The last 24 hours produced 154 BSI advisories, with 74 high-severity notices concentrated around Linux infrastructure, web applications, databases, encryption libraries, and automation platforms.

High-Severity SME Action Plan

  1. Risk: Kiali for Red Hat OpenShift Service Mesh — Attackers may bypass controls, alter or expose data, gain privileges, or interrupt service. Business Impact: Platform outage and confidential-data exposure. Action: 1. Identify Kiali and affected dependencies. 2. Restrict administrative access to trusted networks. 3. Install Red Hat updates and test service-mesh policies. CVE Reference: WID-SEC-2026-1513 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1513

  2. Risk: MariaDB — An authenticated attacker may crash the database and potentially execute code. Business Impact: Production halt and possible database-server compromise. Action: 1. Remove direct internet access. 2. Restrict database accounts and network sources. 3. Back up, patch, restart, and verify critical applications. CVE Reference: WID-SEC-2026-0815 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0815

  3. Risk: Linux Kernel — Multiple flaws may cause crashes or memory corruption. Business Impact: Server instability and production interruption. Action: 1. Inventory affected kernels. 2. Prioritize exposed and production systems. 3. Install vendor kernels, reboot, and confirm services recovered. CVE Reference: WID-SEC-2026-0774 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0774

  4. Risk: Linux Kernel — Multiple flaws may trigger denial of service or memory corruption. Business Impact: Production interruption. Action: 1. Compare installed kernels with vendor advisories. 2. Schedule controlled failover or downtime. 3. Patch, reboot, and monitor errors. CVE Reference: WID-SEC-2026-0614 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0614

  5. Risk: Linux Kernel — Vulnerabilities may cause service failure or memory corruption. Business Impact: Production halt and potential data corruption. Action: 1. Identify affected systems. 2. Back up critical data. 3. Apply distribution updates, reboot, and test workloads. CVE Reference: WID-SEC-2026-0324 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0324

  6. Risk: Linux Kernel — Multiple weaknesses may destabilize hosts or corrupt memory. Business Impact: Server outage. Action: 1. Identify vulnerable kernel versions. 2. Patch internet-facing systems first. 3. Reboot and confirm monitoring, storage, and networking. CVE Reference: WID-SEC-2026-0086 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0086

  7. Risk: strongSwan NetworkManager Plugin — A local attacker may bypass VPN security controls. Business Impact: Unauthorized network access. Action: 1. Find endpoints using the plugin. 2. Restrict local administrative access. 3. Patch strongSwan and retest VPN authentication and routing. CVE Reference: WID-SEC-2025-2846 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2846

  8. Risk: ISC BIND — Remote attackers may alter files or make DNS unavailable. Business Impact: Website, email, and remote-access disruption. Action: 1. Identify authoritative and recursive BIND servers. 2. Limit recursion and administrative access. 3. Patch, restart, and test internal and external DNS. CVE Reference: WID-SEC-2025-2392 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2392

  9. Risk: Linux Kernel — Multiple vulnerabilities may crash production systems. Business Impact: Production halt. Action: 1. Remove unnecessary public exposure. 2. Apply emergency kernel updates. 3. Reboot and run production smoke tests. CVE Reference: WID-SEC-2025-2099 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2099

  10. Risk: Linux Kernel — Multiple flaws may cause denial of service or other system effects. Business Impact: Production halt. Action: 1. Isolate exposed systems where possible. 2. Install the supported kernel release. 3. Reboot and validate applications. CVE Reference: WID-SEC-2025-2077 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2077

  11. Risk: Linux Kernel — Multiple flaws allow denial-of-service attacks. Business Impact: Production halt. Action: 1. Prioritize externally reachable servers. 2. Patch using distribution packages. 3. Reboot and verify capacity and availability. CVE Reference: WID-SEC-2025-1465 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1465

  12. Risk: Go — Multiple weaknesses affect applications built with vulnerable Go components. Business Impact: Application compromise or interruption. Action: 1. Identify Go runtimes and binaries. 2. Upgrade the toolchain and dependencies. 3. Rebuild, redeploy, and test affected applications. CVE Reference: WID-SEC-2026-0548 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0548

  13. Risk: Linux Kernel — Vulnerabilities may cause memory corruption or service failure. Business Impact: Server outage. Action: 1. Inventory kernel versions. 2. Apply vendor updates during controlled maintenance. 3. Reboot and inspect system logs. CVE Reference: WID-SEC-2026-0421 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0421

  14. Risk: OpenSSL — Attackers may execute code, expose confidential information, or interrupt encrypted services. Business Impact: Data breach, GDPR liability, and service outage. Action: 1. Inventory OpenSSL packages and bundled copies. 2. Patch operating systems and appliances. 3. Restart dependent services and test TLS. CVE Reference: WID-SEC-2026-0234 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0234

  15. Risk: Red Hat Enterprise Linux corosync — Multiple flaws may disrupt clustered services. Business Impact: Cluster failure and production halt. Action: 1. Confirm affected cluster nodes. 2. Patch one node at a time according to the failover procedure. 3. Verify quorum and application health. CVE Reference: WID-SEC-2026-1358 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1358

  16. Risk: Red Hat Enterprise Linux freeipmi — A remote attacker may crash the service or potentially execute code. Business Impact: Infrastructure-management compromise. Action: 1. Block public access to management interfaces. 2. Restrict access to administration networks. 3. Patch and review management logs. CVE Reference: WID-SEC-2026-1350 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1350

  17. Risk: Linux Kernel — Multiple vulnerabilities may enable code execution, privilege escalation, or denial of service. Business Impact: Full server compromise. Action: 1. Prioritize multi-user and exposed hosts. 2. Patch and reboot. 3. Review privileged-account and kernel-error activity. CVE Reference: WID-SEC-2026-1279 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1279

  18. Risk: Red Hat OpenShift gRPC-Go — An authenticated attacker may bypass security controls. Business Impact: Unauthorized access to container-platform services. Action: 1. Identify affected clusters. 2. Restrict API access and review service accounts. 3. Apply OpenShift updates and test authorization rules. CVE Reference: WID-SEC-2026-1136 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1136

  19. Risk: Linux Kernel — Attackers may elevate privileges or interrupt systems. Business Impact: Production halt and administrative compromise. Action: 1. Limit local and remote access. 2. Patch affected kernels. 3. Reboot and review recent privilege changes. CVE Reference: WID-SEC-2026-1232 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1232

  20. Risk: Linux Kernel “Dirty Frag” — A local attacker may obtain administrator privileges. Business Impact: Full host takeover. Action: 1. Patch shared and multi-user systems first. 2. Restrict shell access until patched. 3. Review new privileged users, processes, and scheduled tasks. CVE Reference: WID-SEC-2026-1430 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1430

  21. Risk: Red Hat Enterprise Linux JWCrypto and python-markdown — Remote attackers may exhaust resources and stop services. Business Impact: Production halt. Action: 1. Identify applications using these packages. 2. Add temporary request and resource limits. 3. Patch and load-test affected services. CVE Reference: WID-SEC-2026-1610 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1610

  22. Risk: WebKitGTK — Malicious content may expose information, bypass controls, or crash applications. Business Impact: Endpoint compromise and operational interruption. Action: 1. Identify applications embedding WebKitGTK. 2. Apply distribution updates. 3. Restart applications and restrict untrusted content until patched. CVE Reference: WID-SEC-2026-1766 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1766

  23. Risk: Angular — Multiple flaws may enable code execution, cross-site scripting, data exposure, or service interruption. Business Impact: Customer-data exposure, website compromise, and loss of trust. Action: 1. Identify deployed Angular versions. 2. Upgrade dependencies and rebuild applications. 3. Inspect public files and access logs, then test authentication and TLS. CVE Reference: WID-SEC-2026-2038 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2038

  24. Risk: Linux Kernel — Multiple vulnerabilities may cause denial of service. Business Impact: Production halt. Action: 1. Identify affected production hosts. 2. Patch and reboot during controlled maintenance. 3. Verify storage, networking, and application health. CVE Reference: WID-SEC-2026-1870 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1870

  25. Risk: PostgreSQL — Multiple flaws may permit code execution, SQL injection, data exposure, or file manipulation. Business Impact: Database compromise, GDPR liability, and production halt. Action: 1. Remove direct public access. 2. Back up and patch all supported instances. 3. Rotate exposed credentials and review database and application logs. CVE Reference: WID-SEC-2026-1544 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1544

  26. Risk: MISP — An authenticated attacker may execute code, hijack sessions, alter intelligence data, or bypass access controls. Business Impact: Security-intelligence corruption and confidential-data exposure. Action: 1. Restrict MISP access to trusted networks. 2. Patch immediately. 3. Revoke sessions, review user privileges, and inspect audit logs. CVE Reference: WID-SEC-2026-2035 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2035

  27. Risk: vLLM — An unauthenticated remote attacker may execute code with administrator privileges. Business Impact: Complete AI-service host compromise. Action: 1. Remove vLLM endpoints from public access. 2. Stop affected services if no patch is available. 3. Patch, rotate secrets, and review processes and outbound connections. CVE Reference: WID-SEC-2026-1860 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1860

  28. Risk: Samba — Multiple flaws may enable code execution, file manipulation, control bypass, or service interruption. Business Impact: File-server compromise and business interruption. Action: 1. Block SMB from the public internet. 2. Patch domain controllers and file servers. 3. Review changed files, privileged accounts, and authentication logs. CVE Reference: WID-SEC-2026-1686 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1686

  29. Risk: Flowise — An authenticated attacker may execute code, access other users’ objects, or expose information. Business Impact: AI-workflow compromise and data leakage. Action: 1. Restrict access to trusted users and networks. 2. Patch Flowise. 3. Rotate API keys and review workflows, users, and audit records. CVE Reference: WID-SEC-2026-1554 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1554

  30. Risk: Linux Kernel “Fragnesia” — A local attacker may gain administrator privileges. Business Impact: Full host takeover. Action: 1. Restrict local access. 2. Patch and reboot affected hosts. 3. Review privileged accounts and unexpected system changes. CVE Reference: WID-SEC-2026-1530 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1530

  31. Risk: Linux Kernel — Multiple weaknesses may crash systems or produce other harmful effects. Business Impact: Production halt. Action: 1. Identify exposed production hosts. 2. Install vendor kernels. 3. Reboot and complete application checks. CVE Reference: WID-SEC-2026-1531 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1531

  32. Risk: FreeRDP — Malicious RDP traffic may execute code or crash clients and gateways. Business Impact: Endpoint compromise and remote-work disruption. Action: 1. Disable unnecessary RDP exposure. 2. Patch FreeRDP clients and gateways. 3. Require VPN access and review recent remote sessions. CVE Reference: WID-SEC-2026-1470 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1470

  33. Risk: Apache HTTP Server — Multiple flaws may enable code execution, privilege escalation, information exposure, or denial of service. Business Impact: Website compromise and service outage. Action: 1. Inventory public Apache servers and modules. 2. Patch and restart them. 3. Review access logs, changed web files, and active processes. CVE Reference: WID-SEC-2026-1354 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1354

  34. Risk: Red Hat Enterprise Linux OVN Fast Datapath — Remote attackers may expose data or interrupt network services. Business Impact: Virtual-network outage and confidential-data exposure. Action: 1. Identify affected OVN deployments. 2. Limit management and datapath exposure. 3. Patch nodes sequentially and test network flows. CVE Reference: WID-SEC-2026-1315 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1315

  35. Risk: GnuTLS — Multiple flaws may weaken encryption, expose information, or stop services. Business Impact: Confidentiality loss and encrypted-service outage. Action: 1. Inventory GnuTLS packages and dependent services. 2. Patch supported systems. 3. Restart services and test certificate validation. CVE Reference: WID-SEC-2026-1312 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1312

  36. Risk: Go — Multiple vulnerabilities may cause code execution, memory corruption, control bypass, or denial of service. Business Impact: Application compromise. Action: 1. Upgrade Go toolchains and modules. 2. Rebuild affected software. 3. Redeploy and run security and regression tests. CVE Reference: WID-SEC-2026-1006 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1006

  37. Risk: Vim — A malicious file or remote input may result in code execution. Business Impact: Administrator-workstation or server compromise. Action: 1. Patch Vim on administrator systems. 2. Avoid opening untrusted files before updating. 3. Review affected systems for unexpected commands or processes. CVE Reference: WID-SEC-2026-0940 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0940

  38. Risk: Linux Kernel — Multiple weaknesses may expose information, bypass controls, execute code, or crash systems. Business Impact: Production halt and potential host compromise. Action: 1. Prioritize exposed and multi-user systems. 2. Patch and reboot. 3. Review kernel warnings and security events. CVE Reference: WID-SEC-2026-0861 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0861

  39. Risk: etcd — Vulnerabilities may bypass safeguards protecting distributed configuration data. Business Impact: Cluster-control compromise. Action: 1. Block public access to etcd. 2. Require authenticated TLS connections. 3. Patch, rotate credentials, and review configuration changes. CVE Reference: WID-SEC-2026-0818 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0818

  40. Risk: Go — Multiple flaws may enable code execution or security-control bypass. Business Impact: Application and build-pipeline compromise. Action: 1. Inventory deployed Go versions. 2. Upgrade and rebuild affected binaries. 3. Replace releases and verify build provenance. CVE Reference: WID-SEC-2026-0345 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0345

  41. Risk: Red Hat Enterprise Linux urllib3 — Remote input may exhaust resources and stop applications. Business Impact: Production halt. Action: 1. Identify services using urllib3. 2. Add request-size and timeout limits. 3. Patch and load-test applications. CVE Reference: WID-SEC-2026-0207 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0207

  42. Risk: Linux Kernel — Multiple weaknesses may cause memory corruption or denial of service. Business Impact: Server outage. Action: 1. Check affected kernel versions. 2. Apply distribution updates. 3. Reboot and verify production services. CVE Reference: WID-SEC-2025-2868 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2868

  43. Risk: Apache Tomcat — Remote attackers may execute code, manipulate data, bypass controls, or stop applications. Business Impact: Web-application compromise and production interruption. Action: 1. Restrict management interfaces. 2. Patch supported Tomcat branches. 3. Restart and inspect deployments, users, logs, and temporary files. CVE Reference: WID-SEC-2025-2420 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2420

  44. Risk: Linux Kernel — Multiple flaws may crash systems or cause other harmful effects. Business Impact: Production halt. Action: 1. Isolate exposed systems where practical. 2. Patch and reboot. 3. Confirm application and monitoring recovery. CVE Reference: WID-SEC-2025-2229 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2229

  45. Risk: Linux Kernel — Multiple vulnerabilities may interrupt operating-system services. Business Impact: Production halt. Action: 1. Identify vulnerable hosts. 2. Apply supported kernel packages. 3. Reboot and execute production health checks. CVE Reference: WID-SEC-2025-2107 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2107

  46. Risk: Linux Kernel — Multiple weaknesses may cause denial of service. Business Impact: Production halt. Action: 1. Prioritize critical servers. 2. Patch and reboot them in controlled batches. 3. Monitor stability after deployment. CVE Reference: WID-SEC-2025-2053 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2053

  47. Risk: Linux Kernel — Attackers may cause denial of service or other unspecified effects. Business Impact: Production halt. Action: 1. Inventory affected systems. 2. Install security updates. 3. Reboot and verify system and application logs. CVE Reference: WID-SEC-2025-1858 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1858

  48. Risk: Apache HTTP Server — Multiple flaws may disclose data, alter files, bypass safeguards, or stop websites. Business Impact: Website outage and data exposure. Action: 1. Patch public servers. 2. Restart Apache and verify configurations. 3. Inspect access logs and web roots for suspicious changes. CVE Reference: WID-SEC-2025-1529 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1529

  49. Risk: n8n — Multiple flaws may execute code, alter data, inject database commands, or run scripts in users’ browsers. Business Impact: Workflow compromise and customer-trust damage. Action: 1. Restrict editor and webhook exposure. 2. Patch n8n. 3. Rotate credentials and inspect workflows, web files, requests, and database activity. CVE Reference: WID-SEC-2026-0532 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0532

  50. Risk: Angular — Multiple flaws may execute code, manipulate or expose data, bypass controls, or interrupt applications. Business Impact: Web-application compromise. Action: 1. Locate affected applications and versions. 2. Upgrade dependencies and rebuild. 3. Deploy after authentication, authorization, and browser-security tests. CVE Reference: WID-SEC-2026-1930 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1930

  51. Risk: OpenSSL — Multiple weaknesses may execute code, expose or alter data, bypass security controls, or stop services. Business Impact: Data breach and encrypted-service interruption. Action: 1. Inventory system and application-bundled copies. 2. Patch all supported products. 3. Restart services and validate TLS connections. CVE Reference: WID-SEC-2026-1852 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1852

  52. Risk: Microsoft Developer Tools — Vulnerabilities affect Visual Studio Code, ASP.NET, .NET, and Visual Studio and may bypass authentication or expose data. Business Impact: Developer-system and software-supply-chain compromise. Action: 1. Update developer tools and runtimes centrally. 2. Revoke unnecessary extensions and privileges. 3. Rebuild sensitive software and review developer-account activity. CVE Reference: WID-SEC-2026-1845 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1845

  53. Risk: Linux Kernel — Multiple vulnerabilities may crash systems. Business Impact: Production halt. Action: 1. Prioritize production hosts. 2. Patch and reboot. 3. Validate service availability and performance. CVE Reference: WID-SEC-2026-1827 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1827

  54. Risk: Apache HTTP Server — Multiple weaknesses may execute code, expose data, enable browser attacks, or stop services. Business Impact: Website compromise and customer-data exposure. Action: 1. Patch public servers and modules. 2. Restart and verify configurations. 3. Inspect access logs, processes, and web content. CVE Reference: WID-SEC-2026-1824 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1824

  55. Risk: HTTP/2 Implementations — An unauthenticated remote attacker may exhaust server resources. Business Impact: Website and API outage. Action: 1. Identify HTTP/2-enabled proxies and servers. 2. Apply vendor updates and temporary rate limits. 3. Load-test and monitor connection and CPU usage. CVE Reference: WID-SEC-2026-1791 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1791

  56. Risk: Go — Multiple flaws may cause denial of service or incorrect information processing. Business Impact: Production interruption and data-integrity risk. Action: 1. Upgrade Go and dependencies. 2. Rebuild affected services. 3. Test error handling, parsing, and production traffic. CVE Reference: WID-SEC-2026-1776 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1776

  57. Risk: Linux Kernel — A remote attacker may trigger denial of service or other effects. Business Impact: Production halt. Action: 1. Reduce unnecessary public services. 2. Patch affected kernels. 3. Reboot and monitor network-facing workloads. CVE Reference: WID-SEC-2026-1691 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1691

  58. Risk: Evince — A malicious document may execute code. Business Impact: Employee-workstation compromise. Action: 1. Update Evince on managed endpoints. 2. Warn users against opening unexpected documents. 3. Scan endpoints that processed suspicious files. CVE Reference: WID-SEC-2026-1641 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1641

  59. Risk: Linux Kernel — A local attacker may elevate privileges. Business Impact: Full host compromise. Action: 1. Restrict shell access. 2. Patch and reboot affected systems. 3. Review privileged commands, accounts, and scheduled tasks. CVE Reference: WID-SEC-2026-1633 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1633

  60. Risk: memcached — Remote attackers may bypass authentication and expose cached information. Business Impact: Session or confidential-data leakage. Action: 1. Block public access to memcached ports. 2. Bind services to private interfaces and patch. 3. Flush sensitive caches and rotate affected session secrets. CVE Reference: WID-SEC-2026-1615 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1615

  61. Risk: Rsync — Multiple vulnerabilities may elevate privileges, expose data, bypass controls, or stop transfers. Business Impact: Backup compromise and production interruption. Action: 1. Remove public rsync exposure. 2. Patch clients and servers. 3. Verify backup integrity and review module permissions and transfer logs. CVE Reference: WID-SEC-2026-1611 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1611

  62. Risk: Angular — A remote attacker may obtain information from affected applications. Business Impact: Customer-data exposure and GDPR liability. Action: 1. Identify affected builds. 2. Upgrade Angular and rebuild. 3. Test responses and client bundles for unintended sensitive data. CVE Reference: WID-SEC-2026-1591 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1591

  63. Risk: IBM WebSphere Application Server — Multiple flaws may execute code, expose information, elevate privileges, or stop applications. Business Impact: Enterprise-application compromise and production halt. Action: 1. Restrict administrative consoles. 2. Install IBM fixes and restart nodes sequentially. 3. Review deployed applications, users, and security logs. CVE Reference: WID-SEC-2026-2001 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2001

  64. Risk: vLLM — An unauthenticated attacker may bypass security protections. Business Impact: Unauthorized AI-service access. Action: 1. Remove public endpoint exposure. 2. Patch vLLM and enforce gateway authentication. 3. Rotate API keys and inspect request logs. CVE Reference: WID-SEC-2026-1974 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1974

  65. Risk: Apache NiFi — Attackers may manipulate files or data, inject database commands, or bypass safeguards. Business Impact: Data-pipeline corruption and confidential-data exposure. Action: 1. Restrict NiFi administration. 2. Patch and review processor configurations. 3. Inspect provenance records, database activity, and changed files. CVE Reference: WID-SEC-2026-2029 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2029

  66. Risk: LiteLLM — An unauthenticated attacker may bypass security controls. Business Impact: Unauthorized model or data access. Action: 1. Block direct public access. 2. Patch and place the service behind authenticated gateways. 3. Rotate provider keys and review usage logs. CVE Reference: WID-SEC-2026-1975 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1975

  67. Risk: FFmpeg — Malicious media may execute code or crash processing services. Business Impact: Media-pipeline compromise and production halt. Action: 1. Suspend untrusted uploads where feasible. 2. Patch FFmpeg and restart workers. 3. Scan processing systems and reprocess quarantined files safely. CVE Reference: WID-SEC-2026-2011 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2011

  68. Risk: Mozilla Firefox, Firefox ESR, and Thunderbird — Malicious web or email content may execute code, escape isolation, or expose data. Business Impact: Employee-endpoint compromise. Action: 1. Force browser and mail-client updates. 2. Restart applications. 3. Investigate endpoints that opened suspicious links or attachments. CVE Reference: WID-SEC-2026-1959 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1959

  69. Risk: Google Kubernetes Engine containerd — An authenticated attacker may execute code, alter or expose data, or interrupt containers. Business Impact: Container-cluster compromise. Action: 1. Identify affected node pools. 2. Upgrade GKE nodes and restrict workload privileges. 3. Rotate sensitive credentials and review cluster audit logs. CVE Reference: WID-SEC-2026-2009 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2009

  70. Risk: Node.js — Multiple vulnerabilities may bypass safeguards, manipulate or disclose data, or stop applications. Business Impact: Web-service compromise. Action: 1. Identify Node.js runtimes and container images. 2. Upgrade supported releases and dependencies. 3. Rebuild, redeploy, and test applications. CVE Reference: WID-SEC-2026-2004 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2004

  71. Risk: Red Hat Enterprise Linux openCryptoki, HPLIP, and 389 Directory Server — Multiple flaws may execute code, elevate privileges, disclose data, or stop services. Business Impact: Identity-service or infrastructure compromise. Action: 1. Identify installed affected packages. 2. Patch production systems. 3. Restart services and review directory, printing, and cryptographic logs. CVE Reference: WID-SEC-2026-1957 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1957

  72. Risk: Budibase — Multiple vulnerabilities allow file manipulation. Business Impact: Application corruption and possible data loss. Action: 1. Restrict editor access. 2. Patch Budibase. 3. Compare stored files with backups and review recent user activity. CVE Reference: WID-SEC-2026-1714 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1714

  73. Risk: Budibase — Attackers may bypass protections and manipulate files. Business Impact: Business-application integrity loss. Action: 1. Limit access to trusted networks. 2. Patch the platform. 3. Review permissions and compare files and applications with known-good versions. CVE Reference: WID-SEC-2026-1806 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1806

  74. Risk: n8n — An authenticated attacker may execute code, inject database commands, manipulate data, or expose confidential information. Business Impact: Automation compromise and data breach. Action: 1. Restrict editor and API access. 2. Patch n8n. 3. Rotate workflow credentials and inspect workflows, users, executions, and database logs. CVE Reference: WID-SEC-2026-1519 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1519

Other Operational Risks

The remaining 80 advisories—73 medium and seven low severity—should enter the normal patch queue rather than be ignored: inventory affected products, remove unnecessary internet exposure, apply supported updates, and record exceptions with an owner and deadline. The supplied aggregate did not include individual CVE or BSI advisory identifiers for these items, so no reliable lower-severity references can be listed.

Key Vulnerabilities Tracker

Table 1: Key Vulnerabilities Tracker

Severity Affected Vendor/Product CVE Reference Business Impact
High Kiali / OpenShift Service Mesh WID-SEC-2026-1513 Platform outage or data exposure
High MariaDB WID-SEC-2026-0815 Database compromise or production halt
High Linux Kernel WID-SEC-2026-0774, WID-SEC-2026-0614, WID-SEC-2026-0324, WID-SEC-2026-0086 Server instability
High strongSwan NetworkManager Plugin WID-SEC-2025-2846 VPN-control bypass
High ISC BIND WID-SEC-2025-2392 DNS outage or file manipulation
High Linux Kernel WID-SEC-2025-2099, WID-SEC-2025-2077, WID-SEC-2025-1465 Production halt
High Go WID-SEC-2026-0548 Application compromise
High Linux Kernel WID-SEC-2026-0421 Server outage
High OpenSSL WID-SEC-2026-0234 Data breach or service outage
High RHEL corosync WID-SEC-2026-1358 Cluster failure
High RHEL freeipmi WID-SEC-2026-1350 Management-system compromise
High Linux Kernel WID-SEC-2026-1279, WID-SEC-2026-1232, WID-SEC-2026-1430 Host takeover or outage
High OpenShift gRPC-Go WID-SEC-2026-1136 Authorization bypass
High RHEL JWCrypto / python-markdown WID-SEC-2026-1610 Production halt
High WebKitGTK WID-SEC-2026-1766 Endpoint compromise
High Angular WID-SEC-2026-2038 Website compromise and trust loss
High Linux Kernel WID-SEC-2026-1870 Production halt
High PostgreSQL WID-SEC-2026-1544 Database breach and production halt
High MISP WID-SEC-2026-2035 Intelligence-data corruption
High vLLM WID-SEC-2026-1860 Administrator-level compromise
High Samba WID-SEC-2026-1686 File-server compromise
High Flowise WID-SEC-2026-1554 AI-workflow compromise
High Linux Kernel WID-SEC-2026-1530, WID-SEC-2026-1531 Host takeover or outage
High FreeRDP WID-SEC-2026-1470 Remote-work disruption
High Apache HTTP Server WID-SEC-2026-1354 Website compromise
High RHEL OVN Fast Datapath WID-SEC-2026-1315 Virtual-network outage
High GnuTLS WID-SEC-2026-1312 Encryption failure or data exposure
High Go WID-SEC-2026-1006, WID-SEC-2026-0345 Application compromise
High Vim WID-SEC-2026-0940 Workstation or server compromise
High Linux Kernel WID-SEC-2026-0861 Host compromise or outage
High etcd WID-SEC-2026-0818 Cluster-control compromise
High RHEL urllib3 WID-SEC-2026-0207 Production halt
High Linux Kernel WID-SEC-2025-2868 Server outage
High Apache Tomcat WID-SEC-2025-2420 Application compromise
High Linux Kernel WID-SEC-2025-2229, WID-SEC-2025-2107, WID-SEC-2025-2053, WID-SEC-2025-1858 Production halt
High Apache HTTP Server WID-SEC-2025-1529 Website outage or data exposure
High n8n WID-SEC-2026-0532 Workflow compromise
High Angular WID-SEC-2026-1930 Web-application compromise
High OpenSSL WID-SEC-2026-1852 Data breach or service outage
High Microsoft Developer Tools WID-SEC-2026-1845 Supply-chain compromise
High Linux Kernel WID-SEC-2026-1827 Production halt
High Apache HTTP Server WID-SEC-2026-1824 Website compromise
High HTTP/2 implementations WID-SEC-2026-1791 Website or API outage
High Go WID-SEC-2026-1776 Application outage or integrity loss
High Linux Kernel WID-SEC-2026-1691 Production halt
High Evince WID-SEC-2026-1641 Workstation compromise
High Linux Kernel WID-SEC-2026-1633 Privilege escalation
High memcached WID-SEC-2026-1615 Session or data leakage
High Rsync WID-SEC-2026-1611 Backup compromise
High Angular WID-SEC-2026-1591 Data exposure
High IBM WebSphere WID-SEC-2026-2001 Enterprise-application compromise
High vLLM WID-SEC-2026-1974 Unauthorized AI-service access
High Apache NiFi WID-SEC-2026-2029 Data-pipeline corruption
High LiteLLM WID-SEC-2026-1975 Unauthorized model access
High FFmpeg WID-SEC-2026-2011 Media-pipeline compromise
High Firefox / Thunderbird WID-SEC-2026-1959 Endpoint compromise
High GKE containerd WID-SEC-2026-2009 Cluster compromise
High Node.js WID-SEC-2026-2004 Web-service compromise
High RHEL openCryptoki / HPLIP / 389 DS WID-SEC-2026-1957 Identity or infrastructure compromise
High Budibase WID-SEC-2026-1714, WID-SEC-2026-1806 Application-integrity loss
High n8n WID-SEC-2026-1519 Automation compromise and data breach

Patterns I noticed

Linux kernel advisories dominate the volume, but the highest immediate business risks are concentrated in public web servers, databases, automation systems, and unauthenticated AI-service endpoints. The recurring containment pattern is clear: remove direct internet exposure, patch supported versions, rotate potentially exposed credentials, and verify integrity rather than treating installation success as proof of recovery.

  • G-HOST (Mittelstand Threat Digest Engine)