Changeflow GovPing Data Privacy & Cybersecurity April 6, 2026
← April 5
All Data Privacy & Cybersecurity updates →
April 7 →
CSA Alerts & Advisories (Singapore)
Favicon for www.csa.gov.sg

Critical Vulnerabilities in Cisco Products

CSA Singapore issued an alert about critical CVSS 9.8 vulnerabilities in Cisco products affecting IMC and SSM On-Prem systems. CVE-2026-20093 allows authentication bypass enabling password alteration, while CVE-2026-20160 permits remote root command execution. Organizations using affected Cisco products must update immediately.

Urgent Notice Cybersecurity
CSA Alerts & Advisories (Singapore)
Favicon for www.csa.gov.sg

F5 BIG-IP Critical Vulnerability Actively Exploited

The Cyber Security Agency of Singapore issued an urgent advisory warning of active exploitation of a critical vulnerability (CVE-2025-53521) in F5 BIG-IP Access Policy Manager with a CVSS v3.1 score of 9.8 out of 10. The vulnerability allows unauthenticated remote code execution and full system compromise. Affected versions include BIG-IP APM 17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, and 15.1.0-15.1.10.

Urgent Notice Cybersecurity
CSA Alerts & Advisories (Singapore)
Favicon for www.csa.gov.sg

FortiClient EMS Critical Vulnerability Active Exploitation Hotfix Urged

The Cyber Security Agency of Singapore issued an urgent alert about CVE-2026-35616, a critical improper access control vulnerability in FortiClient EMS versions 7.4.5 through 7.4.6. The vulnerability is being actively exploited in the wild and allows unauthenticated attackers to execute unauthorized code, potentially compromising the entire server. Fortinet has released a hotfix that users must install immediately.

Urgent Notice Cybersecurity
CISA ICS-CERT Advisories
Favicon for www.cisa.gov

Fortinet FortiClient EMS Improper Access Control Vulnerability Added to KEV Catalog

CISA added CVE-2026-35616 (Fortinet FortiClient EMS Improper Access Control) to the Known Exploited Vulnerabilities Catalog based on evidence of active exploitation. The vulnerability poses significant risk as a frequent attack vector for malicious cyber actors. FCEB agencies face binding remediation requirements under BOD 22-01, while CISA urges all organizations to prioritize timely remediation as part of their vulnerability management practice.

Urgent Notice Cybersecurity
CISA Cybersecurity Advisories
Favicon for www.cisa.gov

Fortinet FortiClientEMS Improper Access Control Vulnerability

CISA published a critical cybersecurity advisory for CVE-2026-35616, an improper access control vulnerability in Fortinet FortiClientEMS versions 7.4.5 through 7.4.6. The vulnerability carries a CVSS score of 9.1 and is being actively exploited, allowing unauthenticated attackers to execute unauthorized code or commands via crafted requests. CISA has marked this vulnerability in its SSVC and KEV catalogs with active exploitation and total technical impact.

Urgent Guidance Cybersecurity
CSA Alerts & Advisories (Singapore)
Favicon for www.csa.gov.sg

Advisory protecting websites from cyber-attacks

Advisory protecting websites from cyber-attacks

Routine Notice