Skip to main content

Overview

Google Chrome has published security fixes for an actively exploited use-after-free vulnerability found in the Dawn graphics engine used by Chrome’s rendering process. The vulnerability makes it possible for an attacker to potentially compromise an entire system. 

  • CVE-2026-5281: Use-After-Free in Dawn Graphics Engine (CVSSv3 8.8). Affected Versions: < 146.0.7680.177 

 

Cisco has released updates addressing two critical vulnerabilities. One of these flaws could allow an unauthenticated, remote attacker to bypass authentication and access the system as an administrator due a change password feature in the Cisco Integrated Management Controller (IMC). The other vulnerability found in Cisco Smart Software Manager On-Prem (SSM On-Prem) could enable an unauthenticated, remote attacker to run arbitrary commands on the underlying operating system of an impacted server. 

  • CVE-2026-20160: Cisco Smart Software Manager On-Prem Arbitrary Command Execution (CVSSv3 9.8). Affected Products: Cisco SSM On-Prem (all configurations) 
  • CVE-2026-20093: Cisco Integrated Management Controller Authentication Bypass Vulnerability (CVSSv3 9.8). 

Affected Products: All configurations 

    • 500 Series Enterprise Network Compute Systems (ENCS) 
    • Catalyst 8300 Series Edge uCPE 
    • UCS C-Series M5 and M6 Rack Servers in Standalone Mode 
    • UCS E-Series Servers M3 
    • UCS E-Series Servers M6 

 

Fortinet has released fixes for a critical vulnerability in FortiClient EMS. This flaw is the improper neutralisation of special components used in a SQL command (‘SQL Injection’) vulnerability, which has been seen to be exploited in the wild and may enable an unauthenticated attacker to execute unauthorised code or commands via specially constructed HTTP requests.  

  • CVE-2026-35616: API Authentication and Authorisation Bypass (CVSSv3 9.8). Affected Versions: FortiClientEMS 7.4.4 

 

Recommended Action 

Organisations are encouraged toreview theappropriate securityadvisory pages and apply the updates:   

Google Chrome -Chrome Releases: Stable Channel Update for Desktop 

Cisco -   Security Advisories 

Fortinet -   PSIRT | FortiGuard Labs 

If youhaveany concerns, or have been affected by a cyber-related issue, report it to us bysubmittingaCyber Concerns Online Reporting Form. 

Topics

  • Advisory
  • Vulnerability
  • Exploit
  • Patches and Updates