Early March 2026 Vendor Security Advisories and Patch Releases Across Enterprise, Mobile, and ICS Products
Multiple vendors issued security advisories and patch releases in late February and early March 2026, prompting coordinated update guidance from national and regional CERTs. The Canadian Centre for Cyber Security highlighted updates for Django (fixed in 4.2.29, 5.2.12, 6.0.3), Samsung mobile devices (March 2026 security update), Qualcomm (March 2026 monthly bulletin), Veeam Kasten for Kubernetes / Kasten K10, VMware Tanzu components (including Greenplum and RabbitMQ on Kubernetes), and Red Hat advisories including Linux kernel updates across multiple RHEL-related platforms.
Industrial and infrastructure-facing products were also covered via CISA ICS advisories spanning a broad set of vendors and solutions (including EV charging ecosystems, building management, cameras, and DCS/SCADA platforms such as Schneider Electric EcoStruxure Building Operation Workstation and Yokogawa CENTUM VP), with guidance to apply mitigations and updates where available. Additional enterprise patch guidance included Dell advisories affecting PowerStore T and PowerEdge server lines (including AMD-based models and NVIDIA networking/DOCA-related components), and IBM advisories across a wide portfolio (including App Connect Enterprise, CICS TX, License Metric Tool, Maximo, Sterling Secure Proxy, Terracotta, QRadar, and others). HKCERT separately summarized Samsung vulnerabilities impacting Android devices and Exynos chipsets, listing multiple CVEs (e.g., CVE-2024-31328 and numerous 2025-series CVEs) with potential impacts including RCE, EoP, information disclosure, and DoS.
Timeline
Mar 3, 2026
Django publishes security advisory for supported release lines
On 2026-03-03, Django published a security advisory covering vulnerabilities in supported release lines, including Django 4.2 before 4.2.29, Django 5.2 before 5.2.12, and Django 6.0 before 6.0.3. The advisory instructed users to review the notice and update to fixed versions.
Mar 3, 2026
Samsung publishes mobile device security update
On 2026-03-03, Samsung released a security update for mobile devices addressing multiple vulnerabilities affecting versions prior to SMR-MAR-2026. Users and administrators were directed to Samsung's security update information for remediation details.
Mar 2, 2026
Qualcomm publishes March 2026 security bulletin
On 2026-03-02, Qualcomm published its March 2026 security bulletin addressing vulnerabilities affecting Qualcomm products. The bulletin served as the primary source of remediation guidance referenced by subsequent advisories.
Mar 2, 2026
Veeam publishes Kasten for Kubernetes security advisory
On 2026-03-02, Veeam released a security advisory addressing vulnerabilities in multiple versions of Veeam Kasten for Kubernetes and Kasten K10 by Veeam. The vendor provided references to security fixes, improvements, and additional knowledge base details.
Feb 27, 2026
VMware releases Tanzu product security advisories
On 2026-02-27, VMware published security advisories for multiple Tanzu products, including Tanzu Greenplum, Greenplum Upgrade, Greenplum Backup and Restore, and Tanzu RabbitMQ on Kubernetes. The advisories identified fixed-version thresholds for several affected components.
Feb 23, 2026
Dell publishes multiple security advisories across product lines
Between 2026-02-23 and 2026-03-01, Dell released multiple advisories for vulnerabilities affecting products including PowerStore T Security, PowerEdge servers, and NVIDIA BlueField, ConnectX, and DOCA-related components. The advisories specified affected versions and directed customers to apply updates.
Feb 23, 2026
CISA issues multiple ICS security advisories
Between 2026-02-23 and 2026-03-01, CISA published several ICS advisories covering vulnerabilities in products such as EV charging platforms, industrial control software, building management systems, and IP cameras. The advisories identified affected vendors and versions and recommended mitigations and updates where available.
Feb 23, 2026
IBM publishes multiple product security advisories
Between 2026-02-23 and 2026-03-01, IBM published multiple security advisories affecting a broad range of products, including data platforms, middleware, automation, identity governance, storage management, and security monitoring offerings. The advisories provided remediation guidance and updates for affected systems.
Feb 23, 2026
Red Hat publishes multiple product security advisories
Between 2026-02-23 and 2026-03-01, Red Hat released security advisories covering vulnerabilities across multiple products, including the Linux kernel, Red Hat Enterprise Linux, and related variants. Users were advised to review the advisories and apply the relevant updates.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Organizations
Sources
5 more from sources like ca ccs
Related Stories
Canadian Cyber Centre Advisories Highlight Linux Kernel and Other Vendor Patch Updates
The Canadian Centre for Cyber Security issued multiple advisories urging organizations to apply vendor patches released between **February 16–22, 2026**, including updates addressing **Linux kernel vulnerabilities** impacting **Ubuntu** (16.04 LTS through 25.10) and **Red Hat** platforms (including *RHEL* and related offerings). The advisories emphasize routine but potentially high-impact exposure from unpatched kernel flaws across widely deployed enterprise and server environments, and direct administrators to review upstream vendor notices and deploy the corresponding updates. Separate Cyber Centre advisories also flagged patch requirements outside the Linux kernel: Microsoft released an update for **Microsoft Edge Stable** to remediate vulnerabilities in versions prior to `145.0.3800.70`, IBM published security advisories covering multiple products (including *Aspera Enterprise WebApps*, *Cloud Pak System*, *Storage Defender*, and others), and CISA issued ICS advisories for vulnerabilities across several industrial and IoT/OT products (including **Delta Electronics**, **GE Vernova**, **Honeywell CCTV**, **Siemens Simcenter**, and others) with recommended mitigations and updates where available. A Linux 7.0 release-candidate feature article is not a security advisory and does not materially relate to the patch/vulnerability notices in the other items.
1 months ago
Multiple Security Advisories for Enterprise and Industrial Products (Late October–Early November 2025)
Vendors including Hitachi Energy, Schneider Electric, ABB, Ubiquiti, Dell, IBM, Red Hat, Ubuntu, and Microsoft released security advisories between October 27 and November 3, 2025, addressing vulnerabilities across a wide range of enterprise, industrial, and cloud products. Notable advisories include CISA's ICS alerts for control systems, a critical flaw in ABB's PCM600 software (CVE-2018-1002208), a critical vulnerability in Ubiquiti's UniFi Access Application (CVE-2025-52665), and updates for Microsoft Edge, Red Hat Enterprise Linux, Ubuntu LTS versions, and multiple Dell and IBM products. Organizations are urged to review the advisories, apply recommended mitigations, and update affected systems to reduce exposure to exploitation. The advisories highlight vulnerabilities that could allow remote code execution, privilege escalation, or unauthorized access if left unpatched. The Canadian Centre for Cyber Security and CISA emphasize the importance of timely patching and mitigation, especially for products deployed in critical infrastructure and enterprise environments. Administrators should consult the official vendor advisories for detailed remediation steps and monitor for further updates as new vulnerabilities are disclosed and addressed.
1 months ago
March 2026 Vendor Security Advisories for Multiple Products
Multiple vendors and agencies published **security advisories** covering newly addressed vulnerabilities across enterprise, Linux, and industrial control system products. The advisories include an **HPE Telco Service Orchestrator** remote buffer overflow affecting versions prior to `4.2.12`, broad **Red Hat** and **Ubuntu** Linux kernel updates, and a large set of **Dell** and **IBM** product fixes spanning storage, networking, cloud, identity, and security platforms. **CISA ICS** advisories also highlighted weaknesses in products from **Siemens, Honeywell, Lantronix, Trane, Ceragon, Apeman,** and **Inductive Automation**, indicating continued exposure across operational technology environments. A related technical disclosure from the **Zero Day Initiative** described **CVE-2022-32250**, a Linux kernel `nf_tables` use-after-free flaw that can allow local privilege escalation to **root** after low-privileged code execution, and noted that Linux distributions have issued updates. That Linux kernel issue aligns with the broader kernel patching activity reflected in the Ubuntu and Red Hat notices, but the overall reporting is not a single incident or exploit campaign; it is a roundup of routine but substantive vulnerability disclosures and remediation guidance. This content is **not fluff** because it contains specific vulnerability information, affected products, and actionable patching intelligence.
1 months ago