FREE DIAGNOSTIC

Serial number:AV26-471
Date: May 14, 2026

On May 14, 2026, Cisco published security advisories to address critical vulnerabilities in the following products:

• Cisco Catalyst SD-WAN Release – versions 20.9 and prior
• Cisco Catalyst SD-WAN Release – versions 20.10 and prior
• Cisco Catalyst SD-WAN Release – versions 20.11 and prior
• Cisco Catalyst SD-WAN Release – versions 20.12 and prior
• Cisco Catalyst SD-WAN Release – versions 20.13 and prior
• Cisco Catalyst SD-WAN Release – versions 20.14 and prior
• Cisco Catalyst SD-WAN Release – versions 20.15 and prior
• Cisco Catalyst SD-WAN Release – versions 20.16 and prior
• Cisco Catalyst SD-WAN Release – versions 20.18 and prior
• Cisco Catalyst SD-WAN Release – versions 26.1 and prior

Cisco is aware of limited exploitation of CVE-2026-20182.

On May 14, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-20182 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
• Cisco Catalyst SD-WAN Manager Vulnerabilities
• Cisco Security Advisories
• CISA KEV: CVE-2026-20182

Serial number:AV26-470
Date: May 14, 2026

On May 14, 2026, PostgreSQL published a security advisory to address vulnerabilities in the following products:

• PostgreSQL – 14.x versions prior to 14.23
• PostgreSQL – 15.x versions prior to 15.18
• PostgreSQL – 16.x versions prior to 16.14
• PostgreSQL – 17.x versions prior to 17.10
• PostgreSQL – 18.x versions prior to 18.4

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 Released!
• PostgreSQL Security Information

Serial number:AV26-469
Date:May 14, 2026

On May 14, 2026, Broadcom published a security advisory to address a vulnerability in the following product:

• VMware Fusion – versions prior to 26H1

The Cyber Centre encourages users and administrators to review the web links provided and apply the necessary updates.

• VMSA-2026-0003: VMware Fusion updates address privilege escalation vulnerability (CVE-2026-41702)
• Security Advisories - VMware Cloud Foundation

Serial number:AV26-468
Date:May 14, 2026

On May 12, 2026, MongoDB published a security advisory to address a vulnerability in the following product:

• MongoDB – version 8.3.0 to 8.3.1
• MongoDB – version 8.2.0 to 8.2.8
• MongoDB – version 8.0.0 to 8.0.22
• MongoDB – version 7.0.0 to 7.0.33
• MongoDB – version 6.0.0 to 6.0.27
• MongoDB – version 5.0.0 to 5.0.32

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• MongoDB - (CVE-2026-8053) Undefined behavior when inserting data with duplicate field names into timeseries collections

Serial number:AV26-467
Date: May 14, 2026

On May 13, 2026, GitLab published a security advisory to address vulnerabilities in the following products:

• GitLab Community Edition (CE) – versions prior to 18.11.3, 18.10.6 and 18.9.7
• GitLab Enterprise Edition (EE) – versions prior to 18.11.3, 18.10.6 and 18.9.7

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• GitLab Patch Release: 18.11.3, 18.10.6, 18.9.7
• GitLab Releases

Serial number:AV26-466
Date: May 13, 2026

On May 13, 2026, Apple published a security advisory to address vulnerabilities in the following product:

• Safari – versions prior to 26.5

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• About the security content of Safari 26.5
• Apple security releases