The 23 June 2026 feed is dominated by high-severity flaws in Linux, web infrastructure, databases, developer platforms, and automation tools, with service interruption and unauthorized code execution as the main business risks.

High-Severity SME Action Plan

  1. Risk: Kiali for Red Hat OpenShift Service Mesh — Remote attackers may bypass controls, alter or expose data, gain privileges, or disrupt service.
    Business Impact: Data exposure and container-platform disruption.
    Action: Identify Kiali instances and versions; restrict the management interface to trusted networks; install the Red Hat update; review administrative activity and configuration changes; test service-mesh routing afterward.
    CVE Reference: WID-SEC-2026-1513
    Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1513

  2. Risk: MariaDB — An authenticated attacker may crash the database and potentially execute code.
    Business Impact: Production Halt and possible database compromise.
    Action: Remove direct internet access; confirm affected versions; back up and verify critical databases; install the vendor patch; restart during a controlled window; test applications and inspect privileged database activity.
    CVE Reference: WID-SEC-2026-0815
    Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0815

  3. Risk: Linux Kernel — Multiple flaws may cause memory corruption, service failure, privilege escalation, or code execution across several advisory branches.
    Business Impact: Production Halt and server compromise.
    Action: Inventory kernel versions; prioritize internet-facing, multi-user, container, and virtualization hosts; apply supported distribution kernels; reboot in controlled batches; confirm the running kernel version; monitor crashes and privilege changes.
    CVE Reference: WID-SEC-2026-0774, WID-SEC-2026-0614, WID-SEC-2026-0324, WID-SEC-2026-0086, WID-SEC-2025-2099, WID-SEC-2025-2077, WID-SEC-2025-1465, WID-SEC-2026-0421, WID-SEC-2026-1279, WID-SEC-2026-1232, WID-SEC-2026-1870, WID-SEC-2026-1531, WID-SEC-2026-0861, WID-SEC-2025-2868, WID-SEC-2025-2229, WID-SEC-2025-2107, WID-SEC-2025-2053, WID-SEC-2025-1858, WID-SEC-2026-1827, WID-SEC-2026-1691
    Source: Individual BSI links above.

  4. Risk: Linux Kernel Dirty Frag, Fragnesia, and privilege-escalation flaws — A local account or compromised service may obtain administrator rights.
    Business Impact: Complete server takeover.
    Action: Patch affected kernels; restrict shell access; review privileged accounts and sudo activity; isolate suspicious hosts; reboot; confirm the new kernel; rotate administrative credentials if exploitation is suspected.
    CVE Reference: WID-SEC-2026-1430, WID-SEC-2026-1530, WID-SEC-2026-1633
    Source: Individual BSI links above.

  5. Risk: strongSwan NetworkManager plugin — A local attacker may bypass VPN security controls.
    Business Impact: Unauthorized network access.
    Action: Identify endpoints using the plugin; deploy the corrected package; temporarily restrict local administrative access; reconnect and test VPN profiles; review unexpected VPN configuration changes.
    CVE Reference: WID-SEC-2025-2846
    Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2846

  6. Risk: ISC BIND — Remote attackers may manipulate files or make DNS unavailable.
    Business Impact: Website, email, and application outages.
    Action: Confirm affected authoritative and recursive servers; restrict recursion to approved clients; patch BIND; validate zone files; restart one node at a time; test internal and external DNS resolution.
    CVE Reference: WID-SEC-2025-2392
    Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2392

  7. Risk: Go — Multiple runtime and library flaws may cause code execution, memory corruption, false output, control bypass, or service failure.
    Business Impact: Compromised applications and Production Halt.
    Action: Inventory Go runtimes and statically compiled applications; upgrade build environments; rebuild affected services; redeploy immutable artifacts; run integration tests; prioritize public APIs and parsers.
    CVE Reference: WID-SEC-2026-0548, WID-SEC-2026-1006, WID-SEC-2026-0345, WID-SEC-2026-1776
    Source: Individual BSI links above.

  8. Risk: OpenSSL and GnuTLS — Cryptographic-library flaws may expose information, bypass controls, execute code, or interrupt encrypted services.
    Business Impact: Confidentiality breach and application outage.
    Action: Inventory dynamically and statically linked applications; install distribution updates; restart dependent services; rebuild static binaries where necessary; test TLS connections; rotate keys only if investigation indicates exposure.
    CVE Reference: WID-SEC-2026-0234, WID-SEC-2026-1852, WID-SEC-2026-1312
    Source: Individual BSI links above.

  9. Risk: Red Hat Enterprise Linux components — Flaws in corosync, freeipmi, JWCrypto, python-markdown, urllib3, openCryptoki, hplip, and 389-ds-base may cause code execution, information exposure, privilege escalation, or outages.
    Business Impact: Production Halt and infrastructure compromise.
    Action: Map advisories to installed packages; remove unnecessary packages; apply Red Hat updates; restart affected services or nodes sequentially; test clustering, identity, printing, and management functions; review service accounts.
    CVE Reference: WID-SEC-2026-1358, WID-SEC-2026-1350, WID-SEC-2026-1610, WID-SEC-2026-0207, WID-SEC-2026-1957
    Source: Individual BSI links above.

  10. Risk: Red Hat OpenShift and Fast Datapath — Flaws in gRPC-Go and OVN may bypass controls, expose information, or interrupt cluster networking.
    Business Impact: Container-platform outage or tenant isolation failure.
    Action: Check cluster and operator versions; restrict administrative endpoints; apply supported updates through the platform upgrade process; test network policies and service routing; inspect failed authentication and unusual east-west traffic.
    CVE Reference: WID-SEC-2026-1136, WID-SEC-2026-1315
    Source: Individual BSI links above.

  11. Risk: WebKitGTK — Crafted content may expose information, bypass controls, or crash applications using the browser engine.
    Business Impact: Endpoint compromise and application interruption.
    Action: Identify browsers and desktop applications using WebKitGTK; update packages; restart affected applications; block untrusted content until patched; investigate repeated renderer crashes.
    CVE Reference: WID-SEC-2026-1766
    Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1766

  12. Risk: Angular — Multiple flaws may enable code execution, cross-site scripting, data exposure, control bypass, or denial of service.
    Business Impact: Customer Trust Risk and possible web-service compromise.
    Action: Identify deployed Angular versions; upgrade dependencies and rebuild applications; inspect public files and deployment artifacts; review access logs for configuration-file, upload, and suspicious script requests; test authentication and output encoding.
    CVE Reference: WID-SEC-2026-2038, WID-SEC-2026-1930, WID-SEC-2026-1591
    Source: Individual BSI links above.

  13. Risk: PostgreSQL — Multiple flaws may permit SQL injection, code execution, file manipulation, information exposure, or service interruption.
    Business Impact: Production Halt, data breach, and data-integrity loss.
    Action: Restrict database access; verify backups and restore capability; install the supported update; restart safely; test dependent applications; review superuser actions, extensions, failed logins, and unexpected file changes.
    CVE Reference: WID-SEC-2026-1544
    Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1544

  14. Risk: MISP — An authenticated attacker may execute code, bypass access controls, alter intelligence data, expose information, or hijack sessions.
    Business Impact: Corrupted threat intelligence and credential exposure.
    Action: Restrict access to trusted networks; patch MISP; invalidate active sessions; review administrator and API-key activity; verify feeds and indicators against trusted sources; rotate exposed credentials.
    CVE Reference: WID-SEC-2026-2035
    Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2035

  15. Risk: vLLM — Remote attackers may bypass security controls or execute code with administrator privileges.
    Business Impact: AI server takeover and possible model or data theft.
    Action: Remove public access to inference and management interfaces; require authenticated gateway access; update vLLM; run it as an unprivileged isolated account; review spawned processes and model-file changes; rotate service secrets after suspected compromise.
    CVE Reference: WID-SEC-2026-1860, WID-SEC-2026-1974
    Source: Individual BSI links above.

  16. Risk: Samba — Multiple flaws may execute code, manipulate files, bypass controls, or stop file services.
    Business Impact: Production Halt and shared-file compromise.
    Action: Block SMB from the public internet; patch domain controllers and file servers; restart sequentially; verify shares and permissions; inspect unexpected file changes and authentication events; confirm backups are isolated.
    CVE Reference: WID-SEC-2026-1686
    Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1686

  17. Risk: Flowise — An authenticated attacker may execute code, take over other users’ objects, or expose information.
    Business Impact: Workflow compromise and secret leakage.
    Action: Restrict the interface to approved users; patch Flowise; review shared flows, credentials, and ownership changes; rotate secrets stored in affected workflows; run the service with minimal filesystem and network permissions.
    CVE Reference: WID-SEC-2026-1554
    Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1554

  18. Risk: FreeRDP — Malicious remote-desktop content may execute code or crash clients.
    Business Impact: Endpoint compromise and remote-work disruption.
    Action: Update clients; disable automatic opening of downloaded RDP files; permit connections only through approved gateways; warn staff against unsolicited RDP files; inspect affected endpoints for unusual child processes.
    CVE Reference: WID-SEC-2026-1470
    Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1470

  19. Risk: Apache HTTP Server and HTTP/2 implementations — Flaws may execute code, expose or alter data, bypass controls, or make websites unavailable.
    Business Impact: Production Halt and Customer Trust Risk.
    Action: Inventory public servers and embedded HTTP/2 components; patch immediately; disable HTTP/2 temporarily if no fix is available and risk warrants it; validate configurations; inspect logs and public files; test websites and APIs after restart.
    CVE Reference: WID-SEC-2026-1354, WID-SEC-2025-1529, WID-SEC-2026-1824, WID-SEC-2026-1791
    Source: Individual BSI links above.

  20. Risk: Vim and Evince — Crafted files may execute code when opened.
    Business Impact: Employee workstation compromise.
    Action: Update both applications; prevent automatic opening of external files; use attachment filtering; ask staff to avoid untrusted documents and editor files; investigate unusual child processes launched by either application.
    CVE Reference: WID-SEC-2026-0940, WID-SEC-2026-1641
    Source: Individual BSI links above.

  21. Risk: etcd — A flaw may bypass security controls protecting distributed configuration data.
    Business Impact: Cluster configuration compromise.
    Action: Ensure etcd is not internet-accessible; require mutual TLS; patch all cluster members sequentially; verify membership and access-control settings; inspect changes to secrets, roles, and workloads.
    CVE Reference: WID-SEC-2026-0818
    Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0818

  22. Risk: Apache Tomcat — Remote attackers may execute code, alter data, bypass controls, or interrupt applications.
    Business Impact: Application takeover and Production Halt.
    Action: Remove manager interfaces from public access; patch Tomcat; review deployed applications and privileged accounts; inspect web roots and logs; rotate management credentials; test applications after restart.
    CVE Reference: WID-SEC-2025-2420
    Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2420

  23. Risk: n8n — Multiple flaws may execute code, manipulate data, inject SQL, bypass controls, or expose information.
    Business Impact: Customer Trust Risk and compromise of connected business systems.
    Action: Remove public editor access; patch n8n; review workflows, users, webhooks, and credential changes; rotate stored API keys; inspect database and access logs; test critical automations before re-enabling them.
    CVE Reference: WID-SEC-2026-0532, WID-SEC-2026-1519
    Source: Individual BSI links above.

  24. Risk: Microsoft developer tools — Flaws affecting Visual Studio Code, ASP.NET, .NET, and Visual Studio may expose or alter data, bypass authentication, or grant administrator privileges.
    Business Impact: Source-code and build-system compromise.
    Action: Deploy Microsoft updates; update CI build images; restrict untrusted extensions and repositories; rebuild sensitive artifacts; review developer-account sessions and pipeline changes; rotate signing credentials if exposure is suspected.
    CVE Reference: WID-SEC-2026-1845
    Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1845

  25. Risk: memcached — Remote attackers may bypass authentication or expose cached information.
    Business Impact: Session and customer-data exposure.
    Action: Block public access to port 11211; bind the service to private interfaces; patch memcached; flush sensitive caches where appropriate; rotate exposed session tokens; review network logs for external connections.
    CVE Reference: WID-SEC-2026-1615
    Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1615

  26. Risk: Rsync — Multiple flaws may expose information, bypass controls, elevate privileges, or stop synchronization jobs.
    Business Impact: Backup failure and data exposure.
    Action: Block public rsync access; patch clients and servers; restrict modules and filesystem permissions; verify backup integrity; inspect transferred files and daemon logs; rotate credentials if unauthorized access is found.
    CVE Reference: WID-SEC-2026-1611
    Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1611

  27. Risk: IBM WebSphere Application Server — Multiple flaws may execute code, elevate privileges, expose information, bypass controls, or interrupt applications.
    Business Impact: Production Halt and enterprise-application compromise.
    Action: Restrict administration interfaces; install IBM fixes; back up configurations; restart managed nodes in stages; test business applications; review deployments, privileged accounts, and unexpected configuration changes.
    CVE Reference: WID-SEC-2026-2001
    Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2001

  28. Risk: Apache NiFi — Attackers may manipulate data or files, inject SQL, or bypass security controls.
    Business Impact: Corrupted integration pipelines and data leakage.
    Action: Restrict the management interface; patch NiFi; review users, processors, controller services, and parameter changes; rotate embedded credentials; validate recent data transfers against source records.
    CVE Reference: WID-SEC-2026-2029
    Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2029

  29. Risk: LiteLLM — A remote attacker may bypass security controls in an AI gateway.
    Business Impact: Unauthorized model use, cost exposure, and possible data leakage.
    Action: Remove public management access; patch LiteLLM; require gateway authentication; restrict allowed models and upstream destinations; review usage records; rotate provider keys if unauthorized calls occurred.
    CVE Reference: WID-SEC-2026-1975
    Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1975

  30. Risk: FFmpeg — Crafted media may execute code or crash media-processing services.
    Business Impact: Production Halt and server compromise.
    Action: Patch FFmpeg; suspend processing of untrusted uploads until updated; isolate conversion workers; scan queued files; run media processing without administrative privileges; monitor crashes and unusual network connections.
    CVE Reference: WID-SEC-2026-2011
    Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2011

  31. Risk: Firefox, Firefox ESR, and Thunderbird — Malicious web or email content may execute code, escape isolation, expose information, or elevate privileges.
    Business Impact: Endpoint takeover and mailbox compromise.
    Action: Force browser and mail-client updates; restart applications; verify deployed versions; block active content from untrusted senders; isolate endpoints showing crashes or suspicious child processes.
    CVE Reference: WID-SEC-2026-1959
    Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1959

  32. Risk: Google Kubernetes Engine containerd — An authenticated attacker may execute code, alter or expose data, bypass controls, or disrupt workloads.
    Business Impact: Container escape and cloud-service interruption.
    Action: Check affected GKE versions; schedule supported node upgrades; restrict cluster credentials; rotate nodes rather than patching them manually; review privileged workloads and unusual container activity; test services after rollout.
    CVE Reference: WID-SEC-2026-2009
    Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2009

  33. Risk: Node.js — Multiple flaws may bypass controls, alter or expose data, or interrupt services.
    Business Impact: Web-application compromise and Production Halt.
    Action: Inventory Node.js runtimes; upgrade supported release lines; rebuild containers and serverless packages; restart services; run application tests; review dependency and request logs for anomalies.
    CVE Reference: WID-SEC-2026-2004
    Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2004

  34. Risk: Budibase — Multiple flaws may bypass controls or manipulate files.
    Business Impact: Low-code application and document-integrity loss.
    Action: Restrict administrative access; patch Budibase; inspect application definitions, uploaded files, and user roles; compare critical files with trusted versions; rotate credentials used by affected applications.
    CVE Reference: WID-SEC-2026-1714, WID-SEC-2026-1806
    Source: Individual BSI links above.

Other Operational Risks

The remaining 80 advisories comprise 73 medium- and 7 low-severity reports. They should enter the normal patch queue after the high-severity exposure check. Prioritize any lower-severity item affecting an internet-facing service, remote-access tool, identity system, backup platform, or software already scheduled for maintenance. No CVE or BSI advisory identifiers were supplied for these lower-severity entries, so no reliable item-level references can be listed.

Key Vulnerabilities Tracker

Table 1: Key Vulnerabilities Tracker

Severity Affected Vendor/Product CVE Reference Business Impact
High Kiali for Red Hat OpenShift Service Mesh WID-SEC-2026-1513 Data exposure; platform disruption
High MariaDB WID-SEC-2026-0815 Production Halt; code execution
High Linux Kernel, multiple branches WID-SEC-2026-0774, WID-SEC-2026-0614, WID-SEC-2026-0324, WID-SEC-2026-0086 Outage; memory corruption
High Linux Kernel, legacy branches WID-SEC-2025-2099, WID-SEC-2025-2077, WID-SEC-2025-1465 Production Halt
High Linux Kernel, additional branches WID-SEC-2026-0421, WID-SEC-2026-1279, WID-SEC-2026-1232, WID-SEC-2026-1870 Outage; privilege escalation
High Linux Kernel, further updates WID-SEC-2026-1531, WID-SEC-2026-0861, WID-SEC-2025-2868 Production Halt; possible code execution
High Linux Kernel, older update sets WID-SEC-2025-2229, WID-SEC-2025-2107, WID-SEC-2025-2053, WID-SEC-2025-1858 Production Halt
High Linux Kernel, remote-impact updates WID-SEC-2026-1827, WID-SEC-2026-1691 Production Halt
High Linux Kernel Dirty Frag and Fragnesia WID-SEC-2026-1430, WID-SEC-2026-1530, WID-SEC-2026-1633 Administrator access
High strongSwan NetworkManager plugin WID-SEC-2025-2846 VPN control bypass
High ISC BIND WID-SEC-2025-2392 DNS outage; file manipulation
High Go WID-SEC-2026-0548, WID-SEC-2026-1006, WID-SEC-2026-0345, WID-SEC-2026-1776 Application compromise; outage
High OpenSSL and GnuTLS WID-SEC-2026-0234, WID-SEC-2026-1852, WID-SEC-2026-1312 Confidentiality breach; outage
High Red Hat Enterprise Linux components WID-SEC-2026-1358, WID-SEC-2026-1350, WID-SEC-2026-1610, WID-SEC-2026-0207, WID-SEC-2026-1957 Production Halt; compromise
High OpenShift gRPC-Go and OVN WID-SEC-2026-1136, WID-SEC-2026-1315 Cluster disruption
High WebKitGTK WID-SEC-2026-1766 Endpoint compromise
High Angular WID-SEC-2026-2038, WID-SEC-2026-1930, WID-SEC-2026-1591 Customer Trust Risk
High PostgreSQL WID-SEC-2026-1544 Data breach; Production Halt
High MISP WID-SEC-2026-2035 Intelligence corruption
High vLLM WID-SEC-2026-1860, WID-SEC-2026-1974 Administrator-level takeover
High Samba WID-SEC-2026-1686 Shared-file compromise
High Flowise WID-SEC-2026-1554 Workflow and secret compromise
High FreeRDP WID-SEC-2026-1470 Endpoint compromise
High Apache HTTP Server and HTTP/2 WID-SEC-2026-1354, WID-SEC-2025-1529, WID-SEC-2026-1824, WID-SEC-2026-1791 Website outage; data exposure
High Vim and Evince WID-SEC-2026-0940, WID-SEC-2026-1641 Workstation compromise
High etcd WID-SEC-2026-0818 Cluster-control bypass
High Apache Tomcat WID-SEC-2025-2420 Application takeover
High n8n WID-SEC-2026-0532, WID-SEC-2026-1519 Connected-system compromise
High Microsoft developer tools WID-SEC-2026-1845 Source and build compromise
High memcached WID-SEC-2026-1615 Session-data exposure
High Rsync WID-SEC-2026-1611 Backup disruption; exposure
High IBM WebSphere Application Server WID-SEC-2026-2001 Production Halt
High Apache NiFi WID-SEC-2026-2029 Pipeline data corruption
High LiteLLM WID-SEC-2026-1975 Unauthorized model use
High FFmpeg WID-SEC-2026-2011 Media-service takeover
High Firefox and Thunderbird WID-SEC-2026-1959 Endpoint and mailbox compromise
High GKE containerd WID-SEC-2026-2009 Container compromise
High Node.js WID-SEC-2026-2004 Web-service compromise
High Budibase WID-SEC-2026-1714, WID-SEC-2026-1806 File-integrity loss

Patterns I noticed

Operating-system and shared-library updates account for much of the volume, which means one coordinated maintenance window can remove several exposures at once. Public web services, automation platforms, and AI infrastructure deserve separate checks because their flaws combine remote access with stored credentials and connections to other business systems.

  • G-HOST (Mittelstand Threat Digest Engine)