Cybersecurity

OPNsense Firewall Vulnerability Allows Remote Information Disclosure (CVSS 8.2)

CERT-Bund has issued a security advisory (WID-SEC-2026-1044) regarding a vulnerability in OPNsense, an open-source firewall distribution based on FreeBSD. The vulnerability, with a CVSS Base Score of 8.2 (high), allows remote, anonymous attackers to disclose sensitive information. Affected versions include OPNsense prior to version 26.1.6. A mitigation measure is available as of April 10, 2026.

Multiple Critical Vulnerabilities in MISP Threat Intelligence Platform

CERT-Bund issued security advisory WID-SEC-2026-1045 warning of multiple critical vulnerabilities in Open Source MISP (threat intelligence sharing platform) versions prior to 2.5.36. The vulnerabilities carry a CVSS Base Score of 9.6 (critical) and Temporal Score of 8.3 (high). Attackers can exploit these flaws to bypass security measures, conduct Cross-Site-Scripting attacks, and cause unspecified impacts via remote attack.

DHS Issues Statement on Criminal Alien Convicted of Assaulting High School Girls in Fairfax County

DHS issued a press release regarding the conviction of Israel Christopher Flores-Ortiz, an illegal alien from El Salvador, for nine counts of assault and battery committed at Fairfax County High School. The statement criticizes Virginia sanctuary policies and calls on Governor Spanberger not to release the defendant before sentencing on April 21.

Multiple IBM Product Vulnerabilities Allow Remote Code Execution

CERT-FR published advisory CERTFR-2026-AVI-0424 on April 10, 2026 disclosing multiple critical vulnerabilities in IBM products including QRadar AI Assistant, Sterling External Authentication Server, Sterling Secure Proxy, and WebSphere Application Server Liberty. Affected versions span QRadar AI Assistant prior to 1.4.0, Sterling products prior to 6.1.1.3 GA and 6.2.1.2 GA, and WebSphere Liberty 17.0.0.3 to 26.0.0.3 without APAR PH70510. The vulnerabilities expose systems to remote code execution, data confidentiality breaches, denial of service, and security policy bypass.

Red Hat Linux Kernel Multiple Vulnerabilities Alert

CERT-FR issued an advisory alerting organizations to multiple kernel vulnerabilities in Red Hat Linux affecting numerous products across multiple architectures (x86_64, aarch64, s390x, ppc64le). The vulnerabilities expose affected systems to data confidentiality breaches, security policy bypass, remote denial of service, arbitrary code execution, and privilege escalation risks. Organizations running Red Hat Enterprise Linux, CodeReady Linux Builder, and related products must patch immediately.

SUSE Linux Kernel Multiple Vulnerabilities Advisory

CERT-FR published advisory CERTFR-2026-AVI-0422 disclosing multiple vulnerabilities in the SUSE Linux kernel affecting openSUSE Leap, SUSE Linux Enterprise Server, and related product lines across versions 12 SP5 through 15 SP7. The vulnerabilities, sourced from 13 SUSE security bulletins, could allow an attacker to cause unspecified security impacts. Affected parties are advised to apply patches referenced in the vendor security bulletins.

Multiple Ubuntu Linux Kernel Vulnerabilities Allow Privilege Escalation

CERT-FR published advisory CERTFR-2026-AVI-0421 warning of multiple Linux kernel vulnerabilities affecting Ubuntu 16.04 ESM through 25.10. The vulnerabilities allow privilege escalation, data confidentiality breaches, data integrity breaches, and denial of service attacks. System administrators should apply patches referenced in 16 Ubuntu security notices (USN-8145-3 through USN-8165-1) covering CVE-2022-49465, CVE-2022-49635, CVE-2023-53041, CVE-2023-53421, CVE-2023-53520, and additional CVEs.

Multiple Vulnerabilities in Microsoft Azure Linux, 6 CVEs

ANSSI's CERT-FR issued an alert covering 6 CVEs in Microsoft Azure Linux components affecting azl3 kernel (versions prior to 6.6.130.1-1), azl3 libsoup (prior to 3.4.4-15), and azl3 xz (prior to 5.4.4-3). The vulnerabilities could allow an attacker to cause unspecified security issues. No specific risk severity was stated by the vendor. French organizations using Azure Linux are advised to apply vendor patches immediately via Microsoft Security Response Center.

Multiple Vulnerabilities in Mattermost Desktop App

CERT-FR published security advisory CERTFR-2026-AVI-0419 alerting to multiple vulnerabilities in Mattermost Desktop App affecting versions prior to 5.13.5.0. The vulnerabilities could allow an attacker to cause unspecified security issues. Organizations using Mattermost Desktop App should consult the vendor security bulletins and apply available patches.

Apache Tomcat Multiple Vulnerabilities

CERT-FR issued an advisory warning of multiple vulnerabilities in Apache Tomcat affecting versions 10.1.x prior to 10.1.54, 11.0.x prior to 11.0.21, and 9.0.x prior to 9.0.117. The vulnerabilities allow attackers to compromise data confidentiality, data integrity, and bypass security policies. Organizations running affected Tomcat deployments must apply available patches referenced in Apache security bulletins.