Cybersecurity

OpenClaw Multiple Critical Vulnerabilities Allow Remote Code Execution

CERT-Bund issued security advisory WID-SEC-2026-1065 alerting to multiple critical vulnerabilities in OpenClaw, a personal AI assistant for local devices. The flaws carry a CVSS Base Score of 8.8 (high) and enable remote attackers to gain administrator privileges, execute arbitrary code, bypass security controls, and disclose or manipulate data. The affected version is Open Source OpenClaw prior to version 2026.3.25. Users are advised to apply available mitigations and update to the patched release.

Red Hat OpenShift AI Vulnerability Enables Information Disclosure and Privilege Escalation

CERT-Bund issued a security advisory regarding a vulnerability in Red Hat OpenShift AI (affecting versions 2.16.4, 2.25.4, 3.3.1, and 3.2). The vulnerability, with a CVSS Base Score of 8.5 (high) and Temporal Score of 7.4 (high), allows a remote, authenticated attacker to exploit the flaw to disclose confidential information and potentially escalate privileges. Mitigation measures are available.

Critical Remote Code Execution Vulnerability in Red Hat Enterprise Linux Cockpit

CERT-Bund, operating under the German Federal Office for Information Security (BSI), issued a critical security advisory regarding a remote code execution vulnerability in Red Hat Enterprise Linux Cockpit. The vulnerability carries a CVSS Base Score of 9.8 (critical) and a Temporal Score of 8.5 (high). Affected versions include Red Hat Enterprise Linux 9.6 and Red Hat Enterprise Linux 10. Organizations using these systems should apply available mitigations immediately.

Red Hat Enterprise Linux Multiple Vulnerabilities, Remote Attack

Red Hat Enterprise Linux Multiple Vulnerabilities, Remote Attack

CISA Adds Seven Known Exploited Vulnerabilities to Catalog

CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation. The CVEs affect Microsoft, Adobe, and Fortinet products. Binding Operational Directive 22-01 requires Federal Civilian Executive Branch agencies to remediate these vulnerabilities by specified due dates. CISA strongly urges all organizations to prioritize timely remediation of these vulnerabilities as part of their vulnerability management practice.

ICE Requests Missouri Not Release Illegal Alien Accused of Rape and Kidnapping

U.S. Immigration and Customs Enforcement (ICE) announced the arrest of Cristian Lopez-Gomez, a Honduran illegal alien, in connection with charges of rape and kidnapping of a woman in Kirksville, Missouri on Easter Sunday. Lopez-Gomez allegedly entered the United States illegally in 2024 and was released into American communities by the prior administration. ICE has formally requested Missouri authorities not release him while he faces criminal prosecution.

Critical Adobe Acrobat Vulnerability CVE-2026-34621 Actively Exploited

CERT-FR issued advisory CERTFR-2026-AVI-0429 warning of a critical vulnerability in Adobe Acrobat (CVE-2026-34621) that allows arbitrary code execution. The vulnerability affects Acrobat 2024, Acrobat DC, and Acrobat Reader DC on Windows and macOS. Adobe has confirmed the vulnerability is being actively exploited in the wild. Users are advised to apply vendor patches immediately.

Multiples vulnérabilités dans les produits Microsoft - 13 CVE

CERT-FR issued advisory CERTFR-2026-AVI-0428 notifying of 13 vulnerabilities (CVE-2026-35385, CVE-2026-35386, CVE-2026-35388, CVE-2026-35535, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-31789, CVE-2026-31790, CVE-2026-39881, CVE-2026-40024, CVE-2026-40025, CVE-2026-40026) affecting Microsoft products. Affected systems include azl3 openssh, openssl, sleuthkit, sudo, and vim packages. Risk level not specified by the vendor.

Multiple Microsoft Edge Security Vulnerabilities Affecting Bypass and Remote Code Execution

ANSSI/CERT-FR published advisory CERTFR-2026-AVI-0427 warning of 86+ vulnerabilities in Microsoft Edge (CVE-2026-33118 through CVE-2026-5905 and beyond). Source bulletins were released by Microsoft on April 10, 2026. Vulnerabilities include security bypass and remote code execution risks affecting all organizations and users of Microsoft Edge browser.

Multiple Security Vulnerabilities in Python Allow Security Bypass

CERT-FR issued advisory CERTFR-2026-AVI-0426 on April 13, 2026, alerting that multiple vulnerabilities were discovered in Python (CPython). These vulnerabilities allow attackers to cause security policy bypass and unspecified security issues. Affected systems are CPython installations without the latest security patches. Two CVEs are referenced: CVE-2026-1502 and CVE-2026-3446.