SysAdmin 24x7

SAP Security Patch Day - May 2026 https://support.sap.com/en/my-support/knowledge-base/security-notes-news/may-2026.html

Microsoft - May 2026 Security Updates https://msrc.microsoft.com/update-guide/releaseNote/2026-May

Product Release Advisory - VMware Tanzu GemFire Management Console 1.4.4 Advisory ID: TNZ-2026-0260 Severity: Critical Issue Date: 2026-05-05 Synopsis Updated Spring, Tomcat and other libraries along with latest Prometheus version in OCI image with latest Photon image VMware Tanzu Data Intelligence VMware Tanzu Data Services Pack VMware Tanzu Data Suite VMware Tanzu Gemfire https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37439

CVE-2026-0300 PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal CVSS-BT: 9.3 Description A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability. https://security.paloaltonetworks.com/CVE-2026-0300

CNA: Apache Software Foundation CVSS 9.8 Published: 2026-05-01 Updated: 2026-05-01 Title: Apache MINA: AbstractIoBuffer.resolveClass() null-clazz Branch Skips acceptMatchers Filter — Full Object Deserialization RCE (take 2) Description The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them (for static classes or primitive types) does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed. The fix checks if the class is present in the accepted class filter before calling Class.forName(). Affected versions are Apache MINA 2.1.0 <= 2.1.11, and 2.2.0 <= 2.2.6. The problem is resolved in Apache MINA 2.1.12, and 2.2.7 by applying the classname allowlist earlier. Affected are applications using Apache MINA that call IoBuffer.getObject(). Applications using Apache MINA are advised to upgrade. https://www.cve.org/CVERecord?id=CVE-2026-42779 https://lists.apache.org/thread/fhlx5k91hrkgyzh7yk1nghrn3k27gxy0

Pi-hole Local privilege escalation via config-controlled path in root-executed service hooks Package Pi-hole Core and FTL Affected versions >= v6.0 Patched versions Core >=v6.4.2 FTL >=v6.6.1 https://github.com/pi-hole/pi-hole/security/advisories/GHSA-6w8x-p785-6pm4

Security Advisory: Firmware Update Required — Gen 6, Gen 7, and Gen 8 Firewalls SonicWall has identified three vulnerabilities (CVEs) affecting Gen 6, Gen 7, and Gen 8 firewall platforms. These vulnerabilities require immediate firmware updates to maintain security posture. One CVE is rated High severity and two are rated medium severity. Applies To Gen 8 firewalls — patch available in firmware 8.2.0-8009 Gen 7 firewalls — patch available in firmware 7.3.2-7010 Gen 6 firewalls — patched firmware posted to MySonicWall on April 29, 2026 https://www.sonicwall.com/support/notices/security-advisory-firmware-update-required-gen-6-gen-7-and-gen-8-firewalls/kA1VN000001F03x0AC Advisory ID SNWLID-2026-0004 First Published 2026-04-29 Workaround true CVE CVE-2026-0204, CVE-2026-0205, CVE-2026-0206 CWE CWE-1390, CWE-35, CWE-121 CVSS v3 8.0 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0004

High Vulnerability in the Linux Kernel ("Copy Fail") Temporary Mitigation Disable the algif_aead kernel module persistently on all affected systems until a patched kernel is available: echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf rmmod algif_aead 2>/dev/null || true This workaround does not affect dm-crypt/LUKS, kTLS, IPsec/XFRM, OpenSSL, GnuTLS, NSS, or SSH. It may affect applications explicitly configured to use the afalg engine or that bind aead/skcipher/hash sockets directly. Exposure can be assessed with lsof | grep AF_ALG.

CVE-2026-31431 Base Score: 7.8 Description In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly. https://nvd.nist.gov/vuln/detail/CVE-2026-31431

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single "git push" command. The flaw, tracked as CVE-2026-3854 (CVSS score: 8.7), is a case of command injection that could allow an attacker with push access to a repository to achieve remote code execution on the instance. https://thehackernews.com/2026/04/researchers-discover-critical-github.html

Contaminación de prototipos en n8n Fecha 30/04/2026 Importancia 5 - Crítica Recursos Afectados Las siguientes versiones de n8n: 2.18.0; Desde la 2.17.0 hasta la 2.17.3; Menores a la 1.123.32. Descripción a-tallat y simonkoeck han descubierto 2 vulnerabilidades de severidad crítica que, en caso de ser explotadas, podrían permitir la ejecución de código en remoto. Solución Actualizar el producto a las siguientes versiones respectivamente: 2.18.1; 2.17.4; 1.123.32. En caso de que no se sea posible instalar la actualización inmediatamente, se pueden aplicar, de forma temporal, las siguientes contramedidas: Limitar los permisos de creación y edición de flujos de trabajo ( workflows) a solo usuarios en los que se confíe plenamente. Deshabilitar el nodo XML añadiendo "n8n-nodes-base.xml" a la variable de entorno "NODES_EXCLUDE". https://www.incibe.es/incibe-cert/alerta-temprana/avisos/contaminacion-de-prototipos-en-n8n

Omisión de autenticación en cPanel Fecha 30/04/2026 Importancia 5 - Crítica Recursos Afectados La vulnerabilidad afecta a todas las versiones posteriores a a la 11.40. Descripción cPanel ha publicado una vulnerabilidad de severidad crítica que en caso de ser explotada podría permitir a un atacante omitir la autenticación en el software. Solución cPanel ha publicado un parche para las siguientes versiones de cPanel y WHM: 11.86.0.41; 11.110.0.97; 11.118.0.63; 11.126.0.54; 11.130.0.19; 11.132.0.29; 11.136.0.5; 11.134.0.20. Para WP Squared se ha publicado la versión 136.1.7. Se recomienda seguir las pautas del aviso oficial en lazado en referencias para actualizar a la versión correspondiente. https://www.incibe.es/incibe-cert/alerta-temprana/avisos/omision-de-autenticacion-en-cpanel

VMware Tanzu Greenplum Platform Extension Framework 8.0.0 Advisory ID: TNZ-2026-0259 Severity: Critical Issue Date: 2026-04-24 CVSS Base Score 9.8 Synopsis Fixed 105 CVEs related to Spring Framework/Boot dependencies, Tomcat dependencies, Hadoop and Hive dependencies, Parquet and ORC dependencies, Golang dependencies, PostgreSQL JDBC Driver dependencies, AWS SDK for Java dependencies and some other dependencies. VMware Tanzu Data Intelligence VMware Tanzu Data Suite VMware Tanzu Greenplum https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37405

VMware Tanzu Data Lake 4.0.0 Advisory ID: TNZ-2026-0258 Severity: Critical Issue Date: 2026-04-24 CVSS Base Score 10.0 Synopsys Resolution of multiple vulnerabilities across critical, high, medium, and low severity levels in the controller and runtime bundles. VMware Tanzu Data Intelligence VMware Tanzu Data Services VMware Tanzu Data Services Solutions VMware Tanzu Data Suite https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37404

UNC6692 Impersonates IT Help Desk via Microsoft Teams to Deploy SNOW Malware A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts. https://thehackernews.com/2026/04/unc6692-impersonates-it-helpdesk-via.html

CVE-2026-40970: Elasticsearch auto-configuration with an SSL bundle disables TLS hostname verification MEDIUM | APRIL 23, 2026 | CVE-2026-40970 Description When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearch server. Affected Spring Products and Versions Spring Boot: 4.0.0 - 4.0.5 Mitigation Users of affected versions should upgrade to the corresponding fixed version. https://spring.io/security/cve-2026-40970

About the security content of iOS 26.4.2 and iPadOS 26.4.2 This document describes the security content of iOS 26.4.2 and iPadOS 26.4.2. Released April 22, 2026 https://support.apple.com/en-us/127002

Oracle Critical Patch Update Advisory - April 2026 https://www.oracle.com/security-alerts/cpuapr2026.html

ASP.NET Core Elevation of Privilege Vulnerability CVE-2026-40372 Security Vulnerability Released: Apr 21, 2026 Impact Elevation of Privilege Max Severity Important Executive Summary Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40372