Security Advisories
-
2026-005: High Vulnerability in the Linux Kernel ("Copy Fail")
Thursday, April 30, 2026 11:25:30 AM CESTOn 29 April 2026, a high local privilege escalation vulnerability in the Linux kernel, tracked as CVE-2026-31431 and named "Copy Fail", was publicly disclosed.
The vulnerability affects every mainstream Linux distributions shipping a kernel built since 2017. A public proof-of-concept exploit has been released.
As of the date of this advisory, no distribution has shipped a fixed kernel package. The mainline fix was committed on 1 April 2026, but vendor updates are still pending across all major distributions. CERT-EU strongly recommends applying the interim mitigation immediately, prioritising Kubernetes nodes, and CI/CD runners exposed to untrusted workloads.
-
2026-004: Critical Vulnerability in SharePoint Exploited
Wednesday, March 25, 2026 08:51:39 AM CETOn 17 March 2026, Microsoft updated one of its January 2026 security advisories related to a remote code execution vulnerability in Microsoft SharePoint. Specifically, Microsoft raised the CVSS score and changed the FAQ section to indicate that the vulnerability could be exploited by an unauthenticated attacker. This vulnerability was added in the CISA's Known Exploited Vulnerabilities (KEV) catalogue on 18 March 2026.
Additionally, three further RCE flaws affecting Microsoft SharePoint were addressed in the March 2026 release.
CERT-EU strongly recommends updating SharePoint servers as soon as possible, prioritising internet-facing assets. CERT-EU also encourages IT administrators to take necessary remediation actions.
-
2026-003: Multiple Vulnerabilities in Citrix NetScaler and Citrix ADC
Monday, March 23, 2026 07:03:59 PM CETOn 23 March 2026, Citrix published a security advisory addressing multiple vulnerabilities affecting NetScaler ADC and NetScaler Gateway. These vulnerabilities may lead to sensitive information disclosure and user session mix-up under specific configurations.
At the time of writing, there is no public evidence of active exploitation. It is strongly recommended updating affected gateways, prioritising internet-facing assets. It is also recommended to preserve evidence for further investigation.
-
2026-002: Multiple Vulnerabilities in Cisco Products
Thursday, February 26, 2026 07:38:52 PM CETOn 25 February 2026, Cisco released security advisories addressing multiple high and critical severity vulnerabilities in Cisco Catalyst SD-WAN controllers and Cisco SD-WAN Manager. If exploited, these vulnerabilities could allow attackers to gain administrative access to compromised systems.
It is recommended to capture forensic evidence, hunt for indicators of compromise, and apply updates as soon as possible.
One of the vulnerabilities, CVE-2026-20127, is exploited in the wild since 2023.
-
2026-001: Critical vulnerabilities in Ivanti EPMM
Friday, January 30, 2026 10:09:06 AM CETOn 29 January 2026, Ivanti released a security advisory addressing two critical vulnerabilities in their EPMM products. An attacker could exploit those flaws to achieve unauthenticated remote code execution on the vulnerable device. One of these vulnerabilities have been exploited in a limited number of cases.