Saturday, April 25, 2026

Today's Security Snapshot

Critical vulnerabilities, curated daily for security professionals

🎯 SSCV Profile

See how vulnerabilities affect your specific environment

CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework

Risk scores will be adjusted based on your selected environment

Today's Security Brief

Saturday's disclosures center on Azure IoT Central, Saltcorn, and Clerk identity platforms, with multiple critical flaws scoring 9.8 or higher across cloud and authentication infrastructure. The brief covers 19 critical CVEs (down 49% from yesterday) and 72 high-priority issues (down 21%). Notable critical entries include CVE-2026-21515 (CVSS 9.9) in Azure IoT Central, CVE-2026-41478 (CVSS 9.9) in Saltcorn, and CVE-2026-1949 (CVSS 9.8) in Delta Electronics AS320T industrial controllers. Remote code execution and authentication bypass dominate the attack patterns, with cloud services, ICS hardware, and developer authentication libraries all represented. Patches are not yet broadly available for today's disclosures, so defenders should rely on access controls and monitoring while vendor fixes propagate.

  • Azure IoT Central CVE-2026-21515 (CVSS 9.9) and Saltcorn CVE-2026-41478 (CVSS 9.9) lead today's critical disclosures
  • 19 critical CVEs disclosed, a 49% decrease from yesterday's 37
  • 72 high-priority CVEs disclosed, a 21% decrease from yesterday's 91
  • Remote code execution and authentication bypass affect Clerk identity, Delta Electronics ICS, and AWS Ops Wheel
  • 0% patch availability across today's critical set; mitigations and access restrictions are the near-term control
  • 19 actively exploited entries span Microsoft Office, SharePoint, Adobe Acrobat, Apache ActiveMQ, and SimpleHelp

Immediate action: Prioritize Azure IoT Central, Saltcorn, Clerk, and Delta Electronics AS320T deployments for immediate review, and isolate exposed instances pending vendor fixes. With no patches yet available for today's critical CVEs, apply network segmentation, restrict management interfaces, and monitor for exploitation indicators on Microsoft, Adobe, and SimpleHelp products listed in the actively exploited set.

πŸ’‘ Tip: Swipe CVE cards left to ⭐ star, right to ❌ remove

Section Navigation