SysAdmin 24x7

ASP.NET Core Elevation of Privilege Vulnerability CVE-2026-40372 Security Vulnerability Released: Apr 21, 2026 Impact Elevation of Privilege Max Severity Important Executive Summary Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40372

Post Mortem: axios npm supply chain compromise Are you affected? Check your lockfile: grep -E "axios@(1\.14\.1|0\.30\.4)|plain-crypto-js" package-lock.json yarn.lock 2>/dev/null If anything comes back, treat that machine as compromised: Downgrade to axios@1.14.0 (or 0.30.3 for 0.x users) Delete node_modules/plain-crypto-js/ Rotate every secret, token, and credential on that machine Check your network logs for connections to sfrclak[.]com or 142.11.206.73 on port 8000 If this happened on a CI runner, rotate any secrets that were injected during the affected build If you were already pinned to a clean version and didn't run a fresh install between 00:21 and 03:15 UTC on March 31, you're fine. https://github.com/axios/axios/issues/10636

Supply Chain Compromise Impacts Axios Node Package Manager​ Release DateApril 20, 2026 The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this alert to provide guidance in response to the software supply chain compromise of the Axios node package manager (npm).1 Axios is an HTTP client for JavaScript that developers commonly use in Node.js and browser environments. On March 31, 2026, two npm packages for versions axios@1.14.1 and axios@0.30.4 of Axios npm injected the malicious dependency plain-crypto-js@4.2.1 that downloads multi-stage payloads from cyber threat actor infrastructure, including a remote access trojan. https://www.cisa.gov/news-events/alerts/2026/04/20/supply-chain-compromise-impacts-axios-node-package-manager

Drupal core - Critical - Cross-site scripting - SA-CORE-2026-001 Date: 2026-April-15 Security risk: Critical CVE IDs: CVE-2026-6365 Drupal core's jQuery integration for AJAX modal dialog boxes does not sufficiently sanitize certain options, which which can lead to a cross-site scripting (XSS) vulnerability. https://www.drupal.org/sa-core-2026-001

Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities Advisory ID: cisco-sa-ise-rce-traversal-8bYndVrZ First Published: 2026 April 15 16:00 GMT Version 1.0: Final Cisco Bug IDs: CSCws52717 CSCws52738 CVSS Score: Base 9.9 Vulnerable Products These vulnerabilities affect Cisco ISE and Cisco ISE-PIC, regardless of device configuration https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ

Cisco Identity Services Engine Remote Code Execution Vulnerabilities Advisory ID: cisco-sa-ise-rce-4fverepv First Published: 2026 April 15 16:00 GMT Version 1.0: Final Cisco Bug IDs: CSCwq21242 CSCwq22993 CVSS Score: Base 9.9 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverepv

Cisco Webex Services Certificate Validation Vulnerability Advisory ID: cisco-sa-webex-cui-cert-8jSZYhWL First Published: 2026 April 15 16:00 GMT Version 1.0: Final Cisco Bug IDs: CSCwt37111 CVSS Score: Base 9.8 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL

Múltiples vulnerabilidades en Identity Exposure de Tenable Fecha 15/04/2026 Importancia 5 - Crítica Recursos Afectados Tenable Identity Exposure, versión 3.77.16 y anteriores. Descripción Tenable ha publicado un aviso donde informa de 19 vulnerabilidades, 1 de severidad crítica, 10 altas, 6 medias y 3 bajas. En caso de ser explotadas podrían permitir la lectura de ficheros sensibles, entre otras acciones. Solución Actualizar el producto a la versión 3.77.17. https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-identity-exposure-de-tenable

Múltiples vulnerabilidades en FortiSandbox Fecha 15/04/2026 Importancia 5 - Crítica Recursos Afectados FortiSandbox 4.4, desde la versión 4.4.0 hasta la 4.4.8. Solo para la vulnerabilidad CVE-2026-39813 también se ve afectado: FortiSandbox 5.0, desde la versión 5.0.0 hasta la 5.0.5. Descripción Samuel de Lucas Maroto de KPMG Spain y Loic Pantano de Fortinet PSIRT han descubierto 2 vulnerabilidades de severidad crítica que, en caso de ser explotadas, podrían permitir a un atacante ejecutar comandos no autorizados o evitar la autenticación en el sistema. https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-fortisandbox

Múltiples vulnerabilidades en productos de Adobe Fecha 15/04/2026 Importancia 4 - Alta Recursos Afectados Acrobat DC, versiones 26.001.21411, 26.001.21367 y anteriores; Acrobat Reader DC, versiones 26.001.21411, 26.001.21367 y anteriores; Acrobat 2024, versión 24.001.30356 y anteriores: Acrobat 2024 Windows, versión 24.001.30362 y anteriores; Acrobat 2024 Mac, versión 24.001.30360 y versiones anteriores; Adobe InDesign, versiones ID21.2, ID20.5.2 y todas las anteriores; Adobe InCopy , versiones 21.2, 20.5.2 y anteriores; Adobe Experience Manager (AEM) Screens, versiones 6.5 Service Pack 24, Feature Pack 11.7 o anteriores; Adobe FrameMaker, actualización de lanzamiento 8 de 2022 y versiones anteriores; Adobe Connect, versión 12.10 y anteriores; Aplicación de escritorio Adobe Connect, versión 2025.3 y anteriores; ColdFusion 2025, actualización 6 y versiones anteriores; ColdFusion 2023, actualización 18 y versiones anteriores; Adobe Bridge, versiones 15.1.4 (LTS), 16.0.2 y anteriores; Photoshop 2026, versión 27.4 y anteriores; Adobe DNG Software Development Kit (SDK), SDK de DNG 1.7.1 compilación 2502 y versiones anteriores; Illustrator 2025, versión 29.8.5 y anteriores; Ilustrador 2026, versión 30.2 y versiones anteriores. https://www.incibe.es/empresas/avisos/multiples-vulnerabilidades-en-productos-de-adobe

Múltiples vulnerabilidades en Fusion Desktop de Autodesk Fecha 15/04/2026 Importancia 4 - Alta Recursos Afectados Autodesk Fusion Desktop en la versión 2606.0 y todas las anteriores. Descripción Abdul-lateef Yusuff Goke de Alpha Aquila y Karim Belfodil de qatada han reportado 3 vulnerabilidades de severidad alta que, en caso de explotarse, podrían facilitar a un atacante leer archivos locales o ejecutar código arbitrario. Solución Se recomienda encarecidamente instalar la versión 2702.1.47 o posterior para estar protegido ante estas vulnerabilidades. Para su instalación, consulte el enlace de las referencias. https://www.incibe.es/empresas/avisos/multiples-vulnerabilidades-en-fusion-desktop-de-autodesk

Microsoft - April 2026 Security Updates https://msrc.microsoft.com/update-guide/releaseNote/2026-Apr

SAP Security Patch Day - April 2026 https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2026.html

CVE-2026-34040 Detail Description Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1. https://nvd.nist.gov/vuln/detail/CVE-2026-34040 https://explore.alas.aws.amazon.com/CVE-2026-34040.html https://github.com/moby/moby/releases/tag/docker-v29.3.1

SAML SSO - Service Provider - Critical - Authentication bypass - SA-CONTRIB-2026-031 Project: SAML SSO - Service Provider Date: 2026-April-01 Security risk: Critical Vulnerability: Authentication bypass Affected versions: <3.1.4 CVE IDs: CVE-2026-5343 Description: This module enables you to perform SAML-protocol-based single-sign-on (SSO) on a Drupal site. The module doesn't sufficiently block access, leading to a authentication bypass vulnerability. Solution: Install the latest version: https://www.drupal.org/sa-contrib-2026-031

Product Release Advisory - VMware Tanzu for MySQL on Kubernetes 2.0.2 Advisory ID: TNZ-2026-0257 Severity: Critical Issue Date: 2026-04-02 Synopsis Many critical & high vulnerabilities were found in MySQL for Kubernetes 2.0.1, which is addressed in MySQL for Kubernetes 2.0.2 Product Version Release Advisory VMware Tanzu for MySQL on Kubernetes https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37340

DSA-6197-1 Name: DSA-6197-1 Description: dovecot - security update Source: Debian References: CVE-2025-59031, CVE-2025-59032, CVE-2026-27855, CVE-2026-27856, CVE-2026-27857, CVE-2026-27858, CVE-2026-27859 Vulnerable and fixed packages The table below lists information on source packages. Source Package Release Version Status dovecot (PTS) bookworm 1:2.3.19.1+dfsg1-2.1+deb12u1 vulnerable bookworm (security) 1:2.3.19.1+dfsg1-2.1+deb12u2 fixed trixie 1:2.4.1+dfsg1-6+deb13u3 vulnerable trixie (security) 1:2.4.1+dfsg1-6+deb13u4 fixed https://security-tracker.debian.org/tracker/DSA-6197-1

Cisco Integrated Management Controller Authentication Bypass Vulnerability Advisory ID: cisco-sa-cimc-auth-bypass-AgG2BxTn First Published: 2026 April 1 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCwq55648 CSCwq55659 CSCwq68912 CVE-2026-20093 CWE-20 CVSS Score: Base 9.8 Summary A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin. This vulnerability is due to incorrect handling of password change requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to bypass authentication, alter the passwords of any user on the system, including an Admin user, and gain access to the system as that user. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-bypass-AgG2BxTn

API authentication and authorization bypass IR Number FG-IR-26-099 Published Date Apr 4, 2026 Severity Critical Discovered External Attack Type Unauthenticated Known Exploited No CVSSv3 Score 9.1 Impact Escalation of privilege Version Affected Solution FortiClientEMS 7.4 7.4.5 through 7.4.6 Upgrade to upcoming 7.4.7 or above FortiClientEMS 7.2 Not affected Not Applicable https://fortiguard.fortinet.com/psirt/FG-IR-26-099

Cisco Secure Firewall Management Center Software Remote Code Execution Vulnerability Advisory ID: cisco-sa-fmc-rce-NKhnULJh First Published: 2026 March 4 16:00 GMT Last Updated: 2026 March 25 14:21 GMT Version 1.2: Final Workarounds: No workarounds available Cisco Bug IDs: CSCwt14636 CVSS Score: Base 10.0 CVE-2026-20131 Summary A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh