(TLP CLEAR) Weekly Vulnerabilities to Prioritize – April 2, 2026

Author: Chase Snow

Created: Thursday, April 2, 2026 - 15:03

Categories: Contamination, Security Preparedness

The below vulnerabilities have been identified by WaterISAC analysts as important for water and wastewater utilities to prioritize in their vulnerability management efforts. WaterISAC shares critical vulnerabilities that affect widely used products and may be under active exploitation. WaterISAC draws additional awareness in alerts and advisories when vulnerabilities are confirmed to be impacting, or have a high likelihood of impacting, water and wastewater utilities. Members are encouraged to regularly review these vulnerabilities, many of which are often included in CISA’s Known Exploited Vulnerabilities (KEV) Catalog.

F5 BIG-IP Remote Code Execution Vulnerability
CVSS 3.1: 9.8
CVEs: CVE-2025-53521
Description: See WaterISAC’s notification regarding this vulnerability. When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. CISA has added these vulnerabilities to its KEV catalog.
Original Source: https://my.f5.com/manage/s/article/K000156741

Google Dawn Use-After-Free Vulnerability
CVSS 3.1: 8.8
CVE: CVE-2026-5281
Description: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High). CISA has added this vulnerability to its KEV catalog.
Source: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html

Windows HTTP.sys Elevation of Privilege Vulnerability
CVSS v3.1: 7.5
CVE: CVE-2026-20929
Description: Improper access control in Windows HTTP.sys allows an authorized attacker to elevate privileges over a network. CrowdStrike detailed how CVE-2026-20929 allows Kerberos relay through DNS CNAME abuse and warned that attackers can relay authentication to Active Directory Certificate Services to enroll certificates for user accounts and maintain durable access. The company said this path is particularly dangerous because it can work even in environments that have already disabled NTLM, shifting risk into certificate-based persistence rather than traditional password theft.
Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20929

TrueConf Client Download of Code Without Integrity Check Vulnerability
CVSS v3.1: 7.8
CVE: CVE-2026-3502
Description: TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user. CISA added this vulnerability to its KEV catalog.
Source: https://trueconf.com/blog/update/trueconf-8-5

Citrix NetScaler Out-of-Bounds Read Vulnerability
CVSS v4.0: 9.3
CVE: CVE-2026-3055
Description: Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread. CISA has added this vulnerability to its KEV catalog.Source:https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300