FREE DIAGNOSTIC

Serial number:AV26-032
Date:January 14, 2026

On January 14, 2026, Palo Alto Networks published security advisories to address vulnerabilities in the following products:

• Prisma Browser – versions prior to 142.21.4.163
• PAN-OS 12.1 – versions prior to 12.1.3-h3
• PAN-OS 12.1 – versions prior to 12.1.4
• PAN-OS 11.2 – multiple versions
• PAN-OS 11.1 – multiple versions
• PAN-OS 10.2 – multiple versions
• PAN-OS 10.1 – versions prior to 10.1.14-h20
• Prisma Access 11.2 – versions prior to 11.2.7-h8
• Prisma Access 10.2 – versions prior to 10.2.10-h29

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.

• PAN-SA-2026-0001 Chromium: Monthly Vulnerability Update (January 2026)
• CVE-2026-0227 PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal
• Palo Alto Network Security Advisories

Serial number:AV26-031
Date:January 14, 2026

Between January 5 and 11, 2026, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder – multiple versions and platforms
• Red Hat Enterprise Linux – multiple versions and platforms
• Red Hat Enterprise Linux Server – multiple versions and platforms
• Red Hat Enterprise Linux for Real Time – multiple versions and platforms

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Red Hat Security Advisories

Serial number:AV26-030
Date: January 14, 2026

On January 14, 2026, Drupal published security advisories to address vulnerabilities in the following products:

• Group invite – versions prior to 2.3.9, version 3.0.0 to versions prior to 3.0.4, version 4.0.0 to versions prior to 4.0.4
• Role Delegation – version 1.3.0 to versions prior to 1.5.0
• AT Internet SmartTag – versions prior to 1.0.1
• AT Internet Piano Analytics – versions prior to 1.0.1, version 2.0.0 to versions prior to 2.3.1
• Microsoft Entra ID SSO Login – versions prior to 1.0.4

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates or perform the suggested mitigations.

• Drupal Security Advisories

Serial number:AV26-029
Date:January 14, 2026

On January 13, 2026, Schneider Electric published advisories to address vulnerabilities in the following products:

• EcoStruxure Power Build Rapsody software – multiple versions
• Wiser iTRV2 Version Wiser iTRV3, Wiser RTR2, Wiser UFH, Wiser 16A Electrical Heat Switch, Wiser Boiler Relay, Exxact cFMT 16a, Elko cFMT 16a, Odace cFMT 2a, Merten cFMT 16a, Merten cFMT 2a, Wiser Power Micromodule, Wiser FIP Micromodule, Iconic, Wiser Connected Smart Dimmer, Iconic, Wiser Connected Smart Switch, 2AX, Iconic, Wiser Connected Smart Switch, 10AX, Iconic, Connected AC Fan Controller Iconic, Connected Smart Socket, Wiser Connected Application Module 1-Gang, Wiser Connected Application Module 2-Gang, Wiser Connected Push Button Dimmer, Wiser Connected Push Button Switch, Wiser Connected Push Button Shutter, Wiser Connected Motion Dimmer, Wiser Connected Motion Switch, Wiser Connected Rotary Dimmer, Connected Wireless Switch, Micromodule Switch, Micromodule Dimmer, Micromodule Shutter, Connected Single Socket Outlet, Connected Double Socket Outlet, Fuga Connected Socket Outlet, Mureva EV Link – all versions
• EcoStruxure™ Process Expert – versions prior to 2025
• EcoStruxure™ Process Expert for AVEVA System Platform – all versions
• Plant iT/Brewmaxx – version v9.60 and later

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.

• Multiple Vulnerabilities on EcoStruxure Power Build Rapsody
• Multiple Third-Party Vulnerabilities on Zigbee Products
• Incorrect Default Permissions Vulnerability on EcoStruxure™ Process Expert
• Multiple Third-Party Vulnerabilities on ProLeiT Plant iT/Brewmaxx
• Schneider Electric Security Notifications

Serial number:AV26-028
Date:January 14, 2026

On January 13, 2026, Mozilla published security advisories to address vulnerabilities in the following products:

• Firefox ESR – versions prior to 140.7
• Firefox ESR – versions prior to 115.32
• Firefox – versions prior to 147

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Mozilla Foundation Security Advisory 2026-03
• Mozilla Foundation Security Advisory 2026-02
• Mozilla Foundation Security Advisory 2026-01
• Mozilla Security Advisories

Serial number:AV26-027
Date:January 14, 2026

On January 13, 2026, Adobe published security advisories to address vulnerabilities in the following products:

• Adobe Dreamweaver – version 21.6 and prior
• Adobe InDesign – version ID21.0 and prior
• Adobe InDesign – version ID19.5.5 and prior
• Illustrator 2025/2026 – version 29.8.3 and prior
• Illustrator 2025/2026 – version 30.0 and prior
• Adobe InCopy – version 21.0 and prior
• Adobe InCopy – version 19.5.5 and prior
• Adobe Bridge – version 15.1.2 (LTS) and prior
• Adobe Bridge – version 16.0 and prior
• Adobe Substance 3D Modeler – version 1.22.4 and prior
• Adobe Substance 3D Stager – version 3.1.5 and prior
• Adobe Substance 3D Painter – version 11.0.3 and prior
• Adobe Substance 3D Sampler – version 5.1.0 and prior
• ColdFusion 2025/2023 – version Update 5 and prior
• ColdFusion 2025/2023 – version Update 17 and prior
• Adobe Substance 3D Designer – version 15.0.3 and prior

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Adobe Security Advisories