Changeflow GovPing Data Privacy & Cybersecurity WebKitGTK Vulnerabilities Allow Code Execution,...
Priority review Notice Added Final

WebKitGTK Vulnerabilities Allow Code Execution, DoS, Info Disclosure

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published March 18th, 2026
Detected March 19th, 2026
Email

Summary

CERT-Bund has issued a security advisory (WID-SEC-2026-0782) regarding multiple vulnerabilities in WebKitGTK, a web browser engine used across various operating systems. The vulnerabilities, with a CVSS Base Score of 8.8, can allow remote attackers to execute arbitrary code, cause denial-of-service conditions, or disclose sensitive information.

View original document View source feed page

What changed

This advisory from CERT-Bund details critical vulnerabilities affecting open-source WebKitGTK versions prior to 2.44.0, 2.50.0, 2.50.2, 2.50.5, 2.50.6, and 2.52.0. The identified weaknesses, rated with a high CVSS Base Score of 8.8, enable remote, anonymous attackers to achieve code execution, trigger denial-of-service (DoS) states, or exfiltrate confidential information. The advisory notes that mitigation is available, and provides links to CVE information and version history.

Organizations utilizing WebKitGTK in their systems, particularly on UNIX-based operating systems or as part of other applications (like Safari on macOS/iOS), should prioritize updating to patched versions. Failure to do so could expose systems to significant security risks, including unauthorized code execution and data breaches. While no specific compliance deadline is stated, immediate patching is strongly recommended to mitigate these high-severity threats.

What to do next

  1. Update WebKitGTK to patched versions (>= 2.44.0, >= 2.50.0, etc.)
  2. Assess systems for potential exploitation of identified vulnerabilities
  3. Implement mitigation strategies as recommended by CERT-Bund

Source document (simplified)

[WID-SEC-2026-0782] WebKitGTK: Mehrere Schwachstellen CVSS Base Score 8.8 (hoch) CVSS Temporal Score 7.7 (hoch) Remoteangriff ja Datum 18.03.2026 Stand 19.03.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • Sonstiges
  • UNIX

Produktbeschreibung

WebKitGTK ist ein Webbrowser. Dieser nutzt die WebKit-Engine, die auch von Safari und vielen anderen Apps auf macOS, iOS und Linux verwendet wird.

Produkte

18.03.2026
- Open Source WebKitGTK <2.44.0

  • Open Source WebKitGTK <2.50.0

  • Open Source WebKitGTK <2.50.5

  • Open Source WebKitGTK <2.50.2

  • Open Source WebKitGTK <2.50.6

  • Open Source WebKitGTK <2.52.0

Angriff

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in WebKitGTK ausnutzen, um beliebigen Programmcode auszuführen, einen Denial-of-Service-Zustand auszulösen oder vertrauliche Informationen offenzulegen. CVE Informationen Versionshistorie Feedback zum Advisory geben

Named provisions

Betroffene Systeme Angriff

Related changes

Favicon for wid.cert-bund.de Xpdf Vulnerability Allows Denial of Service
Routine Mar 19, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Jenkins Vulnerabilities Allow Code Execution and Info Disclosure
Priority review Mar 19, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Dell Secure Connect Gateway Policy Manager Critical Vulnerabilities
Urgent Mar 19, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for www.cisa.gov CISA KEV: Cisco FMC Vulnerability Allows Root Java Code Execution (CVE-2026-20131)
Urgent Mar 20, 2026 CISA Known Exploited Vulnerabilities (KEV) Data Privacy & Cybersecurity
Favicon for www.ukri.org UKRI Funding for Secure Software Projects
Priority review Mar 20, 2026 UKRI Funding Opportunities (All Councils) Trade & Sanctions
Favicon for edpb.europa.eu EDPB-EDPS Joint Opinion on Cybersecurity Act 2 and NIS 2 Directive Amendments
Priority review Mar 20, 2026 EDPB Documents (GDPR) Data Privacy & Cybersecurity

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-Bund
Published
March 18th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
WID-SEC-2026-0782

Who this affects

Applies to
Technology companies
Industry sector
5112 Software & Technology
Activity scope
Software Vulnerability Management System Patching
Geographic scope
Germany DE

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Topics
Software Vulnerabilities Information Disclosure Denial of Service

Browse Categories

Agriculture & Food Safety 61 Banking & Finance 212 Consumer Protection 35 Courts & Legal 255 Data Privacy & Cybersecurity 59 Defense & National Security 48 Education 20 Energy 102 Environment 82 Government & Legislation 240 Healthcare 116 Housing 15 Immigration 8 Insurance 58 Labor & Employment 110 Pharma & Drug Safety 77 Securities & Markets 73 Tax 54 Telecom & Technology 34 Trade & Sanctions 122 Transportation 56

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Free. Unsubscribe anytime.