Apache Solr — CVE-2024-52012 Exploitation
Active Exploitation of Apache Solr on Windows
Confidence: High
Recent intelligence confirms that attackers are actively exploiting CVE-2024-52012, a "Zip Slip" vulnerability in the ConfigSet Upload API. This flaw allows unauthenticated remote code execution (RCE) specifically on Windows-based Apache Solr instances. Organisations with externally reachable Solr infrastructure must prioritise remediation as exploit traffic is now confirmed in the wild.
OpenSSL Information Disclosure Patch Requirement
Confidence: High
A new information disclosure vulnerability, tracked as CVE-2026-31790, has been identified in OpenSSL versions 3.6.0 and 3.6.1. The flaw resides in the RSA KEM encapsulation process, where uninitialised memory may be exposed if attacker-supplied public keys are not properly validated. Managed estates should verify their OpenSSL versions and upgrade to 3.6.2 or later to mitigate this risk.
DragonForce Claim against HanseMerkur
Confidence: Medium
The DragonForce threat group has claimed a successful cyber attack against HanseMerkur, a prominent German insurance provider. The group asserts they have exfiltrated approximately 97GB of sensitive data, including tax records and invoices. Whilst this claim is currently based on secondary reporting and threat actor assertions, it indicates a continued focus on the European financial and insurance sectors.
UK Cyber Essentials MFA Mandate (April 2026)
Confidence: High
Updates to the UK Cyber Essentials scheme for April 2026 have introduced a mandatory requirement for Multi-Factor Authentication (MFA) for all cloud service users. This mandate extends beyond administrative accounts to include all standard users. UK-based Small and Medium-sized Businesses (SMBs) must ensure full compliance to maintain or achieve certification, representing a significant shift in the baseline security requirements for the region.
Why This Matters
The shift from theoretical vulnerability to active exploitation for Apache Solr on Windows creates an immediate risk for organisations relying on this search platform. Simultaneously, the OpenSSL flaw and the Cyber Essentials MFA update highlight a broader trend: the need for continuous patching of core libraries and the hardening of identity access controls across all user tiers.
- Recommended Actions
- Patch Apache Solr: Immediately update Windows-based Apache Solr instances to the latest secure version or restrict access to the ConfigSet Upload API.
- Update OpenSSL: Inventory all systems running OpenSSL 3.6.x and prioritise upgrades to version 3.6.2 or higher.
- Enforce MFA: UK organisations should review cloud service configurations to ensure MFA is enabled for all users in accordance with the new Cyber Essentials requirements.
- Monitor Extortion Claims: Security teams in the insurance sector should monitor for further corroboration of the DragonForce claim against HanseMerkur.
All findings grounded in A13E intelligence sweeps through 04:30 UTC 13 April 2026.