https://cert.europa.eu/publications/security-advisories/ RSS feed for the latest 10 publications of type Security Advisories. 1440 en-gb https://cert.europa.eu/publications/security-advisories/2026-004/ On 17 March 2026, Microsoft updated one of its January 2026 security advisories related to a remote code execution vulnerability in Microsoft SharePoint. Specifically, Microsoft raised the CVSS score and changed the FAQ section to indicate that the vulnerability could be exploited by an unauthenticated attacker. This vulnerability was added in the CISA's Known Exploited Vulnerabilities (KEV) catalogue on 18 March 2026.<br> Additionally, three further RCE flaws affecting Microsoft SharePoint were addressed in the March 2026 release.<br> CERT-EU strongly recommends updating SharePoint servers as soon as possible, prioritising internet-facing assets. CERT-EU also encourages IT administrators to take necessary remediation actions.<br> Wed, 25 Mar 2026 08:51:39 CET security-advisories-10941 https://cert.europa.eu/publications/security-advisories/2026-003/ On 23 March 2026, Citrix published a security advisory addressing multiple vulnerabilities affecting NetScaler ADC and NetScaler Gateway. These vulnerabilities may lead to sensitive information disclosure and user session mix-up under specific configurations.<br> At the time of writing, there is no public evidence of active exploitation. It is strongly recommended updating affected gateways, prioritising internet-facing assets. It is also recommended to preserve evidence for further investigation.<br> Mon, 23 Mar 2026 19:03:59 CET security-advisories-10940 https://cert.europa.eu/publications/security-advisories/2026-002/ On 25 February 2026, Cisco released security advisories addressing multiple high and critical severity vulnerabilities in Cisco Catalyst SD-WAN controllers and Cisco SD-WAN Manager. If exploited, these vulnerabilities could allow attackers to gain administrative access to compromised systems. <br> It is recommended to capture forensic evidence, hunt for indicators of compromise, and apply updates as soon as possible.<br> One of the vulnerabilities, CVE-2026-20127, is exploited in the wild since 2023.<br> Thu, 26 Feb 2026 19:38:52 CET security-advisories-10939 https://cert.europa.eu/publications/security-advisories/2026-001/ On 29 January 2026, Ivanti released a security advisory addressing two critical vulnerabilities in their EPMM products. An attacker could exploit those flaws to achieve unauthenticated remote code execution on the vulnerable device. One of these vulnerabilities have been exploited in a limited number of cases.<br> Fri, 30 Jan 2026 10:09:06 CET security-advisories-10938 https://cert.europa.eu/publications/security-advisories/2025-042/ On December 17, 2025, Cisco released a security advisory for a critical vulnerability affecting Cisco Secure Email Gateway and Cisco Secure Email and Web Manager products. <br> It is recommended to follow Cisco's recommendations to check whether vulnerable appliances have been compromised, and to remediate the issue. There is no patch available for this vulnerability yet.<br> Thu, 18 Dec 2025 10:08:41 CET security-advisories-10937 https://cert.europa.eu/publications/security-advisories/2025-041/ On December 3, 2025, the React Team publicly disclosed a critical security vulnerability affecting React Server Components (RSC) and related packages. The vulnerability allows for unauthenticated remote code execution (RCE) via maliciously crafted HTTP requests.<br> It is recommended to update all affected component packages and any frameworks that integrate them.<br> Thu, 04 Dec 2025 14:50:51 CET security-advisories-10936 https://cert.europa.eu/publications/security-advisories/2025-040/ On October 23, 2025, Microsoft released an out-of-band update to address a critical vulnerability in Windows Server Update Service (WSUS). This vulnerability could allow a remote unauthenticated attacker to execute code on the targeted systems. A proof-of-concept is publicly available for this vulnerability.<br> It is recommended to update as soon as possible.<br> Fri, 24 Oct 2025 18:42:26 CEST security-advisories-10935 https://cert.europa.eu/publications/security-advisories/2025-039/ On October 14, 2025, Fortinet released a security advisory addressing a high severity vulnerability in its FortiOS product.<br> It is recommended updating affected products.<br> Wed, 15 Oct 2025 20:41:33 CEST security-advisories-10934 https://cert.europa.eu/publications/security-advisories/2025-038/ On October 14, 2025, Veeam released a security advisory addressing multiple vulnerabilities including 2 critical in its Veeam Backup product.<br> CERT-EU recommends updating affected software as soon as possible and following Veeam implementation best practices.<br> Wed, 15 Oct 2025 20:40:44 CEST security-advisories-10933 https://cert.europa.eu/publications/security-advisories/2025-037/ On October 15, 2025, F5 disclosed that a sophisticated nation-state actor breached its systems and maintained long-term persistent access into F5's infrastructure. This included access to BIG-IP product development source code and to information related to security vulnerabilities that had not yet been disclosed nor patched. F5 released patches on the same day to address the vulnerabilities.<br> There is currently no known exploitation of these vulnerabilities. CERT-EU strongly recommends to patch affected F5 products as soon as possible.<br> Wed, 15 Oct 2025 19:01:03 CEST security-advisories-10932