Security Alerts: fast risk briefings for urgent vulnerabilities

Ubuntu has issued USN-8447-2 to deliver LXD updates for multiple embedded Go Cryptography vulnerabilities affecting SSH-related security controls and denial-of-service exposure.

Ubuntu has published USN-8450-1 addressing four Apache Tomcat vulnerabilities tied to denial of service, potential crashes, possible arbitrary code execution, credential exposure, and authorization bypass risks.

Cisco has addressed a medium-severity open redirect vulnerability in the browser-based Webex App that could have sent users to malicious webpages after clicking a crafted link.

Ubuntu has published USN-8361-3 for a Linux kernel vulnerability affecting the packet sockets subsystem. The notice says an attacker could possibly use the issue to compromise a system, making timely patch review and deployment important for defenders.

Cisco has disclosed a medium-severity server-side template injection vulnerability in Cisco Crosswork Network Controller that could let an authenticated remote attacker with template write permissions execute arbitrary commands in limited areas of the underlying operating system.

Cisco has patched a medium-severity privilege escalation vulnerability in Umbrella Virtual Appliance that could allow an authenticated local attacker with vmadmin access to gain root privileges.

Cisco has disclosed critical vulnerabilities in Identity Services Engine and ISE-PIC that could let a remote attacker execute code or access sensitive information. Fixes are available, and Cisco says there are no workarounds.

Ubuntu has published USN-8438-1 to address multiple OpenImageIO vulnerabilities that could lead to denial of service or possible arbitrary code execution when handling crafted image files.

Ubuntu has released USN-8433-1 to address multiple OpenStack Keystone vulnerabilities that could enable privilege escalation, authentication bypass, token abuse, and cross-project credential issues in affected deployments.

Cisco has disclosed a critical authentication bypass vulnerability in Catalyst SD-WAN controllers that could let a remote unauthenticated attacker gain high-privileged access and manipulate SD-WAN fabric configuration.

Cisco has disclosed a critical authentication bypass in Catalyst SD-WAN Controller components that could let a remote unauthenticated attacker gain high-privileged access and manipulate SD-WAN fabric configuration.

Ubuntu has released USN-8349-3 to fix regressions introduced by an earlier rsync security update. The notice also points administrators back to the underlying rsync flaws that can affect availability, access controls, and sensitive data exposure.

Cisco has released fixes for a medium-severity vulnerability in Cisco Catalyst SD-WAN Manager that could let an authenticated remote attacker create or overwrite files through the web UI upload process.

Palo Alto Networks has published CVE-2026-0249, a medium-severity certificate validation bypass issue affecting the GlobalProtect App. Security teams should review the advisory, verify affected deployments, and prioritize vendor guidance.

Palo Alto Networks has published CVE-2026-0250, a medium-severity buffer overflow vulnerability affecting the GlobalProtect App during connection to a Portal or Gateway. Organizations using GlobalProtect should review affected versions, assess exposure, and prioritize vendor-recommended remediation.

Ubuntu has issued USN-8423-1 for multiple lwIP vulnerabilities, including buffer overflow issues that could lead to denial of service, information disclosure, or possible arbitrary code execution in affected environments.

Ubuntu has released USN-8426-1 to address multiple Linux kernel (Azure) vulnerabilities, including flaws that could let a local attacker escalate privileges or possibly escape a container. Teams running Ubuntu workloads on Azure should prioritize patching and validation.

Ubuntu has issued USN-8420-1 for .NET vulnerabilities that can lead to unauthorized file tampering and denial of service. Teams running .NET on Ubuntu should review affected packages and apply vendor-provided updates.

Ubuntu has published USN-8422-1 for a Mistral vulnerability caused by improper access policy enforcement on some API endpoints, creating a risk of arbitrary code execution on workers and possible exposure of sensitive service credentials.

Palo Alto Networks has disclosed CVE-2026-0266, a low-severity stored cross-site scripting issue in the PAN-OS web interface. Security teams should review exposure, identify affected management workflows, and plan remediation based on the official advisory.

Palo Alto Networks has published a security advisory for CVE-2026-0270, a medium-severity path traversal vulnerability affecting Cortex XSOAR. Security teams should review the advisory, identify exposure, and prioritize remediation planning.

Ubuntu has published USN-8419-1 for an HTTP-Daemon vulnerability that could let a remote attacker execute arbitrary commands, overwrite files, or expose sensitive information under certain conditions.

Palo Alto Networks has published CVE-2026-0272, a medium-severity privilege escalation vulnerability affecting the PAN-OS command line interface. Security teams should review the advisory, identify affected systems, and plan remediation.

Node.js has published its June 17, 2026 security releases. Teams using Node.js in servers, web apps, CLI tools, or automation should review the advisory and plan timely updates.

Palo Alto Networks has disclosed CVE-2026-0273, a medium-severity authenticated admin command injection vulnerability in PAN-OS via the CLI or Web UI. Security teams should review exposure, limit administrative access, and prioritize vendor guidance.

Ubuntu has released USN-6455-2 to correct an Exim regression introduced by an earlier security fix on Ubuntu 22.04 LTS. The update resolves Taint mismatch errors affecting certain connections while preserving protections for prior Exim vulnerabilities.

Ubuntu has published USN-8414-2 to deliver OpenSSL fixes for Ubuntu 14.04, 16.04, 18.04, and 20.04 LTS, addressing vulnerabilities tied to denial of service, information disclosure, authentication bypass, and possible code execution.

Cisco has disclosed a high-severity authenticated privilege escalation vulnerability in Catalyst SD-WAN Controller, Manager, and Validator that can allow arbitrary command execution as root under specific conditions.

Ubuntu has published USN-8405-1 for multiple CUPS vulnerabilities that may lead to unauthorized access, file overwrite, denial of service, information disclosure, or possible arbitrary code execution depending on system configuration and exposure.

Ubuntu has published USN-8406-1 for Net::CIDR::Lite, addressing flaws that could allow IP-based access control bypasses on affected Ubuntu 16.04 LTS and 18.04 LTS systems.

Ubuntu has published USN-8408-1 for a Twig vulnerability caused by improper validation of PHP callables when a source policy is used. In affected environments, an authenticated user could potentially execute arbitrary code.

Ubuntu has issued USN-8401-1 for multiple Netty vulnerabilities that can enable request smuggling, header injection, Redis command injection, validation bypass, and denial-of-service conditions across supported LTS releases.

Ubuntu has released USN-8349-2 to correct multiple rsync regressions introduced by a prior security update. Teams relying on rsync should review affected systems and apply the corrected packages promptly.

Cisco has disclosed a high-severity privilege escalation flaw in Cisco Catalyst SD-WAN Manager that could let an authenticated local attacker with netadmin privileges execute commands as root. Organizations should preserve logs, collect admin-tech files, upgrade to fixed software, and verify edge device configurations.

Ubuntu has temporarily reverted a pip security patch on 22.04 LTS, 24.04 LTS, and 26.04 LTS after it caused a regression. The notice affects fixes tied to CVE-2025-66471 and is important for teams managing Python package workflows on Ubuntu.

Ubuntu has published USN-8344-1 for pip vulnerabilities affecting TLS certificate verification and bundled urllib3 decompression handling, with risks including machine-in-the-middle exposure and denial of service.

Ubuntu has issued USN-8338-2 to correct a regression introduced by the earlier Apache HTTP Server update. The fix restores mod_http2 loading on Ubuntu 18.04 LTS and is important for administrators validating recent Apache package updates.

Ubuntu has published USN-8341-1 for OpenJDK 26, addressing multiple vulnerabilities that could expose sensitive information, allow data modification, or trigger denial-of-service conditions in affected environments.

Mozilla has released Firefox for iOS 151.1 to fix a low-severity domain rendering issue that could make attacker-controlled links appear to come from trusted websites in preview surfaces.

Ubuntu refreshed CVE-2026-23407 on May 23, 2026 and describes another AppArmor bounds-check weakness, this time around DEFAULT table handling in verify_dfa. This alert explains why repeated parser issues deserve architectural attention, not just patching.

Ubuntu updated CVE-2026-23269 on May 23, 2026 after describing an AppArmor out-of-bounds read during policy unpacking. This alert focuses on why security-policy parsing flaws matter even when they look more internal than public-facing.

Ubuntu refreshed CVE-2026-23112 on May 23, 2026 and gives it a high priority because it can be used for a remote denial of service on nvmet-tcp exposing hosts. This alert explains why storage-adjacent kernel bugs deserve better visibility.

Ubuntu updated the CVE-2026-26740 record on May 23, 2026 and still lists maintained releases as vulnerable with fixes deferred. This alert explains why an unfixed library issue can still deserve attention even before a package update exists.

Debian published DSA-6295-1 on May 23, 2026 for the Linux kernel, grouping CVE-2026-23171, CVE-2026-43503, and CVE-2026-46300 into one stable update. This alert focuses on why kernel fleet review still matters even when the advisory is broad rather than flashy.

TeamViewer published bulletin TV-2026-1005 on May 22, 2026 for CVE-2026-8381, a broken access control issue in TeamViewer DEX Platform (On-Premises). Organizations using on-prem DEX should validate access boundaries quickly.

Google's May 22, 2026 ChromeOS LTS release fixes CVE-2026-4451, a high-severity Navigation validation issue. Input-validation flaws in browser logic still belong on the fast patch track.

Google fixed CVE-2026-4458 in the May 22, 2026 ChromeOS LTS release. Because many enterprises rely on managed extensions, this use-after-free in Extensions deserves prompt fleet remediation.

CVE-2026-4442 is one of the higher-priority ChromeOS LTS fixes from May 22, 2026. Because it is a heap buffer overflow in CSS, defenders should treat it as a meaningful browser attack-surface issue.

Google's May 22, 2026 ChromeOS LTS release fixes CVE-2026-3916, a high-severity out-of-bounds read in Web Speech. The component may be niche, but the patch priority should still track with enterprise browser hygiene.

Google fixed CVE-2026-6308 in the May 22, 2026 ChromeOS LTS release. Because it affects Media processing, organizations should patch ChromeOS devices used for web conferencing, training, and content playback without delay.

Google's May 22, 2026 ChromeOS LTS update fixes CVE-2026-4674, a high-severity out-of-bounds read in CSS. Security teams should not dismiss read-oriented browser issues just because they sound less dramatic than code execution.

CVE-2026-4449 is one of the high-severity fixes in Google's May 22, 2026 ChromeOS LTS release. Because it affects Blink, teams should treat it as a real browser-engine patching priority.

Google's May 22, 2026 ChromeOS LTS release fixes CVE-2026-6309, a high-severity use-after-free in Viz. Security teams should move quickly on fleets that handle untrusted web or media-heavy workflows.

Google's May 22, 2026 ChromeOS LTS release fixes CVE-2026-5289, a high-severity use-after-free in Navigation. Managed ChromeOS fleets should treat this as a fast patch item, not ordinary browser upkeep.

Red Hat guidance around sudo-related CVE-2025-32462 is a reminder that host-based trust assumptions can turn into escalation debt over time. This alert covers shared admin systems, validation steps, and privilege-boundary hygiene.

Red Hat's guidance for CVE-2025-11561 matters most in AD-connected and centrally managed Linux environments. This alert explains why identity-linked Linux privilege issues can become broader than a single host problem.

Exim CVE-2025-30232 may sound narrow, but exposed mail infrastructure deserves disciplined patching even when exploitation conditions look specific. This alert covers exposure review and post-fix validation.

The Exim 4.98.2 fixes for CVE-2026-40684 through CVE-2026-40687 matter because mail servers remain exposed, trusted, and business-critical. This alert explains why responders should patch and validate routing behavior quickly.

cPanel's 2025 Team Manager API advisory shows how local privilege escalation inside a hosting control environment can still become serious quickly. This alert covers delegated access, role review, and practical remediation.

cPanel's January 2026 update for CVE-2026-23918 highlighted risk inherited through EasyApache 4 and Apache HTTP/2. This alert explains why hosting teams should verify packages, restart paths, and customer-facing exposure carefully.

Cisco's 2025 IKEv2 advisories are a reminder that denial-of-service on edge devices can still become a serious security and business event. This alert covers availability risk, tunnel hubs, and validation after patching.

Cisco's 2025 WebVPN advisories matter because remote access portals sit directly on the edge. This alert covers exposed VPN paths, log retention, and the right post-fix validation for internet-facing firewalls.

Cisco warned that CVE-2025-20160 could affect the trust path for administrator authentication. This alert explains why AAA infrastructure should move fast and what to review beyond a simple version upgrade.

Cisco's April 2025 ISE bulletin grouped several severe flaws around a high-trust identity platform. This alert explains why exposed policy servers deserve fast patching, evidence preservation, and post-fix validation.

A practical security alert on Next.js CVE-2025-29927, the middleware authorization bypass that pushed teams to patch fast and rethink route protection in self-hosted deployments.

Apache Tomcat CVE-2025-24813 is not a universal internet doom bug, but the right combination of write-enabled default servlet behavior and upload paths can still turn it into a serious exposure.

Roundcube CVE-2025-49113 pushed webmail security back into focus, reminding defenders that internet-facing communication platforms remain high-value targets when patching slips.

Erlang/OTP CVE-2025-32433 showed how a flaw in the SSH application of a trusted runtime can ripple into telecom, messaging, and infrastructure-heavy environments.

Ivanti gateway advisories continue to matter because exposed access platforms collapse identity, remote work, and privileged entry points into one hard-to-defend edge.

FortiAP CVE-2025-53680 shows that even authenticated CLI issues matter when administrative pathways are broad, delegated, or poorly monitored across distributed environments.

FortiOS CVE-2025-24477 highlights how authenticated requests against internal daemons can still create serious risk when network administration is broad and branch infrastructure is trusted.

FortiWeb CVE-2025-64446 is the kind of alert defenders should not normalize, because security appliances lose strategic value quickly when they become their own attack surface.

Next.js CVE-2025-66478 turned React Server Components security into a production emergency for App Router deployments and reminded teams that framework internals can become direct business risk.

TeamCity CVE-2026-44413 reinforces a familiar CI/CD lesson: once an authenticated user can misuse build infrastructure, the boundary between normal access and serious exposure gets thin quickly.

cPanel says CVE-2026-29205 allowed arbitrary file reads through certain cpdavd endpoints and required an additional backported fix on May 14. This alert covers affected versions, emergency exposure controls, and verification steps.

Microsoft's May 14 update introduced Fragnesia, a new Dirty Frag variant tracked as CVE-2026-46300. This alert explains how it differs from the original chain, why esp/xfrm matters, and what defenders should prioritize now.

Red Hat says CVE-2026-46333 can let a low-privileged local user access sensitive root-owned files during Linux process teardown. This alert explains why it matters for SSH, containers, and OpenShift-backed environments.

Fortinet rates CVE-2026-26083 as critical and says the FortiSandbox web UI may allow unauthenticated attackers to execute unauthorized code or commands. This alert covers affected versions, upgrade priorities, and exposure reduction.

Cisco disclosed CVE-2026-20182 as a critical SD-WAN controller authentication bypass with limited exploitation already observed. This guide focuses on exposure, admin-tech collection, upgrade planning, and fabric-risk containment.

Microsoft's May 2026 Patch Tuesday had no zero-days, but it still included many critical vulnerabilities across identity, Office, Dynamics, Windows, and cloud-adjacent components.

Dirty Frag is a Linux kernel local privilege escalation chain affecting ESP and RxRPC code paths. This guide explains risk, exposure, mitigations, patch planning, and container-host priorities.

A practical breakdown of CVE-2026-0300, the actively attacked PAN-OS User-ID Authentication Portal flaw, including exposure conditions, mitigations, patch planning, and firewall hardening checks.

A professional breakdown of the latest cPanel security issues, including CVE-2026-41940 authentication bypass, active exploitation concerns, patched versions, IOC checks, and recent Exim CVEs.