Serial number:AV26-492
Date: May 20, 2026
Updated: May 22, 2026

On May 20, 2026, Drupal published a security advisory to address a critical vulnerability in the following product:

• Drupal Core – multiple versions

Update 1

Drupal has indicated that exploit attempts for CVE-2026-9082 are now being detected in the wild.

Update 2

On May 22, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-9082 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates or perform the suggested mitigations.

• Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
• Drupal Security Advisories
• CISA KEV: CVE-2026-9082

Serial number:AV26-501
Date:May 22, 2026

On May 22, 2026, F5 published a security advisory to address a critical vulnerability in the following products:

• NGINX Plus – multiple versions
• NGINX Open Source – multiple versions
• NGINX Instance Manager – versions 2.17.0 to 2.22.0
• F5 WAF for NGINX – versions 5.9.0 to 5.13.0
• NGINX App Protect WAF – multiple versions
• F5 DoS for NGINX – version 4.9.0
• NGINX App Protect DoS – versions 4.3.0 to 4.7.0
• NGINX Gateway Fabric – multiple versions
• NGINX Ingress Controller – multiple versions

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• K000161377: NGINX ngx_http_rewrite_module vulnerability CVE-2026-9256
• MyF5

Serial number:AV26-500
Date:May 22, 2026

On May 22, 2026, HPE published a security advisory to address vulnerabilities in the following product:

• HPE Telco Universal SLA Management – version 4.6 and prior.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• HPESBNW05058 rev.1 - HPE Telco Universal SLA Management, Multiple Vulnerabilities
• HPE Security Bulletin Library

Serial number:AV26-499
Date: May 22, 2026

On May 21, 2026, cPanel published security advisories to address vulnerabilities in the following products:

• cPanel & WebHost Manager (WHM) software – version 11.126.0.63 and later, version 11.134.0.30 and later, version 11.136.0.14 and later, WP Squared 11.138.1.1 and later
• EasyApache4 – versions prior to v25.62

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Security: CVE-2026-33278 cpanel-unbound 1.25.1 Security Release - May 21, 2026
• Security: EasyApache4 v25.62 Security Release - May 21, 2026
• cPanel Security

Serial number:AV26-498
Date: May 22, 2026

On May 21, 2026, Ubiquiti published a security advisory to address vulnerabilities in the following products. Included were critical updates for the following:

• Express – version 4.0.13 and prior
• UCG-Industrial – version 5.0.13 and prior
• UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, EFG, UDW, UDR, UDR7, Express 7, UNVR, UNVR-Pro, UNVR-Instant, ENVR, UCG-Ultra, UCG-Max and UCG-Fiber – version 5.0.16 and prior
• UDM-Beast, UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4 and UNAS-Pro-8 – version 5.1.8 and prior
• UDR-5G, ENVR-Core, UCKP, UCK and UCK-Enterprise – version 5.0.17 and prior
• UNVR-G2 and UNVR-G2-Pro – version 5.1.11 and prior
• UniFi OS Server – version 5.0.6 and prior

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Ubiquiti UniFi - Security Advisory Bulletin 064
• Ubiquiti UniFi Security Releases

Serial number:AV26-497
Date: May 22, 2026

On May 21, 2026, Microsoft published a security update to address vulnerabilities in the following product:

• Microsoft Edge Stable Channel – versions prior to 148.0.3967.83

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update.

• Microsoft Edge Stable Channel Release Notes