Mission Statement

Serial number:AV26-402
Date: April 29, 2026

On April 28, 2026, Google published a security advisory to address vulnerabilities in the following product:

• Stable Channel Chrome for Desktop – versions prior to 147.0.7727.137/138 (Windows/Mac) and 147.0.7727.137 (Linux)

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates, when available.

• Google Chrome Security Advisory

Serial number:AV26-352
Date:April 14, 2026
Updated:April 28, 2026

On April 14, 2026, Microsoft published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products:

• .NET 10.0 installed on Linux
• .NET 10.0 installed on Mac OS
• .NET 10.0 installed on Windows
• .NET 8.0 installed on Linux
• .NET 8.0 installed on Mac OS
• .NET 8.0 installed on Windows
• .NET 9.0 installed on Linux
• .NET 9.0 installed on Mac OS
• .NET 9.0 installed on Windows
• Azure Logic Apps
• Azure Monitor Agent
• Microsoft .NET Framework
• Microsoft .NET Framework 3.5 AND 4.8.1
• Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
• Microsoft 365 Apps for Enterprise
• Microsoft Defender Antimalware Platform
• Microsoft Dynamics 365
• Microsoft Excel 2016
• Microsoft HPC Pack 2019
• Microsoft Office 2016
• Microsoft Office 2019
• Microsoft Office LTSC 2021
• Microsoft Office LTSC 2024
• Microsoft Office LTSC for Mac 2021
• Microsoft Office LTSC for Mac 2024
• Microsoft Power Apps
• Microsoft PowerPoint 2016
• Microsoft SQL Server 2016
• Microsoft SQL Server 2017
• Microsoft SQL Server 2019
• Microsoft SQL Server 2022
• Microsoft SQL Server 2025
• Microsoft SharePoint Enterprise Server 2016
• Microsoft SharePoint Server 2019
• Microsoft SharePoint Server Subscription Edition
• Microsoft Visual Studio 2022
• Microsoft Visual Studio Code CoPilot Chat Extension
• Office Online Server
• PowerShell
• Remote Desktop client for Windows Desktop
• Windows 10
• Windows 11
• Windows Admin Center
• Windows App Client for Windows Desktop
• Windows Server 2012
• Windows Server 2012 R2
• Windows Server 2016
• Windows Server 2019
• Windows Server 2022
• Windows Server 2025

Microsoft has received reports that CVE-2026-32201 has been exploited.

On April 14, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-32201 to their Known Exploited Vulnerabilities (KEV) Database.

Update 1

Open-source reporting indicates that the CVE-2026-33825 vulnerability is being exploited in the wild.

Update 2

On April 22, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-33825 to their Known Exploited Vulnerabilities (KEV) Database.

Update 3

On April 28, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-32202 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• April 2026 Security Updates
• Security Update Guide
• CISA KEV: CVE-2026-32201
• CVE-2026-33825 Detail
• CISA KEV: CVE-2026-33825
• CISA KEV: CVE-2026-32202

Serial number:AV26-401
Date:April 28, 2026

On April 28, 2026, Mozilla published a security advisory to address vulnerabilities in the following products:

• Firefox – versions prior to 150.0.1
• Firefox ESR – versions prior to 140.10.1
• Firefox ESR – versions prior to 115.35.1

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Mozilla Foundation Security Advisory 2026-35
• Mozilla Foundation Security Advisory 2026-36
• Mozilla Foundation Security Advisory 2026-37
• Mozilla Security Advisories

Serial number:AV26-400
Date: April 28, 2026

On April 28, 2026, Citrix published a security advisory to address vulnerabilities in the following product:

• XenServer – versions prior to 8.4

The Cyber Centre encourages users and administrators to review the provided web links and perform the suggested mitigations.

• XenServer Security Update for Multiple Issues
• Citrix Security Advisories

Serial number:AV26-399
Date:April 28, 2026

On April 28, 2026, Zyxel published a security advisory to address vulnerabilities in the following products:

• 4G LTE/5G NR CPE – multiple versions and models
• DSL/Ethernet CPE – multiple versions and models
• Fiber ONTs – multiple versions and models
• Wireless Extenders – multiple versions and models

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Zyxel security advisory for command injection vulnerabilities in certain 4G LTE/5G NR CPE, DSL/Ethernet CPE, Fiber ONTs, and Wireless Extenders
• Zyxel Advisories

Serial number:AV26-398
Date: April 28, 2026

On April 24, 2026, SmarterTools published a security advisory to address a vulnerability in the following product:

• SmarterMail – versions prior to Build 9610

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary update.

• Download SmarterMail
• SmarterMail Release Notes