Skip to main content

Overview

Cisco has released an advisory for a critical vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services. This was caused by improper certificate validation. If successfully exploited an unauthenticated, remote attacker could have gained unauthorised access to legitimate Cisco Webex Services, meaning they could impersonate any user within the service.

  • CVE-2026-20184: Cisco Webex Services Certificate Validation Vulnerability (CVSSv3 9.8). Affected Versions: Cisco Webex Services that are configured to use trust anchors within the SSO integration with Control Hub.

 

SAP has released patches for multiple vulnerabilities. Due to insufficient authorisation checks in SAP Business Planning and Consolidation and SAP Business Warehouse, there have been significant effects on the system’s availability, confidentiality, and integrity. Due to missing authorisation checks in SAP ERP and SAP S/4HANA (Private Cloud and On-Premise) the intended functionality could become unavailable. Successful exploitation would affect availability, however, impact on integrity would be limited to the affected report, and confidentiality would remain unaffected.

  • CVE-2026-27681: Improper Neutralisation of Special Elements use in an SQL Command (CVSSv4 9.9). Affected Versions: HANABPC 810, BPC4HANA 300, SAP_BW 750, 752, 753, 754, 755, 756, 757, 758, 816.
  • CVE-2026-34256: Missing Authorisation Check in SAP ERP and SAP S/4 HANA (CVSSv3 7.1). Affected Versions: SAP_FIN 618, 720, 730, EA-FIN 617, 700, SAPSCORE 135, S4CORE 102, 103, 104, 105, 106, 107, 108, 109, EA-APPL 600, 602, 603, 604, 605, 606

 

Apache has released an advisory for a high-severity vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. This is due to improper input validation and code injection, which allows authenticated attackers to execute arbitrary code on the server via its management interface, potentially leading to full system compromise.

  • CVE-2026-34197: Improper Input Validation and Code Injection Vulnerability (CVSSv3 8.8). Affected Versions: before 5.19.4, from 6.0.0 before 6.2.3

Recommended Action 

Organisations are encouraged toreview theappropriate securityadvisory pages and apply the updates:    

Cisco - Cisco Webex Services Certificate Validation Vulnerability

SAP -SAP Security Patch Day - April 2026

Apache -  activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt

If youhaveany concerns, or have been affected by a cyber-related issue, report it to us bysubmittingaCyber Concerns Online Reporting Form. 

Topics

  • Advisory
  • Vulnerability
  • Exploit
  • Patches and Updates