring immediate attention.

  • Microsoft Defender

A publicly disclosed elevation of privilege vulnerability is addressed through updates to the Antimalware Platform.

  • .NET Framework & Developer Tools

.NET and related developer components, including Visual Studio, are affected by denial of service and privilege escalation vulnerabilities.

  • Azure & Cloud Services

Azure components such as Logic Apps and monitoring agents include vulnerabilities related to information disclosure and privilege escalation.

  • SQL Server

Multiple vulnerabilities affecting SQL Server components, including privilege escalation and remote code execution risks, are addressed.

Remediation:

  • Apply April 2026 security updates on all Windows systems as a priority

Here are some recommendations

  • Prioritize patching internet-facing and critical services, particularly SharePoint and core Windows components.
  • Ensure Microsoft Defender and other security components are updated to the latest platform versions.
  • Review network exposure and apply temporary mitigations where patching may be delayed.
  • Monitor for suspicious activity, especially related to privilege escalation, remote code execution, and authentication anomalies.
  • Validate that systems are aligned with ongoing platform security updates, including Secure Boot-related changes.

Conclusion:
April 2026 Patch Tuesday addresses a significant number of vulnerabilities across Windows and related Microsoft products, including an actively exploited issue, multiple critical remote code execution flaws, and a high volume of privilege escalation vulnerabilities. Given the breadth of affected components and the potential for attack chaining, organizations should prioritize timely testing and deployment of updates, especially for critical and externally exposed systems.

References:

Cybersecurity News Security Advisory

Vulnerable ABAP Program Patched by SAP in April Security Updates

SAP security patch day saw the release of 19 new security notes on April 14th. There is 1 update to previously released security note. The update addresses several severe flaws, including critical SQL injection, denial of service (DoS) and code injection vulnerabilities.

Vulnerability Details:

[CVE-2026-27681] SQL Injection vulnerability in SAP Business Planning and Consolidation and SAP Business Warehouse is most critical with CVSS score 9.9. This flaw may allow attackers to run arbitrary database queries, potentially compromising sensitive information and system integrity.

SAP also released a security note that addresses a high-severity missing authorization check in ERP and S/4 HANA. Tracked as CVE-2026-34256, is missing authorization check in SAP ERP and SAP S/4 HANA. With a CVSS score of 7.1, this vulnerability could enable unauthorized users to perform restricted actions in both private cloud and on‑premise deployments

Further it could be exploited to execute an ABAP program and rewrite existing eight‑character executable programs.

[CVE-2025-64775] Denial of Service Vulnerability in SAP BusinessObjects Business Intelligence Platform, the criticality is medium

[CVE-2026-34264] Information Disclosure vulnerability in SAP Human Capital Management for SAP S/4HANA, medium criticality

Key inputs:

Of the remaining security notes, 16 (15 new and 1 updated) deal with medium-severity vulnerabilities that could lead to information disclosure.

The vulnerabilities may trigger denial-of-service (DoS), XSS attacks, code injection, redirection to malicious content or code execution in the victim’s browser.

Patching:

The flaws were patched in BusinessObjects, Business Analytics, Content Management, S/4HANA, Supplier Relationship Management, NetWeaver, HANA Cockpit and HANA Database Explorer, Material Master Application and S4CORE.

The two remaining notes address low-severity code injection bugs in NetWeaver and Landscape Transformation.

Refer to

Dec 2025 Security Advisory SAP Security Patch Released, Critical RCE Fixed & DoS Vulnerabilities 

Conclusion: SAP strongly recommends that the customer visits the support portal and applies patches on priority to protect their SAP landscape.

Sources: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2026.html

Sources: https://www.securityweek.com/sap-patches-critical-abap-vulnerability/

Security Advisory

Emergency Patch Issued by Fortinet in Latest FortiClient Vulnerabilities

Emergency Patch Issued by Fortinet for FortiClient for Vulnerability

Continue Reading
Security Advisory

CISCO Vulnerability Allows RCE in its Smart Software Manager on-Premise

CVE-2026-20160, Vulnerability in CISCO’s smart software manager may allows attackers to gain complete control over the affected system without needing authentication which is gaining prior access to exploit the system.  The CVSS severity score of 9.8 out of 10, indicating its high risk level.

Authentication and access controls play a crucial role in web application and system security. What can happen?

  • Data theft
  • System compromise
  • Privilege escalation

CISCO’s Smart Software Manager Flaw

In this case the vulnerability exposure allowed unauthorized access, as attackers do not need login credentials when a hacker can execute arbitrary commands on the operating system. Further escalating by creating crafted request to the service’s API. The vulnerability impacted certain versions of the Cisco SSM On-Prem environments, particularly software releases from 9-202502 to 9-202510.

Remediation for organizations

Organizations can prevent authentication bypass through regular patching, multi-factor authentication, encryption, and strong password policies.

The vulnerability did not impact CISCO’s smart software newly released version 9-202601 includes a patch that fixes the flaw.

Cisco advises to upgrade to version 9-202601 immediately, as there are no current workarounds or temporary mitigations to block potential attacks.

For IT teams notes include devices meet the necessary memory and hardware specifications before proceeding with the update. 

Key findings from CVE-2026-20160 Vulnerability

The vulnerability was discovered internally by Cisco’s Technical Assistance Center (TAC) team and they found no immediate exploitations in the wild

With the disclosure can motivate hackers to reverse-engineer the patch and search for vulnerable systems.  Following Cisco’s guidelines and maintaining up-to-date security measures will be essential in mitigating risks associated and stop any kind of data breaches.

Conclusion:

Research shows that, making timely patching critical for authentication security is essential and failing to do that can lead to data breaches.

The Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory. Cisco strongly recommends that customers upgrade to the fixed software indicated in this advisory.

Sources: Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability

Cybersecurity News Security Advisory

Enterprise Security at Risk as Critical Flaw Found in OpenAI’s Codex

Codex Enabled GitHub Token Theft

Continue Reading
Security Advisory

Critical YARA Vulnerability Exposes Linux Systems – Patch Now 

Summary : YARA is an open-source pattern matching engine widely used by malware researchers, SOC teams, and threat intelligence platforms to identify and classify malware using detection rules. It plays a critical role in malware analysis pipelines, endpoint detection systems, and threat hunting operations.

Kamil Frankowicz discovered that a number of YARA’s functions generated memory exceptions when processing specially crafted rules or files. A remote attacker could possibly use these issues to cause YARA to crash, resulting in a denial of service.

OEM Virus Total / YARA Project (Tool) 
Severity Critical 
CVSS Score 9.1 
CVEs CVE-2021-3402, CVE-2021-45429, CVE-2019-19648, CVE-2018-19974, 2018-19975, 2018-19976 
POC Available No 
Actively Exploited No 
Exploited in Wild No 
Advisory Version 1.0 

Overview 

Ubuntu has released a security advisory addressing multiple vulnerabilities in YARA that could allow attackers to cause denial-of-service conditions, disclose sensitive information, or potentially execute arbitrary code when processing specially crafted files or rules.

These vulnerabilities affect Ubuntu 16.04 LTS, 18.04 LTS, and 20.04 LTS depending on the specific issue. Organizations using YARA in security monitoring systems, malware sandboxes, or automated threat detection workflows should apply the security updates immediately. 

      Vulnerability Name CVE ID Product Affected Severity CVSS Score Fixed Version 
Mach-O Parser Overflow Read Vulnerability CVE-2021-3402 YARA  Critical 9.1 Updated Ubuntu packages 
Mach-O File Parsing Out-of-Bounds Access CVE-2019-19648 YARA  High 7.8 Updated Ubuntu packages 

Technical Summary 

The most critical vulnerability CVE-2021-3402 exists in the macho.c implementation used by YARA to parse Mach-O files.

The flaw allows specially crafted Mach-O files to trigger overflow reads, which could result in denial of service or potential information disclosure. Given its high CVSS score, this issue represents the most severe risk addressed in this advisory. 

Another high-severity vulnerability CVE-2019-19648 affects the macho_parse_file() function. When parsing specially crafted Mach-O files, the function may trigger out-of-bounds memory access, potentially leading to application crashes or execution of malicious code in certain scenarios. 

Because YARA is frequently integrated into malware analysis platforms and automated threat detection pipelines, successful exploitation could disrupt security monitoring operations or compromise malware analysis environments. 

CVE ID System Affected Vulnerability Details Impact 
CVE-2021-3402 YARA (Ubuntu 20.04) Overflow read vulnerability in Mach-O parsing implementation DoS, potential information disclosure 
CVE-2019-19648 YARA (Ubuntu 20.04) Out-of-bound memory access during Mach-O file parsing DoS or possible code execution 

Additional Vulnerabilities 

The advisory also includes several medium-severity vulnerabilities affecting YARA components. 

CVE ID Vulnerability Details Impact 
CVE-2021-45429 Buffer overflow in yr_set_configuration() when parsing crafted rules Denial of Service 
CVE-2018-19976 YARA virtual machine sandbox escape Possible code execution 
CVE-2018-19975 VM sandbox escape vulnerability Possible code execution 
CVE-2018-19974 Virtual machine security bypass Possible code execution 

Potential Consequences 

  • Disruption of malware detection pipelines 
  • Denial of service in security analysis environments 
  • Information disclosure through crafted files 
  • Potential arbitrary code execution in analysis systems 
  • Reduced visibility in SOC threat detection workflows 

Remediation 

Upgrade affected packages immediately to the patched versions provided by Ubuntu are mentioning below- 

Released patches  

Ubuntu Release Package Fixed Version 
Ubuntu 20.04 LTS libyara3 3.9.0-1ubuntu0.1 esm1 
yara 3.9.0-1ubuntu0.1 esm1 
Ubuntu 18.04 LTS libyara3 3.7.1-1ubuntu2+esm1 
yara 3.7.1-1ubuntu2+esm1 
Ubuntu 16.04 LTS libyara3 3.4.0+dfsg-2ubuntu0.1 esm1 
python-yara 3.4.0+dfsg-2ubuntu0.1 esm1 
python3-yara 3.4.0+dfsg-2ubuntu0.1 esm1 
yara 3.4.0+dfsg-2ubuntu0.1 esm1 

If immediate patching is not possible, apply the following temporary mitigations – 

  1. Restrict scanning of untrusted files in automated YARA pipelines. 
  1. Limit rule ingestion from untrusted sources. 
  1. Monitor malware analysis systems for abnormal crashes. 
  1. Limit exposure of YARA-based detection pipelines to untrusted Mach-O or .NET file inputs. 

You can follow the recommendations below as the best practice. 

  • Regularly update malware detection tools. 
  • Validate YARA rules before deployment. 
  • Validate and sandbox file inputs before passing them to YARA for analysis. 
  • Implement least-privilege execution environments for YARA scanning processes. 
  • Monitor logs for abnormal process crashes or memory-related errors in YARA. 

Conclusion: 
Multiple vulnerabilities in YARA could allow attackers to disrupt malware detection processes or compromise analysis environments. The critical vulnerability CVE-2021-3402 and high-severity vulnerability CVE-2019-19648 pose the greatest risk and should be prioritized for remediation. 

Organizations using YARA in SOC operations, malware analysis pipelines, or threat intelligence systems should apply the latest Ubuntu security updates immediately to maintain reliable threat detection capabilities. 

References:  

 

Security Advisory

Python Regression & Email Header- Ubuntu Security Updates Patch Now 

Summary: USN-8018-1 fixed vulnerabilities in python3. That update introduced regressions. The patches for CVE-2025-15366 and CVE-2025-15367 caused behavior regressions in IMAP and POP3 handling, which upstream chose to avoid by not backporting them. 

OEM Python 
Severity Medium 
CVSS Score 6.5 
CVEs CVE-2026-0865, CVE-2025-15366, CVE-2025-15367 
POC Available No 
Actively Exploited No 
Exploited in Wild No 
Advisory Version 1.0 

Overview 

Python is a widely used high-level programming language that powers many enterprise applications, automation frameworks, DevOps pipelines, web platforms and email-processing services. Many Linux distributions – Ubuntu provide Python runtime packages as core system components. 

Ubuntu released USN-8018-2 to address regressions introduced in the previous security update USN-8018-1. The earlier update attempted to fix vulnerabilities related to email header parsing and input validation but unintentionally introduced compatibility issues affecting IMAP, POP3, and WSGI header processing. 

The new advisory prioritizes the fix for CVE-2026-0865, while also addressing issues related to CVE-2025-15366 and CVE-2025-15367.  

      Vulnerability Name CVE ID Product Affected Severity CVSS Score Fixed Version 
WSGI Header Parsing Regression Vulnerability CVE-2026-0865 Python Medium 6.5 Updated Python packages 
Email Header Injection Vulnerability CVE-2025-15366 Python Medium 5.9 Updated Python packages 
Improper Email Header Parsing Vulnerability CVE-2025-15367 Python Medium 5.9 Updated Python packages 

Technical Summary 

These vulnerabilities affect multiple Python versions distributed within Ubuntu systems. 

The original security update introduced patches intended to address email header parsing vulnerabilities. However, those fixes resulted in unintended behavioural regressions. 

The CVE-2026-0865 patch incorrectly rejected horizontal tab characters in WSGI headers, potentially causing web applications relying on Python frameworks to malfunction. 

Additionally, patches for CVE-2025-15366 and CVE-2025-15367 affected IMAP and POP3 email processing behavior, which allow upstream developers to avoid backporting those changes due to compatibility concerns. 

Ubuntu released updated packages to resolve these regressions while maintaining protection against the underlying vulnerabilities. 

CVE ID System Affected Vulnerability Details Impact 
CVE-2026-0865 Python (multiple Ubuntu packages) Incorrect rejection of horizontal tabs in WSGI headers after patch Web application compatibility issues 
CVE-2025-15366 Python email parsing library Improper parsing allowing email header injection Email spoofing or message manipulation 
CVE-2025-15367 Python email processing modules Improper validation of message headers Header manipulation in email processing 

Affected Packages 

The following Python packages are affected – 

python3.4  python3.5  python3.6  python3.7  python3.8 

python3.10  python3.12  python3.13  python3.14 

Remediation:  

Apply the latest Ubuntu security updates immediately- 

Fixed Package Versions 

Ubuntu Release Fixed Package Version 
Ubuntu 25.10 python3.13 – 3.13.7-1ubuntu0.4 / python3.14 – 3.14.0-1ubuntu0.3 
Ubuntu 24.04 LTS python3.12 – 3.12.3-1ubuntu0.12 
Ubuntu 22.04 LTS python3.10 – 3.10.12-1 22.04.15 
Ubuntu 20.04 LTS python3.8 – 3.8.10-0ubuntu1 20.04.18 
Ubuntu 18.04 LTS Updated ESM packages 
Ubuntu 16.04 LTS Updated ESM packages 
Ubuntu 14.04 LTS Updated ESM packages 

If immediate patching is not possible, apply the following temporary mitigations- 

  1. Restrict access to email-processing services where Python handles inbound messages. 
  1. Validate and sanitize email headers within application logic. 
  1. Monitor logs for abnormal IMAP/POP3 parsing errors. 
  1. Test Python-based web applications to detect WSGI header parsing issues. 

You can follow the recommendations below as a best practice- 

  • Maintain regular patch management for system packages. 
  • Monitor Python runtime libraries for security advisories. 
  • Implement secure email validation mechanisms within applications. 
  • Use application security testing tools to detect input-validation weaknesses. 
  • Monitor logs for abnormal email header patterns or parsing failures. 

Conclusion: 
The vulnerabilities addressed in USN-8018-2 highlight the risks associated with improper email header parsing and regression issues in widely used programming libraries such as Python. The primary concern, CVE-2026-0865, affects WSGI header handling and could disrupt web applications, while CVE-2025-15366 and CVE-2025-15367 relate to email header parsing weaknesses. 

Organizations using Python-based applications or email processing services should prioritize updating affected Ubuntu packages to ensure both security and application stability. 

References:  

Cybersecurity News Security Advisory

2 Cyber security Vulnerabilities Affecting Hikvision & Rockwell Automation-CVSS 9.8 Flaws

CISA emphasized the urgency of addressing these vulnerabilities

Continue Reading
Scroll to top