Cybersecurity

Spring Cloud Gateway Vulnerability CVE-2026-22750

CERT-FR issued advisory CERTFR-2026-AVI-0417 regarding CVE-2026-22750, a vulnerability in Spring Cloud Gateway affecting versions 4.2.x prior to 4.2.1. The flaw permits an attacker to exploit an unspecified security issue. French organizations using affected versions should consult the Spring security bulletin for available patches.

Juniper Privilege Escalation Vulnerability in Junos OS

CERT-FR issued a security advisory alerting that Juniper Networks Junos OS and Junos OS Evolved contain a privilege escalation vulnerability (CVE-2026-33793). An attacker with local low-privileged access can exploit unsigned Python op-script configurations to compromise the system. Multiple versions of Junos OS and Junos OS Evolved across branches 22.4 through 25.2 are affected. Patches have been released by Juniper Networks.

Multiple Vulnerabilities in Tenable Security Center Allow Remote Code Execution

CERT-FR published advisory CERTFR-2026-AVI-0415 disclosing four critical vulnerabilities (CVE-2026-2003 through CVE-2026-2006) in Tenable Security Center versions 6.5.1 through 6.8.0. The vulnerabilities allow remote code execution and data confidentiality breaches without requiring authentication. Affected organizations must apply patch SC202604.1 from Tenable security bulletin tns-2026-10.

Security Flaw in Dell EMC Isilon, CVSS 8.8

Security Flaw in Dell EMC Isilon, CVSS 8.8

Adobe Acrobat Reader Remote Code Execution Vulnerability CVE-2026-1047

CERT-Bund issued a critical security advisory for Adobe Acrobat Reader vulnerability CVE-2026-1047 with CVSS Base Score of 9.6. The flaw allows remote, unauthenticated attackers to execute arbitrary code and gain full administrative control of affected systems running Windows, UNIX, and other operating systems. Adobe Acrobat Reader versions up to and including 26.001.21367 are affected.

Red Hat Products Multiple Vulnerabilities Allow Admin Privilege Escalation

CERT-Bund issued security advisory WID-SEC-2026-1033 warning of multiple vulnerabilities in Red Hat products including Ansible Automation Platform, Enterprise Linux, OpenShift, and Process Automation Manager. Local attackers can exploit these flaws to gain administrator privileges. CVSS base score is 6.4 (medium) with temporal score of 5.9. No remote attack vector exists.

Checkmk Multiple Vulnerabilities Allow Remote Attackers Unspecified Impacts

CERT-Bund issued security advisory WID-SEC-2026-1050 regarding multiple vulnerabilities in Checkmk IT monitoring software. Affected versions include those prior to 2.6.0b1, 2.5.0b4, 2.4.0p26, and 2.3.0p47. An authenticated remote attacker can exploit these vulnerabilities for unspecified impacts. CVSS Base Score is 6.3 (medium) with CVSS Temporal Score of 5.5.

Linux Kernel Vulnerability Allows Physical Access Attacks

CERT-Bund issued security advisory WID-SEC-2026-1049 warning of a vulnerability in the Linux kernel affecting versions prior to 6.1.167, 6.6.130, 6.12.78, 6.18.19, 6.19.9, and 7.0-rc4. Attackers with physical access can exploit the flaw to cause denial of service, execute arbitrary code, or disclose information. The CVSS Base Score is 6.8 (medium). Remote attack is not possible, and mitigations are available.

Multiple Vulnerabilities in Helm Allow Arbitrary Code Execution

CERT-Bund published security advisory WID-SEC-2026-1048 disclosing multiple vulnerabilities in Helm (Kubernetes package manager) with a CVSS Base Score of 8.6 (high). Affected versions include helm <4.1.4 and helm <3.20.2. An attacker can exploit these vulnerabilities to manipulate files, bypass security measures, and potentially execute arbitrary code.

ICE Arrests Criminal Illegal Aliens Convicted of Child Abuse, Assault, and Robbery

ICE announced arrests of criminal illegal aliens convicted of injury to a child, assault with a semiautomatic firearm, aggravated assault with a deadly weapon, robbery, and other crimes. The announcement coincides with the one-year anniversary of the reopening of the VOICE Office, which provides resources to victims of crimes with an immigration nexus.