Security Advisories
-
2026-004: Critical Vulnerability in SharePoint Exploited
Wednesday, March 25, 2026 08:51:39 AM CETOn 17 March 2026, Microsoft updated one of its January 2026 security advisories related to a remote code execution vulnerability in Microsoft SharePoint. Specifically, Microsoft raised the CVSS score and changed the FAQ section to indicate that the vulnerability could be exploited by an unauthenticated attacker. This vulnerability was added in the CISA's Known Exploited Vulnerabilities (KEV) catalogue on 18 March 2026.
Additionally, three further RCE flaws affecting Microsoft SharePoint were addressed in the March 2026 release.
CERT-EU strongly recommends updating SharePoint servers as soon as possible, prioritising internet-facing assets. CERT-EU also encourages IT administrators to take necessary remediation actions.
-
2026-003: Multiple Vulnerabilities in Citrix NetScaler and Citrix ADC
Monday, March 23, 2026 07:03:59 PM CETOn 23 March 2026, Citrix published a security advisory addressing multiple vulnerabilities affecting NetScaler ADC and NetScaler Gateway. These vulnerabilities may lead to sensitive information disclosure and user session mix-up under specific configurations.
At the time of writing, there is no public evidence of active exploitation. It is strongly recommended updating affected gateways, prioritising internet-facing assets. It is also recommended to preserve evidence for further investigation.
-
2026-002: Multiple Vulnerabilities in Cisco Products
Thursday, February 26, 2026 07:38:52 PM CETOn 25 February 2026, Cisco released security advisories addressing multiple high and critical severity vulnerabilities in Cisco Catalyst SD-WAN controllers and Cisco SD-WAN Manager. If exploited, these vulnerabilities could allow attackers to gain administrative access to compromised systems.
It is recommended to capture forensic evidence, hunt for indicators of compromise, and apply updates as soon as possible.
One of the vulnerabilities, CVE-2026-20127, is exploited in the wild since 2023.
-
2026-001: Critical vulnerabilities in Ivanti EPMM
Friday, January 30, 2026 10:09:06 AM CETOn 29 January 2026, Ivanti released a security advisory addressing two critical vulnerabilities in their EPMM products. An attacker could exploit those flaws to achieve unauthenticated remote code execution on the vulnerable device. One of these vulnerabilities have been exploited in a limited number of cases.