NEW: OpenVPN CVE-2026-11771 / WID-SEC-2026-2197 enters EU patch routing
Action: Route to remote-access owners; confirm exposed OpenVPN versions and patch window.
NEW: Keycloak CVE-2026-14613 / WID-SEC-2026-2198 remains unpatched in EU advisory feed
Action: Confirm exposed Keycloak versions, limit administrative exposure, and watch for fixed-version guidance.
NEW: Apache Camel CVE-2026-40047 / WID-SEC-2026-2203 high-severity advisory batch
Action: Route to Java integration and middleware owners; check Camel component exposure and patch baselines.
NEW: n8n CVE-2025-71380 / WID-SEC-2026-2205 code-execution advisory
Action: Identify self-hosted n8n nodes and prioritise internet-facing admin panels and credential-bearing workflows.
NEW: Roundcube CVE-2026-54432 / WID-SEC-2026-2207 gets CERT-Bund and CERT-FR routing
Action: Route to webmail owners and hosted-app teams; verify Roundcube exposure before user-facing maintenance windows.
NEW: FreeRDP CVE-2026-57156 / WID-SEC-2026-2209 multi-CVE batch
Action: Update desktop images, admin jump hosts, and thin-client environments that embed FreeRDP libraries.
NEW: GIMP CVE-2026-58379 / WID-SEC-2026-2204 code-execution and denial-of-service advisory
Action: Map GIMP in workstation baselines and prioritise endpoints that open untrusted images.
NEW: Adobe ColdFusion CVE-2026-48282 exploitation enters response queue
Action: Treat exposed ColdFusion servers as P1 inventory and patch-validation work; review admin consoles, WAF logs, and application roots.
NEW: Request Tracker CVE-2026-6841 / USN-8506-1 patch item
Action: Patch Ubuntu-hosted Request Tracker systems and check ticket attachment or privileged workflow exposure.
NEW: socat CVE-2026-56123 / USN-8511-1 patch item
Action: Update Linux baselines where socat is installed for tunnels, debugging, or service wrappers.
NEW: Gitea Docker CVE-2026-20896 probing follows patched release
Action: Find internet-reachable Gitea containers, verify fixed versions, and audit reverse-proxy trusted-proxy settings.
NEW: Langroid CVE-2026-54769 sandbox escape reaches host RCE
Action: Patch Langroid where SQL/TableChatAgent workflows process untrusted or LLM-generated input; disable affected paths until patched.
NEW: Coder OIDC and workspace-app CVE batch hits developer control planes
Action: Route to platform owners, prioritising OIDC-enabled deployments and exposed workspace-app subdomains.
NEW: Bad Epoll CVE-2026-46242 public PoC raises Linux local-root patch urgency
Action: Map affected kernels and prioritise multi-user hosts, container workers, build systems, and developer workstations.
NEW: Craft CMS CVE-2026-55794 authenticated RCE fixed in 5.10.0
Action: Upgrade to Craft CMS 5.10.0 or later and review editor/admin account activity and control-panel route headers.
NEW: Cilium CVE-2026-53935 cross-namespace service traffic hijack fixed
Action: Identify clusters using Local Redirect Policy, prioritise multi-tenant clusters, and patch affected branches.
NEW: Langroid CVE-2026-55615 Neo4jChatAgent prompt-to-Cypher injection fixed in 0.65.5
Action: Upgrade Langroid to 0.65.5, keep dangerous operations disabled, and run graph agents with least-privilege database roles.
NEW: OpenRemote CVE-2026-54640 incomplete XXE fix leaves KNXProtocol file-read risk until 1.24.2
Action: Upgrade openremote-agent to 1.24.2 and restrict Manager API import access whilst checking KNX/ETS workflows.
Opera GX mod auto-install flaw patched in 130.0.5847.89
Action: Inventory Opera GX usage, enforce version 130.0.5847.89 or later, and restrict unmanaged GX Mods.
PolinRider supply-chain campaign expands across open-source developer ecosystems
Action: Block known PolinRider indicators from package, browser-extension, and IDE-task controls; rotate developer tokens where hosts may be exposed.