Adobe Acrobat 遠端執行程式碼漏洞

發佈日期: 2026年04月13日

風險: 高度風險

類型: 用戶端 - 辦公室應用

於 Adobe Acrobat 發現一個漏洞。遠端攻擊者可利用這個漏洞於目標系統觸發遠端執行任意程式碼。 

 

注意：

CVE‑2026‑34621 正在被廣泛利用。其受「物件原型屬性控制不當的修改」（“原型污染”）漏洞的影響。成功利用該漏洞可能導致在當前使用者權限下執行任意程式碼。該漏洞的利用需要用戶互動，即受害者必須打開惡意文件。因此，該漏洞的風險等級被評為高度風險。

---

影響

• 遠端執行程式碼

---

受影響之系統或技術

• Acrobat DC 26.001.21367 及以前版本
• Acrobat Reader DC 26.001.21367 及以前版本
• Acrobat 2024 24.001.30356 及以前版本

---

解決方案

在安裝軟體之前，請先瀏覽軟體供應商之網站，以獲得更多詳細資料。

 

更新至:

• Acrobat DC: 26.001.21411 及之後版本

• Acrobat Reader DC: 26.001.21411 及之後版本

• Acrobat 2024 (for macOS): 24.001.30360 及之後版本

• Acrobat 2024 (for Windows): 24.001.30362 及之後版本

---

漏洞識別碼

• CVE-2026-34621

---

資料來源

• Adobe

---

相關連結

• https://helpx.adobe.com/security/products/acrobat/apsb26-43.html

Adobe Acrobat Remote Code Execution Vulnerability

Release Date: 13 Apr 2026

RISK: High Risk

TYPE: Clients - Productivity Products

A vulnerability was identified in Adobe Acrobat. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.

 

Note:

CVE-2026-34621 is being exploited in the wild. It was affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Hence, the risk level is rated as High Risk.

---

Impact

• Remote Code Execution

---

System / Technologies affected

• Acrobat DC: version 26.001.21367 and earlier

• Acrobat Reader DC: version 26.001.21367 and earlier

• Acrobat 2024: version 24.001.30356 and earlier

---

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

 

Update to:

• Acrobat DC: version 26.001.21411 or later

• Acrobat Reader DC: version 26.001.21411 or later

• Acrobat 2024 (for macOS): version 24.001.30360 or later

• Acrobat 2024 (for Windows): version 24.001.30362 or later

---

Vulnerability Identifier

• CVE-2026-34621

---

Source

• Adobe

---

Related Link

• https://helpx.adobe.com/security/products/acrobat/apsb26-43.html

Microsoft Edge 多個漏洞

發佈日期: 2026年04月13日

風險: 高度風險

類型: 用戶端 - 瀏覽器

於 Microsoft Edge 發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發遠端執行任意程式碼、阻斷服務狀況、繞過保安限制、資料篡改、洩露敏感資料及彷冒。

 

注意：

CVE-2026-5281 正在被廣泛利用。該漏洞允許已經入侵渲染程序的遠端攻擊者，透過精心製作的 HTML 網頁觸發遠端執行任意程式碼。因此，該漏洞的風險等級被評為高度風險。

---

影響

• 遠端執行程式碼
• 阻斷服務
• 資料洩露
• 繞過保安限制
• 篡改
• 仿冒

---

受影響之系統或技術

• Microsoft Edge 147.0.3912.60 之前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

安裝軟件供應商提供的修補程式：

• 更新至 147.0.3912.60 或之後版本

---

漏洞識別碼

• CVE-2026-33118
• CVE-2026-33119
• CVE-2026-5272
• CVE-2026-5273
• CVE-2026-5274
• CVE-2026-5275
• CVE-2026-5276
• CVE-2026-5277
• CVE-2026-5279
• CVE-2026-5280
• CVE-2026-5281
• CVE-2026-5283
• CVE-2026-5284
• CVE-2026-5285
• CVE-2026-5286
• CVE-2026-5287
• CVE-2026-5289
• CVE-2026-5290
• CVE-2026-5291
• CVE-2026-5292
• CVE-2026-5858
• CVE-2026-5859
• CVE-2026-5860
• CVE-2026-5861
• CVE-2026-5862
• CVE-2026-5863
• CVE-2026-5864
• CVE-2026-5865
• CVE-2026-5866
• CVE-2026-5867
• CVE-2026-5868
• CVE-2026-5869
• CVE-2026-5870
• CVE-2026-5871
• CVE-2026-5872
• CVE-2026-5873
• CVE-2026-5874
• CVE-2026-5875
• CVE-2026-5876
• CVE-2026-5877
• CVE-2026-5878
• CVE-2026-5879
• CVE-2026-5880
• CVE-2026-5881
• CVE-2026-5882
• CVE-2026-5883
• CVE-2026-5884
• CVE-2026-5885
• CVE-2026-5886
• CVE-2026-5887
• CVE-2026-5888
• CVE-2026-5889
• CVE-2026-5890
• CVE-2026-5891
• CVE-2026-5892
• CVE-2026-5893
• CVE-2026-5894
• CVE-2026-5895
• CVE-2026-5896
• CVE-2026-5897
• CVE-2026-5898
• CVE-2026-5899
• CVE-2026-5900
• CVE-2026-5901
• CVE-2026-5902
• CVE-2026-5903
• CVE-2026-5904
• CVE-2026-5905
• CVE-2026-5906
• CVE-2026-5907
• CVE-2026-5908
• CVE-2026-5909
• CVE-2026-5910
• CVE-2026-5911
• CVE-2026-5912
• CVE-2026-5913
• CVE-2026-5914
• CVE-2026-5915
• CVE-2026-5918
• CVE-2026-5919

---

資料來源

• Microsoft Edge

---

相關連結

• https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#april-10-2026
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33118
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33119
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5272
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5273
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5274
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5275
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5276
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5277
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5279
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5280
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5281
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5283
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5284
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5285
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5286
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5287
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5289
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5290
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5291
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5292
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5858
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5859
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5860
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5861
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5862
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5863
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5864
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5865
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5866
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5867
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5868
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5869
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5870
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5871
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5872
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5873
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5874
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5875
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5876
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5877
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5878
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5879
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5880
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5881
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5882
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5883
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5884
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5885
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5886
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5887
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5888
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5889
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5890
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5891
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5892
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5893
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5894
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5895
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5896
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5897
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5898
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5899
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5900
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5901
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5902
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5903
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5904
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5905
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5906
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5907
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5908
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5909
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5910
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5911
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5912
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5913
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5914
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5915
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5918
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5919

Microsoft Edge Multiple Vulnerabilities

Release Date: 13 Apr 2026

RISK: High Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, denial of service condition, security restriction bypass, data manipulation, sensitive information disclosure and spoofing on the targeted system.

 

Note:

CVE-2026-5281 is being exploited in the wild.  The vulnerability allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. Hence, the risk level is rated as High Risk.

---

Impact

• Remote Code Execution
• Denial of Service
• Information Disclosure
• Security Restriction Bypass
• Data Manipulation
• Spoofing

---

System / Technologies affected

• Microsoft Edge version prior to 147.0.3912.60

---

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

• Update to version 147.0.3912.60 or later

---

Vulnerability Identifier

• CVE-2026-33118
• CVE-2026-33119
• CVE-2026-5272
• CVE-2026-5273
• CVE-2026-5274
• CVE-2026-5275
• CVE-2026-5276
• CVE-2026-5277
• CVE-2026-5279
• CVE-2026-5280
• CVE-2026-5281
• CVE-2026-5283
• CVE-2026-5284
• CVE-2026-5285
• CVE-2026-5286
• CVE-2026-5287
• CVE-2026-5289
• CVE-2026-5290
• CVE-2026-5291
• CVE-2026-5292
• CVE-2026-5858
• CVE-2026-5859
• CVE-2026-5860
• CVE-2026-5861
• CVE-2026-5862
• CVE-2026-5863
• CVE-2026-5864
• CVE-2026-5865
• CVE-2026-5866
• CVE-2026-5867
• CVE-2026-5868
• CVE-2026-5869
• CVE-2026-5870
• CVE-2026-5871
• CVE-2026-5872
• CVE-2026-5873
• CVE-2026-5874
• CVE-2026-5875
• CVE-2026-5876
• CVE-2026-5877
• CVE-2026-5878
• CVE-2026-5879
• CVE-2026-5880
• CVE-2026-5881
• CVE-2026-5882
• CVE-2026-5883
• CVE-2026-5884
• CVE-2026-5885
• CVE-2026-5886
• CVE-2026-5887
• CVE-2026-5888
• CVE-2026-5889
• CVE-2026-5890
• CVE-2026-5891
• CVE-2026-5892
• CVE-2026-5893
• CVE-2026-5894
• CVE-2026-5895
• CVE-2026-5896
• CVE-2026-5897
• CVE-2026-5898
• CVE-2026-5899
• CVE-2026-5900
• CVE-2026-5901
• CVE-2026-5902
• CVE-2026-5903
• CVE-2026-5904
• CVE-2026-5905
• CVE-2026-5906
• CVE-2026-5907
• CVE-2026-5908
• CVE-2026-5909
• CVE-2026-5910
• CVE-2026-5911
• CVE-2026-5912
• CVE-2026-5913
• CVE-2026-5914
• CVE-2026-5915
• CVE-2026-5918
• CVE-2026-5919

---

Source

• Microsoft Edge

---

Related Link

• https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#april-10-2026
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33118
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33119
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5272
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5273
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5274
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5275
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5276
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5277
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5279
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5280
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5281
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5283
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5284
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5285
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5286
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5287
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5289
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5290
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5291
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5292
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5858
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5859
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5860
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5861
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5862
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5863
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5864
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5865
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5866
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5867
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5868
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5869
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5870
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5871
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5872
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5873
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5874
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5875
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5876
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5877
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5878
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5879
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5880
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5881
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5882
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5883
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5884
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5885
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5886
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5887
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5888
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5889
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5890
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5891
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5892
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5893
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5894
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5895
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5896
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5897
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5898
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5899
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5900
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5901
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5902
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5903
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5904
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5905
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5906
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5907
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5908
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5909
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5910
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5911
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5912
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5913
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5914
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5915
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5918
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5919

GitLab 多個漏洞

發佈日期: 2026年04月10日

風險: 中度風險

類型: 伺服器 - 其他伺服器

於 GitLab 發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發阻斷服務狀況、洩露敏感資料、跨網站指令碼、資料篡改及繞過保安限制。

---

影響

• 阻斷服務
• 繞過保安限制
• 跨網站指令碼
• 篡改
• 資料洩露

---

受影響之系統或技術

• GitLab Community Edition (CE) 18.10.3, 18.9.5, 18.8.9 以前的版本
• GitLab Enterprise Edition (EE) 18.10.3, 18.9.5, 18.8.9 以前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

• https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/

---

漏洞識別碼

• CVE-2025-9484
• CVE-2025-12664
• CVE-2026-1092
• CVE-2026-1101
• CVE-2026-1403
• CVE-2026-1516
• CVE-2026-1752
• CVE-2026-2104
• CVE-2026-2619
• CVE-2026-4332
• CVE-2026-4916
• CVE-2026-5173

---

資料來源

• GitLab

---

相關連結

• https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/

GitLab Multiple Vulnerabilities

Release Date: 10 Apr 2026

RISK: Medium Risk

TYPE: Servers - Other Servers

Multiple vulnerabilities were identified in GitLab. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, sensitive information disclosure, cross-site scripting, data manipulation and security restriction bypass on the targeted system.

---

Impact

• Denial of Service
• Security Restriction Bypass
• Cross-Site Scripting
• Data Manipulation
• Information Disclosure

---

System / Technologies affected

• GitLab Community Edition (CE) versions prior to 18.10.3, 18.9.5, 18.8.9
• GitLab Enterprise Edition (EE) versions prior to 18.10.3, 18.9.5, 18.8.9

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/

---

Vulnerability Identifier

• CVE-2025-9484
• CVE-2025-12664
• CVE-2026-1092
• CVE-2026-1101
• CVE-2026-1403
• CVE-2026-1516
• CVE-2026-1752
• CVE-2026-2104
• CVE-2026-2619
• CVE-2026-4332
• CVE-2026-4916
• CVE-2026-5173

---

Source

• GitLab

---

Related Link

• https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/

F5 產品阻斷服務漏洞

發佈日期: 2026年04月10日

風險: 高度風險

類型: 操作系統 - Network

於 F5 產品發現一個漏洞。遠端攻擊者可利用這漏洞，於目標系統觸發阻斷服務狀況及洩露敏感資料。

 

注意：

受影響之系統或技術暫無可修補 CVE-2025-54410 的修補程式或臨時處理方法。因此，風險等級評為高度風險。

 

---

影響

• 阻斷服務
• 資料洩露

---

受影響之系統或技術

BIG-IP Next SPK

 

• 2.0.0 - 2.0.3
• 1.7.0 - 1.9.2

 

BIG-IP Next CNF

 

• 2.0.0 - 2.2.1
• 1.1.0 - 1.4.1

 

BIG-IP Next for Kubernetes

 

• 2.0.0 - 2.2.1

 

---

解決方案

• 到目前為此，也沒有相關漏洞的修補程式

---

漏洞識別碼

• CVE-2025-54410

---

資料來源

• F5

---

相關連結

https://my.f5.com/manage/s/article/K000160663

F5 Products Denial of Service Vulnerability

Release Date: 10 Apr 2026

RISK: High Risk

TYPE: Operating Systems - Networks OS

A vulnerability was identified in F5 Products. A remote attacker could exploit this vulnerability to trigger denial of service condition and sensitive information disclosure on the targeted system.

 

Note:

No patch or mitigation is currently available for CVE-2025-54410 of the affected products. Hence, the risk level is rated as High Risk.

---

Impact

• Denial of Service
• Information Disclosure

---

System / Technologies affected

BIG-IP Next SPK

 

• 2.0.0 - 2.0.3
• 1.7.0 - 1.9.2

 

BIG-IP Next CNF

 

• 2.0.0 - 2.2.1
• 1.1.0 - 1.4.1

 

BIG-IP Next for Kubernetes

 

• 2.0.0 - 2.2.1

 

---

Solutions

• No solution was available at the time of this vulnerability

---

Vulnerability Identifier

• CVE-2025-54410

---

Source

• F5

---

Related Link

https://my.f5.com/manage/s/article/K000160663

Juniper Junos OS 多個漏洞

發佈日期: 2026年04月10日

風險: 中度風險

類型: 操作系統 - Network

於 Juniper Junos OS 發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發彷冒、資料篡改、遠端執行程式碼、阻斷服務狀況、洩露敏感資料、權限提升及繞過保安限制。

---

影響

• 阻斷服務
• 資料洩露
• 繞過保安限制
• 權限提升
• 遠端執行程式碼
• 仿冒
• 篡改

---

受影響之系統或技術

• Junos OS
• Junos OS Evolved

詳情請參閱以下連結﹕

https://supportportal.juniper.net/s/global-search/%40uri#sortCriteria=date%20descending&f-sf_articletype=Security%20Advisories&numberOfResults=25

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

請參閱 2026-04 安全公告。

• https://supportportal.juniper.net/s/global-search/%40uri#sortCriteria=date%20descending&f-sf_articletype=Security%20Advisories&numberOfResults=25

---

漏洞識別碼

• CVE-2022-24805
• CVE-2025-13914
• CVE-2025-30650
• CVE-2025-30657
• CVE-2025-59969
• CVE-2026-21916
• CVE-2026-21919
• CVE-2026-33771
• CVE-2026-33773
• CVE-2026-33774
• CVE-2026-33775
• CVE-2026-33776
• CVE-2026-33778
• CVE-2026-33779
• CVE-2026-33780
• CVE-2026-33781
• CVE-2026-33782
• CVE-2026-33783
• CVE-2026-33784
• CVE-2026-33785
• CVE-2026-33786
• CVE-2026-33787
• CVE-2026-33788
• CVE-2026-33790
• CVE-2026-33791
• CVE-2026-33793
• CVE-2026-33797

---

資料來源

• Juniper Network

---

相關連結

• https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-Processing-of-a-specific-BGP-update-causes-the-SRRD-process-to-crash-CVE-2025-30657
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Apstra-SSH-host-key-validation-vulnerability-for-managed-devices-CVE-2025-13914
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-Privileged-local-user-can-gain-access-to-a-Linux-based-FPC-as-root-CVE-2025-30650
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-Evolved-QFX5000-Series-and-PTX-Series-An-attacker-sending-crafted-multicast-packets-will-cause-evo-aftmand-evo-pfemand-to-crash-and-restart-CVE-2025-59969
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-CTP-OS-Configuring-password-requirements-does-not-work-which-permits-the-use-of-weak-passwords-CVE-2026-33771
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-EX-Series-QFX-Series-If-the-same-egress-filter-is-configured-on-both-an-IRB-and-a-physical-interface-one-of-those-is-not-applied-CVE-2026-33773
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-MX-Series-Firewall-filters-on-lo0-non-0-in-the-default-routing-instance-are-not-in-effect-CVE-2026-33774
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-MX-Series-Mismatch-between-configured-and-received-packet-types-causes-memory-leak-in-bbe-smgd-CVE-2026-33775
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Specific-low-privileged-CLI-command-exposes-sensitive-information-CVE-2026-33776
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX-Series-MX-Series-When-a-specifically-malformed-first-ISAKMP-packet-is-received-kmd-iked-crashes-CVE-2026-33778
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX-Series-Insufficient-certificate-verification-for-device-to-SD-cloud-communication-CVE-2026-33779
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-an-EVPN-MPLS-scenario-churn-of-ESI-routes-causes-a-memory-leak-in-l2ald-CVE-2026-33780
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-EX-Series-QFX-Series-In-a-VXLAN-scenario-when-specific-control-protocol-packets-are-received-memory-leaks-and-eventually-no-traffic-is-passed-CVE-2026-33781
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-MX-Series-In-specific-DHCPv6-scenarios-jdhcpd-memory-increases-continuously-with-subscriber-logouts-CVE-2026-33782
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-Evolved-PTX-Series-If-SRTE-tunnels-provisioned-via-PCEP-are-present-and-specific-gRPC-queries-are-received-evo-aftman-crashes-CVE-2026-33783
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-vLWC-Default-password-is-not-required-to-be-changed-which-allows-unauthorized-high-privileged-access-CVE-2026-33784
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-MX-Series-Missing-Authorization-for-specific-request-CLI-commands-in-a-JDM-CSDS-scenario-CVE-2026-33785
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX1600-SRX2300-SRX4300-When-a-specific-show-command-is-executed-chassisd-crashes-CVE-2026-33786
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX1500-SRX4100-SRX4200-SRX4600-When-a-specific-show-command-is-executed-chassisd-crashes-CVE-2026-33787
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-Evolved-Local-authenticated-attackers-can-gain-access-to-FPCs-CVE-2026-33788
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX-Series-In-a-NAT64-configuration-receipt-of-a-specific-malformed-ICMPv6-packet-will-cause-the-srxpfe-process-to-crash-and-restart-CVE-2026-33790
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Execution-of-crafted-CLI-commands-allows-for-arbitrary-shell-injection-as-root-CVE-2026-33791
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-an-unsigned-Python-op-script-configuration-is-present-a-local-low-privileged-user-can-compromise-the-system-CVE-2026-33793
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-attacker-sending-a-specific-genuine-BGP-packet-causes-a-BGP-reset-CVE-2026-33797
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-CVE-2022-24805-resolved-in-net-SNMP
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-high-frequency-of-connecting-and-disconnecting-netconf-sessions-causes-management-unavailability-CVE-2026-21919
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-A-low-privileged-user-can-escalate-their-privileges-so-that-they-can-login-as-root-CVE-2026-21916

Juniper Junos OS Multiple Vulnerabilities

Release Date: 10 Apr 2026

RISK: Medium Risk

TYPE: Operating Systems - Networks OS

Multiple vulnerabilities were identified in Juniper Junos OS. A remote attacker could exploit some of these vulnerabilities to trigger spoofing, data manipulation, remote code execution, denial of service condition, sensitive information disclosure, elevation of privilege and security restriction bypass on the targeted system.

---

Impact

• Denial of Service
• Information Disclosure
• Security Restriction Bypass
• Elevation of Privilege
• Remote Code Execution
• Spoofing
• Data Manipulation

---

System / Technologies affected

• Junos OS
• Junos OS Evolved

Please refer to the link below for detail:

https://supportportal.juniper.net/s/global-search/%40uri#sortCriteria=date%20descending&f-sf_articletype=Security%20Advisories&numberOfResults=25

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Please refer to 2026-04 Security Bulletin.

• https://supportportal.juniper.net/s/global-search/%40uri#sortCriteria=date%20descending&f-sf_articletype=Security%20Advisories&numberOfResults=25

---

Vulnerability Identifier

• CVE-2022-24805
• CVE-2025-13914
• CVE-2025-30650
• CVE-2025-30657
• CVE-2025-59969
• CVE-2026-21916
• CVE-2026-21919
• CVE-2026-33771
• CVE-2026-33773
• CVE-2026-33774
• CVE-2026-33775
• CVE-2026-33776
• CVE-2026-33778
• CVE-2026-33779
• CVE-2026-33780
• CVE-2026-33781
• CVE-2026-33782
• CVE-2026-33783
• CVE-2026-33784
• CVE-2026-33785
• CVE-2026-33786
• CVE-2026-33787
• CVE-2026-33788
• CVE-2026-33790
• CVE-2026-33791
• CVE-2026-33793
• CVE-2026-33797

---

Source

• Juniper Network

---

Related Link

• https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-Processing-of-a-specific-BGP-update-causes-the-SRRD-process-to-crash-CVE-2025-30657
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Apstra-SSH-host-key-validation-vulnerability-for-managed-devices-CVE-2025-13914
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-Privileged-local-user-can-gain-access-to-a-Linux-based-FPC-as-root-CVE-2025-30650
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-Evolved-QFX5000-Series-and-PTX-Series-An-attacker-sending-crafted-multicast-packets-will-cause-evo-aftmand-evo-pfemand-to-crash-and-restart-CVE-2025-59969
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-CTP-OS-Configuring-password-requirements-does-not-work-which-permits-the-use-of-weak-passwords-CVE-2026-33771
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-EX-Series-QFX-Series-If-the-same-egress-filter-is-configured-on-both-an-IRB-and-a-physical-interface-one-of-those-is-not-applied-CVE-2026-33773
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-MX-Series-Firewall-filters-on-lo0-non-0-in-the-default-routing-instance-are-not-in-effect-CVE-2026-33774
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-MX-Series-Mismatch-between-configured-and-received-packet-types-causes-memory-leak-in-bbe-smgd-CVE-2026-33775
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Specific-low-privileged-CLI-command-exposes-sensitive-information-CVE-2026-33776
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX-Series-MX-Series-When-a-specifically-malformed-first-ISAKMP-packet-is-received-kmd-iked-crashes-CVE-2026-33778
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX-Series-Insufficient-certificate-verification-for-device-to-SD-cloud-communication-CVE-2026-33779
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-an-EVPN-MPLS-scenario-churn-of-ESI-routes-causes-a-memory-leak-in-l2ald-CVE-2026-33780
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-EX-Series-QFX-Series-In-a-VXLAN-scenario-when-specific-control-protocol-packets-are-received-memory-leaks-and-eventually-no-traffic-is-passed-CVE-2026-33781
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-MX-Series-In-specific-DHCPv6-scenarios-jdhcpd-memory-increases-continuously-with-subscriber-logouts-CVE-2026-33782
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-Evolved-PTX-Series-If-SRTE-tunnels-provisioned-via-PCEP-are-present-and-specific-gRPC-queries-are-received-evo-aftman-crashes-CVE-2026-33783
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-vLWC-Default-password-is-not-required-to-be-changed-which-allows-unauthorized-high-privileged-access-CVE-2026-33784
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-MX-Series-Missing-Authorization-for-specific-request-CLI-commands-in-a-JDM-CSDS-scenario-CVE-2026-33785
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX1600-SRX2300-SRX4300-When-a-specific-show-command-is-executed-chassisd-crashes-CVE-2026-33786
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX1500-SRX4100-SRX4200-SRX4600-When-a-specific-show-command-is-executed-chassisd-crashes-CVE-2026-33787
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-Evolved-Local-authenticated-attackers-can-gain-access-to-FPCs-CVE-2026-33788
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX-Series-In-a-NAT64-configuration-receipt-of-a-specific-malformed-ICMPv6-packet-will-cause-the-srxpfe-process-to-crash-and-restart-CVE-2026-33790
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Execution-of-crafted-CLI-commands-allows-for-arbitrary-shell-injection-as-root-CVE-2026-33791
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-an-unsigned-Python-op-script-configuration-is-present-a-local-low-privileged-user-can-compromise-the-system-CVE-2026-33793
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-attacker-sending-a-specific-genuine-BGP-packet-causes-a-BGP-reset-CVE-2026-33797
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-CVE-2022-24805-resolved-in-net-SNMP
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-high-frequency-of-connecting-and-disconnecting-netconf-sessions-causes-management-unavailability-CVE-2026-21919
• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-A-low-privileged-user-can-escalate-their-privileges-so-that-they-can-login-as-root-CVE-2026-21916