Coordinated Vendor Patch Advisories for Enterprise Software and Linux Kernel
The Canadian Centre for Cyber Security issued multiple alerts and advisories urging organizations to apply vendor patches for newly disclosed vulnerabilities across widely deployed enterprise platforms, including Splunk (Enterprise, Cloud Platform, Universal Forwarder, and DB Connect prior to 4.2.0), GitHub Enterprise Server (patched releases 3.19.2, 3.18.5, 3.17.11, 3.16.14, 3.15.18, 3.14.23), Jenkins (Weekly 2.550 and prior; LTS 2.541.1 and prior), and Atlassian products (Bamboo, Confluence, and Crowd Data Center/Server across multiple versions). The advisories are framed as patch-and-mitigate guidance rather than incident reporting, emphasizing rapid update adoption to reduce exposure.
Additional vendor guidance highlighted kernel-level risk and security tooling exposure. Tenable released a critical update for Tenable Security Center (6.7.2 and prior) via stand-alone patches, and Red Hat published multiple advisories (Feb 9–15) including Linux kernel fixes across several RHEL-related offerings (e.g., Red Hat Enterprise Linux and CodeReady Linux Builder). Separately, F5 tracked a Linux kernel vulnerability identified as CVE-2025-22026 in its product advisory, reinforcing the need to prioritize kernel patching where affected components are present.
Timeline
Feb 19, 2026
F5 publishes advisory for Linux kernel CVE-2025-22026
On February 19, 2026, F5 published product advisory K000160079 regarding Linux kernel vulnerability CVE-2025-22026. No additional synopsis details were provided in the reference.
Feb 18, 2026
Splunk publishes advisories for multiple product vulnerabilities
On February 18, 2026, Splunk released security advisories for vulnerabilities affecting Splunk Enterprise, Splunk Cloud Platform, Splunk Universal Forwarder, and Splunk DB Connect versions prior to 4.2.0.
Feb 18, 2026
Jenkins releases security advisory for Weekly and LTS versions
On February 18, 2026, Jenkins published a security advisory covering vulnerabilities affecting Jenkins Weekly 2.550 and earlier and Jenkins LTS 2.541.1 and earlier.
Feb 17, 2026
Atlassian publishes advisories for Bamboo, Confluence, and Crowd
On February 17, 2026, Atlassian released security advisories addressing vulnerabilities in multiple versions of Bamboo Data Center and Server, Confluence Data Center and Server, and Crowd Data Center and Server.
Feb 17, 2026
Tenable issues critical Security Center update
On February 17, 2026, Tenable published a security advisory for vulnerabilities in Tenable Security Center, affecting version 6.7.2 and earlier. Stand-alone patches were made available for versions 6.5.1, 6.6.0, and 6.7.2 under SC-202602.1 and SC-202602.2.
Feb 10, 2026
GitHub discloses GitHub Enterprise Server vulnerabilities
On February 10, 2026, GitHub published security advisories for vulnerabilities affecting GitHub Enterprise Server release trains 3.14.x through 3.19.x, with patched versions identified for each train.
Feb 9, 2026
Red Hat publishes multiple product security advisories
Between February 9 and 15, 2026, Red Hat released security advisories covering vulnerabilities across multiple products, including the Linux kernel, Red Hat Enterprise Linux, and CodeReady Linux Builder.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Sources
2 more from sources like ca ccs
Related Stories
Canadian Cyber Centre Advisories Highlight Linux Kernel and Other Vendor Patch Updates
The Canadian Centre for Cyber Security issued multiple advisories urging organizations to apply vendor patches released between **February 16–22, 2026**, including updates addressing **Linux kernel vulnerabilities** impacting **Ubuntu** (16.04 LTS through 25.10) and **Red Hat** platforms (including *RHEL* and related offerings). The advisories emphasize routine but potentially high-impact exposure from unpatched kernel flaws across widely deployed enterprise and server environments, and direct administrators to review upstream vendor notices and deploy the corresponding updates. Separate Cyber Centre advisories also flagged patch requirements outside the Linux kernel: Microsoft released an update for **Microsoft Edge Stable** to remediate vulnerabilities in versions prior to `145.0.3800.70`, IBM published security advisories covering multiple products (including *Aspera Enterprise WebApps*, *Cloud Pak System*, *Storage Defender*, and others), and CISA issued ICS advisories for vulnerabilities across several industrial and IoT/OT products (including **Delta Electronics**, **GE Vernova**, **Honeywell CCTV**, **Siemens Simcenter**, and others) with recommended mitigations and updates where available. A Linux 7.0 release-candidate feature article is not a security advisory and does not materially relate to the patch/vulnerability notices in the other items.
1 months ago
March 2026 Vendor Security Advisories for Multiple Products
Multiple vendors and agencies published **security advisories** covering newly addressed vulnerabilities across enterprise, Linux, and industrial control system products. The advisories include an **HPE Telco Service Orchestrator** remote buffer overflow affecting versions prior to `4.2.12`, broad **Red Hat** and **Ubuntu** Linux kernel updates, and a large set of **Dell** and **IBM** product fixes spanning storage, networking, cloud, identity, and security platforms. **CISA ICS** advisories also highlighted weaknesses in products from **Siemens, Honeywell, Lantronix, Trane, Ceragon, Apeman,** and **Inductive Automation**, indicating continued exposure across operational technology environments. A related technical disclosure from the **Zero Day Initiative** described **CVE-2022-32250**, a Linux kernel `nf_tables` use-after-free flaw that can allow local privilege escalation to **root** after low-privileged code execution, and noted that Linux distributions have issued updates. That Linux kernel issue aligns with the broader kernel patching activity reflected in the Ubuntu and Red Hat notices, but the overall reporting is not a single incident or exploit campaign; it is a roundup of routine but substantive vulnerability disclosures and remediation guidance. This content is **not fluff** because it contains specific vulnerability information, affected products, and actionable patching intelligence.
1 months ago
Early March 2026 Vendor Security Advisories and Patch Releases Across Enterprise, Mobile, and ICS Products
Multiple vendors issued security advisories and patch releases in late February and early March 2026, prompting coordinated update guidance from national and regional CERTs. The Canadian Centre for Cyber Security highlighted updates for **Django** (fixed in `4.2.29`, `5.2.12`, `6.0.3`), **Samsung mobile devices** (March 2026 security update), **Qualcomm** (March 2026 monthly bulletin), **Veeam Kasten for Kubernetes / Kasten K10**, **VMware Tanzu** components (including *Greenplum* and *RabbitMQ on Kubernetes*), and **Red Hat** advisories including **Linux kernel** updates across multiple RHEL-related platforms. Industrial and infrastructure-facing products were also covered via **CISA ICS** advisories spanning a broad set of vendors and solutions (including EV charging ecosystems, building management, cameras, and DCS/SCADA platforms such as **Schneider Electric EcoStruxure Building Operation Workstation** and **Yokogawa CENTUM VP**), with guidance to apply mitigations and updates where available. Additional enterprise patch guidance included **Dell** advisories affecting *PowerStore T* and *PowerEdge* server lines (including AMD-based models and NVIDIA networking/DOCA-related components), and **IBM** advisories across a wide portfolio (including *App Connect Enterprise*, *CICS TX*, *License Metric Tool*, *Maximo*, *Sterling Secure Proxy*, *Terracotta*, *QRadar*, and others). HKCERT separately summarized **Samsung** vulnerabilities impacting Android devices and Exynos chipsets, listing multiple CVEs (e.g., `CVE-2024-31328` and numerous 2025-series CVEs) with potential impacts including **RCE**, **EoP**, **information disclosure**, and **DoS**.
1 months ago