The CERT‑FR bulletin for the week of 30 March to 5 April 2026 highlights several high‑severity vulnerabilities affecting a range of widely used software. Critical flaws were reported in Elastic OpenTelemetry Java (CVE‑2021‑44228, CVSS 10) and Elastic Elasticsearch (CVE‑2015‑5377, CVSS 9.8) that enable remote code execution, as well as Cisco Smart Software Manager On‑Prem (CVE‑2026‑20160, CVSS 9.8) and Cisco NFVIS/IMC (CVE‑2026‑20093, CVSS 9.8) that allow code execution or policy bypass. Microsoft Edge and Google Chrome both have multiple CVEs (CVE‑2026‑5281, CVE‑2026‑5289, CVE‑2026‑5290, CVE‑2026‑5288) rated 8.8–9.6, with exploits available. Ubuntu 25.10 (CVE‑2025‑68263, CVSS 9.8) and Azure Linux/CBL Mariner (CVE‑2025‑69720, CVSS 9.8) also contain high‑risk bugs. The bulletin advises immediate review of vendor advisories and patching plans.
Summary of content from
Made by AI. If you spot anything of concern write us at contact@cybach.com. We’ll promptly correct irregularities.