The last 24 hours produced 155 BSI advisories, led by two critical application and network-management risks plus broad exposure across internet-facing services, databases, automation platforms, and Linux infrastructure.

High-Severity SME Action Plan

Critical priorities

  1. Risk: Budibase — An unauthenticated attacker may inject database commands through a vulnerable application. Business Impact: Data breach, GDPR liability, record manipulation. Action: 1. Identify every Budibase instance. 2. Remove public access or restrict it through VPN and IP allowlists. 3. Install the vendor-fixed release. 4. Rotate database credentials. 5. Review application and database logs for unusual queries. CVE Reference: WID-SEC-2026-2041 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2041

  2. Risk: Ubiquiti UniFi OS Server — Attackers may execute code, bypass controls, alter data, or disclose confidential information. Business Impact: Network takeover, operational outage, credential exposure. Action: 1. Identify UniFi OS Server deployments and record their versions. 2. Block management access from the internet. 3. Apply Ubiquiti’s fixed release. 4. Rotate administrator credentials and active API tokens. 5. Review administrator, configuration-change, and authentication logs. CVE Reference: WID-SEC-2026-1639 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1639

Internet-facing and business applications

  1. Risk: NGINX Open Source and NGINX Plus — Multiple flaws may cause outages, bypass controls, alter data, disclose information, or permit code execution. Business Impact: Website or API outage, server compromise. Action: 1. Inventory all NGINX installations and consolidate advisories 1661, 0860, and 1527. 2. Restrict management interfaces. 3. Apply the newest fixed package available for each supported branch. 4. Restart affected workers. 5. Test websites and inspect error and access logs. CVE Reference: WID-SEC-2026-1661, WID-SEC-2026-0860, WID-SEC-2026-1527 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1661

  2. Risk: Apache HTTP Server — Attackers may execute code, bypass security controls, disclose information, or interrupt service. Business Impact: Customer-facing outage, data exposure. Action: 1. Identify exposed Apache servers and versions. 2. Disable unused modules and restrict administrative endpoints. 3. Install the fixed package. 4. Restart Apache during a controlled window. 5. Review access logs for abnormal requests. CVE Reference: WID-SEC-2026-1354 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1354

  3. Risk: Apache Tomcat — Multiple weaknesses may bypass controls, expose or alter information, and interrupt applications. Business Impact: Application outage, customer-data exposure. Action: 1. Inventory Tomcat instances and deployed applications. 2. Remove public access to manager interfaces. 3. Upgrade to a fixed supported release. 4. Restart and run application tests. 5. Review deployment and access logs. CVE Reference: WID-SEC-2026-1514 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1514

  4. Risk: IBM WebSphere Application Server and Liberty — Attackers may manipulate files, run code, expose information, or inject browser content. Business Impact: Production halt, customer-trust damage. Action: 1. Restrict external access to affected servers. 2. Apply IBM’s emergency fixes. 3. Verify application operation. 4. Check deployed files against trusted copies. 5. Search access logs for configuration-file, upload, or traversal requests. CVE Reference: WID-SEC-2026-2050 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2050

  5. Risk: Grafana — Remote attackers may interrupt dashboards, execute code, or disclose monitored information. Business Impact: Monitoring outage, operational-data exposure. Action: 1. Restrict Grafana to trusted networks or VPN. 2. Upgrade to a fixed release. 3. Revoke unnecessary accounts and API keys. 4. Verify dashboards and alerting. 5. Review login and plug-in activity. CVE Reference: WID-SEC-2026-0899 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0899

  6. Risk: Langflow — Several advisories describe remote code execution, control bypass, data manipulation, disclosure, and denial of service. Business Impact: AI workflow compromise, credential theft, production halt. Action: 1. Inventory Langflow versions and consolidate advisories 1898, 1713, 2030, and 1970. 2. Remove direct internet exposure. 3. Upgrade to the latest fixed release. 4. Rotate stored model, database, and integration secrets. 5. Review workflow and authentication changes. CVE Reference: WID-SEC-2026-1898, WID-SEC-2026-1713, WID-SEC-2026-2030, WID-SEC-2026-1970 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2030

  7. Risk: Flowise — Multiple flaws may enable code execution, account or object takeover, file changes, and information disclosure. Business Impact: Workflow takeover, secret exposure, fraudulent automation. Action: 1. Identify Flowise deployments covered by advisories 1554, 1145, and 2591. 2. Restrict access to trusted users and networks. 3. Upgrade immediately. 4. Rotate integration credentials. 5. Review accounts, flows, shared objects, and audit logs. CVE Reference: WID-SEC-2026-1554, WID-SEC-2026-1145, WID-SEC-2025-2591 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1554

  8. Risk: n8n — Vulnerabilities may permit code execution, SQL injection, script injection, data alteration, or disclosure. Business Impact: Automation takeover, data breach, fraudulent business actions. Action: 1. Inventory versions against advisories 1875 and 1519. 2. Remove public editor access. 3. Upgrade to the latest fixed version. 4. Rotate workflow credentials and webhook secrets. 5. Review recent workflow, user, and execution changes. CVE Reference: WID-SEC-2026-1875, WID-SEC-2026-1519 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1875

  9. Risk: Snipe-IT — An authenticated attacker may gain administrative privileges, bypass controls, or alter asset records. Business Impact: Asset-register corruption, audit failure. Action: 1. Upgrade Snipe-IT. 2. Disable dormant accounts. 3. Review administrator assignments and recent record changes. 4. Rotate application secrets if misuse is suspected. 5. Export a verified asset snapshot. CVE Reference: WID-SEC-2026-1918 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1918

  10. Risk: Pega Platform — An authenticated attacker may bypass application security controls. Business Impact: Unauthorized process access, data-integrity risk. Action: 1. Confirm affected Pega versions. 2. Apply the vendor update. 3. Restrict privileged roles. 4. Review access-control and application changes. 5. Test critical workflows. CVE Reference: WID-SEC-2025-2644 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2644

Infrastructure, databases, and network services

  1. Risk: IBM DB2 — Vulnerabilities may expose data, execute code, or stop database service. Business Impact: Production halt, confidential-data exposure. Action: 1. Block direct internet access. 2. Apply IBM’s security update. 3. Restart during a controlled window. 4. Test dependent applications. 5. Review privileged database activity. CVE Reference: WID-SEC-2026-2057 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2057

  2. Risk: Oracle MySQL — Multiple flaws may compromise database confidentiality, integrity, or availability. Business Impact: Data breach, corrupted records, production outage. Action: 1. Inventory versions against advisories 1946 and 1199. 2. Restrict database ports to application networks. 3. Apply Oracle’s current security update. 4. Test backups and replication. 5. Review privileged queries and new accounts. CVE Reference: WID-SEC-2026-1946, WID-SEC-2026-1199 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1946

  3. Risk: Linux Kernel — Several overlapping advisories cover service interruption, privilege escalation, information exposure, memory corruption, and possible code execution. Business Impact: Server outage, full system compromise. Action: 1. Map all Linux systems to supported vendor kernels. 2. Prioritize internet-facing servers, virtualization nodes, and “Dirty Frag” exposure. 3. Apply distribution kernel updates. 4. Reboot and confirm the running kernel. 5. Test critical services and investigate unexplained crashes. CVE Reference: WID-SEC-2026-2056, WID-SEC-2026-1870, WID-SEC-2026-0861, WID-SEC-2025-1858, WID-SEC-2026-1232, WID-SEC-2026-1700, WID-SEC-2026-1691, WID-SEC-2026-1531, WID-SEC-2026-1279, WID-SEC-2026-1430 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2056

  4. Risk: Arista EOS — Attackers may bypass network controls, elevate privileges, alter configurations, or disclose information. Business Impact: Network compromise, traffic interception. Action: 1. Inventory switches and EOS releases. 2. Restrict management access to a dedicated network. 3. Apply Arista updates. 4. Compare configurations with approved backups. 5. Review administrator logins and configuration commits. CVE Reference: WID-SEC-2026-2055 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2055

  5. Risk: Google Cloud Service Mesh and Envoy Proxy — Weaknesses may cause outages, bypass controls, or expose service traffic. Business Impact: Application disruption, inter-service data exposure. Action: 1. Identify affected managed and self-managed components. 2. Apply Google or Envoy updates. 3. Restrict administrative interfaces. 4. Roll out changes gradually. 5. Test routing, authentication, and telemetry. CVE Reference: WID-SEC-2026-2048 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2048

  6. Risk: Unbound — DNS weaknesses may interrupt resolution and potentially permit code execution. Business Impact: Company-wide connectivity failure, infrastructure compromise. Action: 1. Identify Unbound resolvers. 2. Block public recursion unless explicitly required. 3. Apply the fixed package. 4. Restart and test internal and external resolution. 5. Review crash and query-volume anomalies. CVE Reference: WID-SEC-2026-1599 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1599

  7. Risk: dnsmasq — Attackers may stop DNS services, execute root-level code, expose data, manipulate responses, or redirect users. Business Impact: Network outage, phishing redirection, full device compromise. Action: 1. Locate dnsmasq on routers, firewalls, and Linux systems. 2. Prevent untrusted networks from querying it. 3. Apply firmware or package updates. 4. Restart and test DHCP/DNS. 5. Check configurations and DNS answers for unauthorized changes. CVE Reference: WID-SEC-2026-1468 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1468

  8. Risk: strongSwan — An unauthenticated remote attacker may execute code through vulnerable VPN software. Business Impact: VPN gateway takeover, internal-network exposure. Action: 1. Identify strongSwan gateways and versions. 2. Apply the fixed package immediately. 3. Restart tunnels in a maintenance window. 4. Rotate VPN credentials if compromise indicators exist. 5. Review authentication and crash logs. CVE Reference: WID-SEC-2026-1832 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1832

  9. Risk: Cisco Unified Communications Manager — A remote attacker may manipulate files and potentially obtain root privileges. Business Impact: Telephone outage, communications interception. Action: 1. Remove CUCM administration from public networks. 2. Apply Cisco’s fixed release. 3. Review file integrity and administrative activity. 4. Rotate privileged credentials. 5. Test calling and emergency communication paths. CVE Reference: WID-SEC-2026-1801 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1801

  10. Risk: Dell PowerProtect Data Domain OS — Attackers may execute root-level code, gain administrative rights, bypass controls, or alter protected data. Business Impact: Backup compromise, ransomware-recovery failure. Action: 1. Isolate management interfaces from user and public networks. 2. Apply Dell’s update. 3. Review administrator accounts and configuration changes. 4. Verify immutable backup settings. 5. Perform a controlled restore test. CVE Reference: WID-SEC-2026-1118 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1118

  11. Risk: QEMU — Local attackers may elevate privileges, execute code, or interrupt virtualization services. Business Impact: Virtual-machine outage, virtualization-node compromise. Action: 1. Identify QEMU packages covered by advisories 3155 and 1855. 2. Limit shell access to virtualization nodes. 3. Apply vendor updates. 4. Restart or migrate affected guests as required. 5. Review privileged local activity. CVE Reference: WID-SEC-2024-3155, WID-SEC-2026-1855 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1855

  12. Risk: Fast Datapath for Red Hat Enterprise Linux — Remote attackers may interrupt virtual networking or disclose information. Business Impact: Network outage across virtual workloads. Action: 1. Confirm affected OVN components. 2. Apply Red Hat updates. 3. Roll through nodes to preserve availability. 4. Test virtual-network paths. 5. Monitor packet loss and service restarts. CVE Reference: WID-SEC-2026-1315 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1315

Platforms, automation, and software components

  1. Risk: Red Hat OpenShift Container Platform and Kiali — gRPC-Go, Axios, Go, and redirect-handling flaws may bypass controls, elevate privileges, alter data, or expose information. Business Impact: Container-platform compromise, service outage. Action: 1. Check OpenShift and Kiali versions against advisories 1136 and 1513. 2. Restrict consoles and APIs. 3. Apply Red Hat updates. 4. Rotate affected service credentials. 5. Review role changes and suspicious workloads. CVE Reference: WID-SEC-2026-1136, WID-SEC-2026-1513 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1136

  2. Risk: Red Hat Ansible Automation Platform — Multiple advisories describe control bypass, information disclosure, code execution, data manipulation, and denial of service. Business Impact: Fleet-wide unauthorized changes, production halt. Action: 1. Inventory controller and event-driven automation components. 2. Restrict APIs and consoles. 3. Apply updates for advisories 2043 and 0935. 4. Rotate automation credentials. 5. Review jobs, templates, inventories, and privilege changes. CVE Reference: WID-SEC-2026-2043, WID-SEC-2026-0935 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0935

  3. Risk: Red Hat Build of Debezium — Vulnerable components may allow arbitrary code execution. Business Impact: Data-pipeline compromise, unauthorized database access. Action: 1. Identify affected connectors and images. 2. Apply Red Hat updates and rebuild deployments. 3. Restrict connector permissions. 4. Rotate source and destination credentials. 5. Review connector configuration changes. CVE Reference: WID-SEC-2026-0694 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0694

  4. Risk: Docker — A local attacker may bypass controls or disclose information. Business Impact: Container isolation failure, secret exposure. Action: 1. Inventory Docker engines and clients. 2. Remove unnecessary local access and Docker-group membership. 3. Apply fixed packages. 4. Restart the engine where required. 5. Review privileged containers and mounted secrets. CVE Reference: WID-SEC-2026-0873 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0873

  5. Risk: FasterXML Jackson — Crafted data may bypass authorization, alter information, disclose data, or stop Java applications. Business Impact: Application compromise, data-integrity failure. Action: 1. Search dependency inventories and application packages for Jackson. 2. Upgrade affected libraries. 3. Rebuild and redeploy applications. 4. Disable unsafe polymorphic deserialization where unnecessary. 5. Test authorization and malformed-input handling. CVE Reference: WID-SEC-2026-2058 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2058

  6. Risk: CPython — Weaknesses may permit file manipulation, security-control bypass, or information disclosure. Business Impact: Application compromise, confidential-data exposure. Action: 1. Inventory Python runtimes in applications and automation. 2. Install supported fixed releases. 3. Rebuild virtual environments and images. 4. Test critical scripts. 5. Review processes handling untrusted files or network data. CVE Reference: WID-SEC-2026-2044 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2044

  7. Risk: Golang Go — Multiple advisories cover code execution, control bypass, memory corruption, misleading output, denial of service, and unspecified attacks. Business Impact: Compromised business services, production outage. Action: 1. Update Go toolchains against advisories 0548, 0345, 1776, and 1006. 2. Rebuild statically linked applications. 3. Replace deployed binaries and images. 4. Run regression tests. 5. Confirm old binaries are no longer active. CVE Reference: WID-SEC-2026-0548, WID-SEC-2026-0345, WID-SEC-2026-1776, WID-SEC-2026-1006 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1006

  8. Risk: OpenSSL — Multiple weaknesses may execute code, bypass cryptographic controls, expose information, alter data, or interrupt service. Business Impact: Encrypted-service compromise, data exposure. Action: 1. Identify affected packages and embedded copies. 2. Apply operating-system or vendor updates. 3. Restart dependent services. 4. Verify TLS operation. 5. Rotate keys only where exposure or exploitation is suspected. CVE Reference: WID-SEC-2026-1852 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1852

  9. Risk: Bouncy Castle BC-JAVA — Weaknesses may bypass cryptographic safeguards, disclose information, or stop Java services. Business Impact: Protection failure, application outage. Action: 1. Locate BC-JAVA dependencies. 2. Upgrade affected packages. 3. Rebuild and redeploy applications. 4. Test certificate and encryption operations. 5. Confirm obsolete library copies are removed. CVE Reference: WID-SEC-2026-1129 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1129

  10. Risk: Netty — Crafted network traffic may bypass controls, manipulate or disclose data, or stop Java services. Business Impact: API outage, data exposure. Action: 1. Locate Netty in dependency manifests and application bundles. 2. Upgrade affected versions. 3. Rebuild and redeploy. 4. Restrict exposed endpoints where patching is delayed. 5. Test malformed-request handling. CVE Reference: WID-SEC-2026-1814 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1814

  11. Risk: GStreamer — Malicious media may cause memory corruption, service interruption, or possible code execution. Business Impact: Endpoint compromise, media-processing outage. Action: 1. Update GStreamer packages. 2. Identify systems processing untrusted media. 3. Temporarily restrict automated media ingestion if patching is delayed. 4. Restart affected services. 5. Investigate recent crashes. CVE Reference: WID-SEC-2026-0525 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0525

  12. Risk: ImageMagick — Crafted images may stop processing services or expose information. Business Impact: Website or document-workflow outage. Action: 1. Update ImageMagick. 2. Restrict processing of untrusted uploads until patched. 3. Apply resource limits and format policies. 4. Restart dependent services. 5. Review failed conversion jobs. CVE Reference: WID-SEC-2026-1567 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1567

  13. Risk: cURL — Multiple weaknesses may bypass controls, disclose confidential information, or manipulate transferred data. Business Impact: Credential leakage, corrupted integrations. Action: 1. Update cURL and libcurl packages. 2. Restart long-running dependent services. 3. Review integrations using redirects, proxies, or untrusted URLs. 4. Test transfers. 5. Rotate exposed credentials if logs indicate leakage. CVE Reference: WID-SEC-2026-1307 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1307

  14. Risk: Red Hat Enterprise Linux components — libsoup, urllib3, and SSSD weaknesses may execute code, bypass controls, alter or expose data, elevate privileges, or cause denial of service. Business Impact: Server compromise, authentication failure, production halt. Action: 1. Check Red Hat systems against advisories 0305, 0207, 0062, 2488, and 1409. 2. Apply current security errata. 3. Restart affected services. 4. Test authentication and network applications. 5. Review privileged-account activity. CVE Reference: WID-SEC-2026-0305, WID-SEC-2026-0207, WID-SEC-2026-0062, WID-SEC-2025-2488, WID-SEC-2026-1409 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2488

  15. Risk: Adobe Acrobat and Acrobat Reader — Malicious documents may execute code, elevate privileges, disclose data, or stop the application. Business Impact: Employee-device compromise, ransomware entry point. Action: 1. Force-update Acrobat and Reader on all endpoints. 2. Disable unsupported releases. 3. Restrict JavaScript and protected-mode exceptions. 4. Tell staff not to open unexpected documents. 5. Investigate crashes or suspicious child processes. CVE Reference: WID-SEC-2026-1068 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1068

  16. Risk: Mozilla Firefox, Firefox ESR, and Thunderbird — Multiple weaknesses may execute code, escape sandboxes, elevate privileges, or corrupt memory. Business Impact: Endpoint takeover, email-borne compromise. Action: 1. Force browser and mail-client updates. 2. Verify restart completion. 3. Remove unsupported versions. 4. Restrict unapproved extensions. 5. Investigate recent crashes and suspicious downloads. CVE Reference: WID-SEC-2026-1959 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1959

  17. Risk: WebKitGTK — Crafted web content may interrupt applications, expose information, or bypass controls. Business Impact: Endpoint or embedded-application outage. Action: 1. Apply distribution updates. 2. Restart applications using WebKitGTK. 3. Limit access to untrusted web content until patched. 4. Test business applications. 5. Review crash reports. CVE Reference: WID-SEC-2026-1766 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1766

  18. Risk: TigerVNC — A local attacker may expose information, alter files, or interrupt remote-desktop service. Business Impact: Remote-support outage, unauthorized data access. Action: 1. Update TigerVNC. 2. Limit local accounts and remote-desktop access. 3. Review modified files and recent sessions. 4. Restart the service. 5. Test approved remote access. CVE Reference: WID-SEC-2026-0888 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0888

  19. Risk: FreeRDP — Crafted remote-desktop traffic may execute code or interrupt clients and services. Business Impact: Endpoint compromise, remote-work disruption. Action: 1. Update FreeRDP packages. 2. Restrict RDP access through VPN and allowlists. 3. Disable unused redirection features. 4. Restart clients or gateways. 5. Review abnormal connection attempts. CVE Reference: WID-SEC-2026-1470 Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1470

Other Operational Risks

The remaining 84 medium- and low-severity advisories broaden the patching workload but should not displace the critical and high-priority actions above. SMEs should process them through the normal risk-based patch cycle: match advisories to the asset inventory, prioritize exposed and business-critical systems, apply supported updates, record exceptions, and verify that mitigations remain in place. No individual CVE or BSI advisory identifiers were supplied for this lower-severity group.

Key Vulnerabilities Tracker

Table 1: Key Vulnerabilities Tracker

Severity Affected Vendor/Product CVE Reference Business Impact
Critical Budibase WID-SEC-2026-2041 Data breach, GDPR liability
Critical Ubiquiti UniFi OS Server WID-SEC-2026-1639 Network takeover
High NGINX Open Source/Plus WID-SEC-2026-1661, WID-SEC-2026-0860, WID-SEC-2026-1527 Website or API outage
High Apache HTTP Server WID-SEC-2026-1354 Server compromise
High Apache Tomcat WID-SEC-2026-1514 Application outage
High IBM WebSphere WID-SEC-2026-2050 Production halt
High Grafana WID-SEC-2026-0899 Monitoring outage
High Langflow WID-SEC-2026-1898, WID-SEC-2026-1713, WID-SEC-2026-2030, WID-SEC-2026-1970 AI workflow compromise
High Flowise WID-SEC-2026-1554, WID-SEC-2026-1145, WID-SEC-2025-2591 Workflow takeover
High n8n WID-SEC-2026-1875, WID-SEC-2026-1519 Automation compromise
High Snipe-IT WID-SEC-2026-1918 Asset-record corruption
High Pega Platform WID-SEC-2025-2644 Unauthorized process access
High IBM DB2 WID-SEC-2026-2057 Database outage
High Oracle MySQL WID-SEC-2026-1946, WID-SEC-2026-1199 Data breach or corruption
High Linux Kernel WID-SEC-2026-2056, WID-SEC-2026-1870, WID-SEC-2026-0861, WID-SEC-2025-1858, WID-SEC-2026-1232, WID-SEC-2026-1700, WID-SEC-2026-1691, WID-SEC-2026-1531, WID-SEC-2026-1279, WID-SEC-2026-1430 Server outage or takeover
High Arista EOS WID-SEC-2026-2055 Network compromise
High Google Service Mesh/Envoy WID-SEC-2026-2048 Service disruption
High Unbound WID-SEC-2026-1599 DNS outage
High dnsmasq WID-SEC-2026-1468 DNS redirection or takeover
High strongSwan WID-SEC-2026-1832 VPN gateway compromise
High Cisco CUCM WID-SEC-2026-1801 Communications outage
High Dell PowerProtect WID-SEC-2026-1118 Backup compromise
High QEMU WID-SEC-2024-3155, WID-SEC-2026-1855 Virtualization compromise
High Red Hat Fast Datapath/OVN WID-SEC-2026-1315 Virtual-network outage
High OpenShift and Kiali WID-SEC-2026-1136, WID-SEC-2026-1513 Platform compromise
High Red Hat Ansible WID-SEC-2026-2043, WID-SEC-2026-0935 Fleet-wide unauthorized changes
High Red Hat Debezium WID-SEC-2026-0694 Data-pipeline compromise
High Docker WID-SEC-2026-0873 Isolation failure
High FasterXML Jackson WID-SEC-2026-2058 Application compromise
High CPython WID-SEC-2026-2044 Data exposure
High Golang Go WID-SEC-2026-0548, WID-SEC-2026-0345, WID-SEC-2026-1776, WID-SEC-2026-1006 Service compromise
High OpenSSL WID-SEC-2026-1852 Encryption failure
High Bouncy Castle BC-JAVA WID-SEC-2026-1129 Cryptographic-control failure
High Netty WID-SEC-2026-1814 API outage or exposure
High GStreamer WID-SEC-2026-0525 Endpoint compromise
High ImageMagick WID-SEC-2026-1567 Processing outage
High cURL WID-SEC-2026-1307 Credential leakage
High RHEL components WID-SEC-2026-0305, WID-SEC-2026-0207, WID-SEC-2026-0062, WID-SEC-2025-2488, WID-SEC-2026-1409 Server compromise
High Adobe Acrobat/Reader WID-SEC-2026-1068 Employee-device compromise
High Firefox/Thunderbird WID-SEC-2026-1959 Endpoint takeover
High WebKitGTK WID-SEC-2026-1766 Application outage
High TigerVNC WID-SEC-2026-0888 Remote-support disruption
High FreeRDP WID-SEC-2026-1470 Remote-work disruption

Patterns I noticed

The strongest pattern is concentration in shared infrastructure: Linux, web servers, cryptographic libraries, language runtimes, and automation components can affect many business applications at once. Internet-facing management tools and low-code automation platforms deserve particular attention because they often store credentials capable of turning one compromised service into a wider business incident.

  • G-HOST (Mittelstand Threat Digest Engine)