Changeflow GovPing Data Privacy & Cybersecurity Multiples vulnérabilités dans les produits Micr...
Priority review Notice Added Final

Multiples vulnérabilités dans les produits Microsoft

Favicon for www.cert.ssi.gouv.fr CERT-FR Security Advisories
Published April 1st, 2026
Detected April 1st, 2026
Email

Summary

CERT-FR issued advisory CERTFR-2026-AVI-0386 notifying of 14 Microsoft vulnerabilities affecting multiple software packages including bind, flannel, libssh, ocaml, telegraf, trident, nodejs18, and systemd-bootstrap. French organizations are advised to consult Microsoft's security bulletins and apply available patches. The vulnerabilities could allow attackers to cause unspecified security issues.

View original document View source feed page

What changed

CERT-FR published advisory CERTFR-2026-AVI-0386 on April 1, 2026, documenting 14 Microsoft CVEs (CVE-2026-33055 through CVE-2026-34353) discovered between March 25-31, 2026. The affected systems include various open-source packages used in enterprise environments such as bind 9.20.18-1, flannel 0.24.2-26, libssh 0.10.6-6, ocaml, telegraf, trident, nodejs18, and systemd-bootstrap in versions prior to patched releases. The risk level is unspecified by Microsoft.

Organizations using affected Microsoft products or Azure Linux (azl3) and CBL-Mariner (cbl2) distributions should immediately review the referenced Microsoft Security Response Center bulletins to identify which vulnerabilities apply to their infrastructure. Security teams should prioritize obtaining and deploying vendor-provided patches from the MSRC update guide URLs listed in the advisory. No specific compliance deadline is provided; however, given the active exploitation risk implied by the advisory, immediate patching is recommended.

What to do next

  1. Review the 14 Microsoft CVEs referenced in CERTFR-2026-AVI-0386 against your organization's Microsoft product inventory
  2. Access Microsoft's Security Response Center bulletins at msrc.microsoft.com/update-guide for patch information
  3. Apply vendor patches to affected systems running bind, flannel, libssh, ocaml, telegraf, trident, nodejs18, or systemd-bootstrap

Source document (simplified)

Premier Ministre S.G.D.S.N

Agence nationale
de la sécurité des
systèmes d'information

Paris, le 01 avril 2026 N° CERTFR-2026-AVI-0386 Affaire suivie par: CERT-FR

Avis du CERT-FR

Objet: Multiples vulnérabilités dans les produits Microsoft

Gestion du document

| Référence | CERTFR-2026-AVI-0386 |
| Titre | Multiples vulnérabilités dans les produits Microsoft |
| Date de la première version | 01 avril 2026 |
| Date de la dernière version | 01 avril 2026 |
| Source(s) | Bulletin de sécurité Microsoft CVE-2026-33055 du 25 mars 2026
Bulletin de sécurité Microsoft CVE-2026-33056 du 25 mars 2026
Bulletin de sécurité Microsoft CVE-2026-29111 du 26 mars 2026
Bulletin de sécurité Microsoft CVE-2026-1519 du 29 mars 2026
Bulletin de sécurité Microsoft CVE-2026-3104 du 29 mars 2026
Bulletin de sécurité Microsoft CVE-2026-3119 du 29 mars 2026
Bulletin de sécurité Microsoft CVE-2026-32241 du 29 mars 2026
Bulletin de sécurité Microsoft CVE-2026-3591 du 29 mars 2026
Bulletin de sécurité Microsoft CVE-2026-0964 du 31 mars 2026
Bulletin de sécurité Microsoft CVE-2026-0965 du 31 mars 2026
Bulletin de sécurité Microsoft CVE-2026-0966 du 31 mars 2026
Bulletin de sécurité Microsoft CVE-2026-0967 du 31 mars 2026
Bulletin de sécurité Microsoft CVE-2026-33542 du 31 mars 2026
Bulletin de sécurité Microsoft CVE-2026-33750 du 31 mars 2026
Bulletin de sécurité Microsoft CVE-2026-34353 du 31 mars 2026 |
Une gestion de version détaillée se trouve à la fin de ce document.

Risque

  • Non spécifié par l'éditeur

Systèmes affectés

  • azl3 bind 9.20.18-1 versions antérieures à 9.20.21-1
  • azl3 flannel 0.24.2-26 versions antérieures à 0.24.2-26
  • azl3 libssh 0.10.6-6 versions antérieures à 0.10.6-6
  • azl3 ocaml 5.1.1-2 versions antérieures à 5.1.1-2
  • azl3 telegraf 1.31.0-17 versions antérieures à 1.31.0-17
  • azl3 trident 0.21.0-1 versions antérieures à 0.22.0-1
  • cbl2 nodejs18 18.20.3-12 versions antérieures à 18.20.3-12
  • cbl2 ocaml 4.13.1-3 versions antérieures à 4.13.1-3
  • cbl2 systemd-bootstrap 250.3-14 versions antérieures à 250.3-14
  • cbl2 telegraf 1.29.4-22 versions antérieures à 1.29.4-22

Résumé

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Documentation

Gestion détaillée du document

  1. le 01 avril 2026 Version initiale

Named provisions

Systèmes affectés Risque Résumé Solutions Documentation

Related changes

Favicon for www.cert.ssi.gouv.fr Joomla! Multiple Vulnerabilities - SQL Injection and XSS
Priority review Apr 01, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Chrome Vulnerabilities - Actively Exploited CVE-2026-5281
Urgent Apr 01, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Multiple Vulnerabilities in SonicWall Email Security
Priority review Apr 01, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cisa.gov CVE-2026-5281 Google Dawn Use-After-Free Added to KEV Catalog
Priority review Apr 01, 2026 CISA ICS-CERT Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Critical CVSS 9.8 Vulnerabilities in Red Hat Ansible Allow Remote Code Execution
Urgent Apr 01, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Joomla CMS Critical Vulnerabilities CVSS 9.8
Urgent Apr 01, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity

Source

Favicon for www.cert.ssi.gouv.fr
CERT-FR Security Advisories cert.ssi.gouv.fr/avis
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-FR
Published
April 1st, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Minor
Document ID
CERTFR-2026-AVI-0386

Who this affects

Applies to
Technology companies Government agencies Public companies
Industry sector
5112 Software & Technology 9211 Government & Public Administration
Activity scope
Vulnerability Management Patch Management Systems Administration
Geographic scope
France FR

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF NIST 800-53
Topics
Technology Government

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 266 Consumer & Competition 1 Consumer Protection 44 Courts & Legal 360 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 20 Energy 107 Environment 85 Government & Legislation 316 Healthcare 136 Housing 16 Immigration 9 Insurance 58 Labor & Employment 113 Legal & Courts 1 Pharma & Drug Safety 103 Securities & Markets 104 Tax 65 Tax & Revenue 1 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-FR Security Advisories publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.