Bulletin d'actualité CERTFR-2026-ACT-013 (30 mars 2026)

Editeur	Produit	Identifiant CVE	CVSS (source)	Type de vulnérabilité	Date de publication	Exploitabilité (Preuve de concept publique)	Avis Cert-FR	Avis éditeur
strongSwan	strongSwan	CVE-2026-25075	8.7 (NVD)	Déni de service à distance	25/03/2026	Code d'exploitation public	CERTFR-2026-AVI-0344	https://www.strongswan.org//blog/2026/03/23/strongswan-vulnerability-(cve-2026-25075).html
Microsoft	azl3 strongswan	CVE-2026-25075	8.7 (NVD)	Déni de service à distance	25/03/2026	Code d'exploitation public	CERTFR-2026-AVI-0344	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25075
Mozilla	Thunderbird, Firefox ESR, Firefox	CVE-2026-4688	10 (NVD)	Contournement de la politique de sécurité	24/03/2026	Pas d'information	CERTFR-2026-AVI-0354	https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-23/
Mozilla	Thunderbird, Firefox ESR, Firefox	CVE-2026-4689	10 (NVD)	Contournement de la politique de sécurité	24/03/2026	Pas d'information	CERTFR-2026-AVI-0354	https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-21/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-23/
Mozilla	Thunderbird, Firefox ESR, Firefox	CVE-2026-4692	10 (NVD)	Contournement de la politique de sécurité	24/03/2026	Pas d'information	CERTFR-2026-AVI-0354	https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-21/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-23/
Mozilla	Thunderbird, Firefox	CVE-2026-4725	10 (NVD)	Contournement de la politique de sécurité	24/03/2026	Pas d'information	CERTFR-2026-AVI-0354	https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-23/
SUSE	SUSE Linux Micro Extras, SUSE Linux Micro	CVE-2026-23112	9.8 (NVD)	Non spécifié par l'éditeur	26/03/2026	Pas d'information	CERTFR-2026-AVI-0369	https://www.suse.com/support/update/announcement/2026/suse-su-20260962-1 https://www.suse.com/support/update/announcement/2026/suse-su-202620772-1 https://www.suse.com/support/update/announcement/2026/suse-su-202620819-1 https://www.suse.com/support/update/announcement/2026/suse-su-202620794-1 https://www.suse.com/support/update/announcement/2026/suse-su-20261081-1 https://www.suse.com/support/update/announcement/2026/suse-su-20261078-1
SUSE	SUSE Linux Enterprise High Performance Computing, SUSE Linux Enterprise Live Patching, SUSE Linux Enterprise Server	CVE-2026-25702	9.8 (NVD)	Contournement de la politique de sécurité	26/03/2026	Pas d'information	CERTFR-2026-AVI-0369	https://www.suse.com/support/update/announcement/2026/suse-su-20261078-1
Spring	Spring AI	CVE-2026-22738	9.8 (NVD)	Exécution de code arbitraire à distance	26/03/2026	Pas d'information	CERTFR-2026-AVI-0365	https://spring.io/security/cve-2026-22738
Mozilla	Thunderbird, Firefox ESR, Firefox	CVE-2026-4691	9.8 (NVD)	Non spécifié par l'éditeur	24/03/2026	Pas d'information	CERTFR-2026-AVI-0354	https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-21/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-23/
Mozilla	Thunderbird, Firefox ESR, Firefox	CVE-2026-4696	9.8 (NVD)	Non spécifié par l'éditeur	24/03/2026	Pas d'information	CERTFR-2026-AVI-0354	https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-21/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-23/
Mozilla	Thunderbird, Firefox ESR, Firefox	CVE-2026-4698	9.8 (NVD)	Non spécifié par l'éditeur	24/03/2026	Pas d'information	CERTFR-2026-AVI-0354	https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-21/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-23/
Mozilla	Thunderbird, Firefox ESR, Firefox	CVE-2026-4700	9.8 (NVD)	Contournement de la politique de sécurité	24/03/2026	Pas d'information	CERTFR-2026-AVI-0354	https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-23/
Mozilla	Thunderbird, Firefox ESR, Firefox	CVE-2026-4701	9.8 (NVD)	Non spécifié par l'éditeur	24/03/2026	Pas d'information	CERTFR-2026-AVI-0354	https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-23/
Mozilla	Thunderbird, Firefox ESR, Firefox	CVE-2026-4702	9.8 (NVD)	Non spécifié par l'éditeur	24/03/2026	Pas d'information	CERTFR-2026-AVI-0354	https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-23/
Mozilla	Thunderbird, Firefox ESR, Firefox	CVE-2026-4705	9.8 (NVD)	Non spécifié par l'éditeur	24/03/2026	Pas d'information	CERTFR-2026-AVI-0354	https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-23/
Mozilla	Thunderbird, Firefox ESR, Firefox	CVE-2026-4710	9.8 (NVD)	Non spécifié par l'éditeur	24/03/2026	Pas d'information	CERTFR-2026-AVI-0354	https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-23/
Mozilla	Thunderbird, Firefox ESR, Firefox	CVE-2026-4711	9.8 (NVD)	Non spécifié par l'éditeur	24/03/2026	Pas d'information	CERTFR-2026-AVI-0354	https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-23/
Mozilla	Thunderbird, Firefox ESR, Firefox	CVE-2026-4717	9.8 (NVD)	Élévation de privilèges	24/03/2026	Pas d'information	CERTFR-2026-AVI-0354	https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-23/
Mozilla	Thunderbird, Firefox ESR, Firefox	CVE-2026-4720	9.8 (NVD)	Exécution de code arbitraire à distance	24/03/2026	Pas d'information	CERTFR-2026-AVI-0354	https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-23/
Mozilla	Thunderbird, Firefox ESR, Firefox	CVE-2026-4721	9.8 (NVD)	Exécution de code arbitraire	24/03/2026	Pas d'information	CERTFR-2026-AVI-0354	https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-21/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-23/
Mozilla	Thunderbird, Firefox	CVE-2026-4723	9.8 (NVD)	Non spécifié par l'éditeur	24/03/2026	Pas d'information	CERTFR-2026-AVI-0354	https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-23/
Mozilla	Thunderbird, Firefox	CVE-2026-4729	9.8 (NVD)	Exécution de code arbitraire à distance	24/03/2026	Pas d'information	CERTFR-2026-AVI-0354	https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-23/
Apple	iPadOS, iOS	CVE-2026-28858	9.8 (NVD)	Déni de service à distance	24/03/2026	Pas d'information	CERTFR-2026-AVI-0355	https://support.apple.com/en-us/126792
Mozilla	Thunderbird, Firefox ESR, Firefox	CVE-2026-4687	9.6 (NVD)	Contournement de la politique de sécurité	24/03/2026	Pas d'information	CERTFR-2026-AVI-0354	https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-21/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-23/
Mozilla	Thunderbird, Firefox ESR, Firefox	CVE-2026-4690	9.6 (NVD)	Contournement de la politique de sécurité	24/03/2026	Pas d'information	CERTFR-2026-AVI-0354	https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-21/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-23/
IBM	QRadar Deployment Intelligence App, Cloud Pak, Sterling, Db2, Security QRadar EDR, QRadar Log Source Management App, QRadar Suite Software, QRadar Hub	CVE-2025-7783	9.4 (NVD)	Contournement de la politique de sécurité	24/03/2026	Pas d'information	CERTFR-2026-AVI-0372	https://www.ibm.com/support/pages/node/7267392
Apple	macOS, iPadOS, iOS, visionOS	CVE-2026-20688	9.3 (NVD)	Contournement de la politique de sécurité	24/03/2026	Pas d'information	CERTFR-2026-AVI-0355	https://support.apple.com/en-us/126792 https://support.apple.com/en-us/126794 https://support.apple.com/en-us/126795 https://support.apple.com/en-us/126796 https://support.apple.com/en-us/126799
Apple	macOS	CVE-2026-28827	9.3 (NVD)	Contournement de la politique de sécurité	24/03/2026	Pas d'information	CERTFR-2026-AVI-0355	https://support.apple.com/en-us/126794 https://support.apple.com/en-us/126795 https://support.apple.com/en-us/126796
Squid	Squid	CVE-2026-33526	9.2 (NVD)	Déni de service à distance	25/03/2026	Pas d'information	CERTFR-2026-AVI-0350	https://github.com/squid-cache/squid/security/advisories/GHSA-hpfx-h48q-gvwg
Traefik	Traefik	CVE-2026-33186	9.1 (NVD)	Contournement de la politique de sécurité	27/03/2026	Pas d'information	CERTFR-2026-AVI-0366	https://github.com/traefik/traefik/security/advisories/GHSA-46wh-3698-f2cx
Grafana Labs	Grafana	CVE-2026-27876	9.1 (NVD)	Exécution de code arbitraire à distance	26/03/2026	Pas d'information	CERTFR-2026-AVI-0359	https://grafana.com/blog/grafana-security-release-critical-and-high-severity-security-fixes-for-cve-2026-27876-and-cve-2026-27880/
Mozilla	Thunderbird, Firefox ESR, Firefox	CVE-2026-4715	9.1 (NVD)	Non spécifié par l'éditeur	24/03/2026	Pas d'information	CERTFR-2026-AVI-0354	https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-23/
Mozilla	Thunderbird, Firefox ESR, Firefox	CVE-2026-4716	9.1 (NVD)	Non spécifié par l'éditeur	24/03/2026	Pas d'information	CERTFR-2026-AVI-0354	https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-23/
Mozilla	Thunderbird, Firefox	CVE-2026-4724	9.1 (NVD)	Non spécifié par l'éditeur	24/03/2026	Pas d'information	CERTFR-2026-AVI-0354	https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-23/

Editeur	Produit	Identifiant CVE	CVSS	Type de vulnérabilité	Date de publication	Exploitabilité (Preuve de concept publique)	Avis éditeur
Aquasec	Setup-Trivy, Trivy Action, Trivy	CVE-2026-33634	9.4	Atteinte à la confidentialité des données	21/03/2026	Exploitée	https://github.com/aquasecurity/trivy/security/advisories/GHSA-69fq-xp46-6x23
Litellm	Litellm	CVE-2026-33634	9.4	Atteinte à la confidentialité des données	21/03/2026	Exploitée	https://docs.litellm.ai/blog/security-update-march-2026
Owncloud	OwnCloud Server	CVE-2026-33634	9.4	Atteinte à la confidentialité des données	21/03/2026	Exploitée	https://owncloud.com/security-advisories/security-notice-impact-of-cve-2026-33634-on-owncloud-build-infrastructure/
Langflow	Langflow	CVE-2026-33017	9.3	Exécution de code arbitraire à distance	16/03/2026	Exploitée	https://github.com/langflow-ai/langflow/security/advisories/GHSA-vwmf-pq79-vjvx
F5	Big-Ip Access Policy Manager	CVE-2025-53521	9.3	Atteinte à la confidentialité des données	15/10/2025	Exploitée	https://my.f5.com/manage/s/article/K000156741
Apple	iOS, visionOS, tvOS, watchOS, macOS, iPadOS, Safari	CVE-2025-14174	8.8	Contournement de la politique de sécurité	13/12/2025	Exploitée	https://support.apple.com/en-us/126353 https://support.apple.com/en-us/126352 https://support.apple.com/en-us/126351 https://support.apple.com/en-us/126346 https://support.apple.com/en-us/125892 https://support.apple.com/en-us/125891 https://support.apple.com/en-us/125890 https://support.apple.com/en-us/125889 https://support.apple.com/en-us/125886 https://support.apple.com/en-us/125885 https://support.apple.com/en-us/125884
Palo Alto Networks	Prisma Access Browser	CVE-2025-14174	8.8	Contournement de la politique de sécurité	13/12/2025	Exploitée	https://security.paloaltonetworks.com/PAN-SA-2026-0001
Apple	iOS, tvOS, watchOS, macOS, visionOS, Safari	CVE-2025-43529	8.8	Exécution de code arbitraire à distance	12/12/2025	Exploitée	https://support.apple.com/en-us/125884 https://support.apple.com/en-us/125885 https://support.apple.com/en-us/125886 https://support.apple.com/en-us/125889 https://support.apple.com/en-us/125890 https://support.apple.com/en-us/125891 https://support.apple.com/en-us/125892
Apple	iOS, visionOS, tvOS, watchOS, macOS, iPadOS, Safari	CVE-2025-31277	8.8	Exécution de code arbitraire à distance	30/07/2025	Exploitée	https://support.apple.com/en-us/124147 https://support.apple.com/en-us/124149 https://support.apple.com/en-us/124152 https://support.apple.com/en-us/124153 https://support.apple.com/en-us/124154 https://support.apple.com/en-us/124155
Apple	iOS, visionOS, tvOS, watchOS, macOS, iPadOS	CVE-2026-20700	7.8	Exécution de code arbitraire	11/02/2026	Exploitée	https://support.apple.com/en-us/126346 https://support.apple.com/en-us/126348 https://support.apple.com/en-us/126351 https://support.apple.com/en-us/126352 https://support.apple.com/en-us/126353
Apple	Iphone Os, Macos, Tvos, Ipados, Watchos, Visionos	CVE-2025-43510	7.8	Contournement de la politique de sécurité	03/11/2026	Exploitée	https://support.apple.com/en-us/125632 https://support.apple.com/en-us/125633 https://support.apple.com/en-us/125634 https://support.apple.com/en-us/125635 https://support.apple.com/en-us/125636 https://support.apple.com/en-us/125637 https://support.apple.com/en-us/125638 https://support.apple.com/en-us/125639
Apple	Iphone Os, Macos, Tvos, Ipados, Watchos, Visionos	CVE-2025-43520	7.1	Élévation de privilèges	03/11/2025	Exploitée	https://support.apple.com/en-us/125632 https://support.apple.com/en-us/125633 https://support.apple.com/en-us/125634 https://support.apple.com/en-us/125635 https://support.apple.com/en-us/125636 https://support.apple.com/en-us/125637 https://support.apple.com/en-us/125638 https://support.apple.com/en-us/125639
Cisco	Secure Firewall Management Center (FMC)	CVE-2026-20079	10	Contournement de la politique de sécurité	04/03/2026	Code d'exploitation public	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-fmc-authbypass-5JPp45V2
Dell	Wyse Management Suite	CVE-2026-22765	8.8	Élévation de privilèges	20/03/2026	Code d'exploitation public	https://www.dell.com/support/kbdoc/en-us/000429141/dsa-2026-103
Opnsense	Opnsense	CVE-2026-30868	8.1	Injection de requêtes illégitimes par rebond (CSRF), Contournement de la politique de sécurité	11/03/2026	Code d'exploitation public	https://github.com/opnsense/core/security/advisories/GHSA-pp58-2qpc-3j3f
Traefik	Traefik	CVE-2026-32305	7.8	Contournement de la politique de sécurité	20/03/2026	Code d'exploitation public	https://github.com/traefik/traefik/security/advisories/GHSA-wvvq-wgcr-9q48
Microsoft	Windows Server 2022, Windows 10 22H2, Windows 10 21H2, Windows 11 25H2, Windows 11 23H2, Windows Server 2022 23H2, Windows Server 2025, Windows 11 24H2	CVE-2026-20817	7.8	Contournement de la politique de sécurité	13/01/2026	Code d'exploitation public	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20817
Dell	Wyse Management Suite	CVE-2026-22766	7.2	Exécution de code arbitraire à distance	20/03/2026	Code d'exploitation public	https://www.dell.com/support/kbdoc/en-us/000429141/dsa-2026-103
Traefik	Traefik	CVE-2026-32595	6.3	Atteinte à la confidentialité des données	20/03/2026	Code d'exploitation public	https://github.com/traefik/traefik/security/advisories/GHSA-g3hg-j4jv-cwfr

WHAT ARE YOU LOOKING FOR?

Bulletin d'actualité CERTFR-2026-ACT-013 (30 mars 2026)

Follow us on

Most popular

Companies Respond to Log4Shell Vulnerability as Attacks Rise

Cybersecurity M&A Roundup: 37 Deals Announced in April 2022

RSA Conference 2021 - Summary of Vendor Announcements

Smoke and Mirrors – Hack-for-Hire Group Builds Fake Online Empire

Cybersecurity M&A Roundup: 43 Deals Announced in September 2021

Recent Salt Vulnerabilities Exploited to Hack LineageOS, Ghost, DigiCert Servers

Category

Popular Sections

About