Cyber Centre Daily Advisory Digest — 2026-03-18 (11 advisories)
The Canadian Centre for Cyber Security published a daily digest of 11 security advisories on March 18, 2026. The advisories highlight vulnerabilities across various enterprise, networking, and consumer products, including a critical remote pre-auth buffer overflow in GNU InetUtils telnetd, and urge administrators to apply necessary updates and mitigations.
Authors: Canadian Centre for Cyber Security
Key Takeaways
- The Canadian Centre for Cyber Security released 11 security advisories on March 18, 2026.
- A critical remote pre-auth buffer overflow vulnerability was identified in GNU InetUtils telnetd versions 2.7 and prior.
- Updates are required for major enterprise platforms including Atlassian, VMware Tanzu, Citrix XenServer, and ConnectWise ScreenConnect.
- Consumer and endpoint software updates were issued for Apple operating systems and Google Chrome.
Affected Systems
- Phoenix Contact FL SWITCH (2xxx, TSN 23xx, 59xx)
- Apple iOS, iPadOS, and macOS
- GNU InetUtils telnetd (version 2.7 and prior)
- Mitel CX and MiContact Center Business
- Atlassian Data Center and Server products (Bamboo, Bitbucket, Confluence, Crowd, Fisheye/Crucible, Jira)
- VMware Tanzu
- Citrix XenServer (version 8.4)
- Roundcube Webmail
- Jenkins (weekly, LTS, and LoadNinja Plugin)
- Google Chrome for Desktop
- ConnectWise ScreenConnect
Vulnerabilities (CVEs)
- CVE-2026-23554
Attack Chain
The provided text is a daily advisory digest and does not detail a specific attack chain. It lists vulnerabilities across multiple products that could potentially be exploited if left unpatched, such as a remote pre-auth buffer overflow in GNU InetUtils telnetd.
Detection Availability
- YARA Rules: No
- Sigma Rules: No
- Snort/Suricata Rules: No
- KQL Queries: No
- Splunk SPL Queries: No
- EQL Queries: No
- Other Detection Logic: No
No detection rules or queries are provided in the advisory digest.
Detection Engineering Assessment
EDR Visibility: None — The article is a patch digest and provides no details on EDR telemetry or specific attack behaviors. Network Visibility: None — No network signatures or traffic patterns are provided for the vulnerabilities mentioned. Detection Difficulty: Very Hard — No actionable detection indicators or behavioral patterns are provided in the digest to build detections upon.
Hunting Hypotheses
| Hypothesis | Telemetry | ATT&CK Stage | FP Risk |
|---|---|---|---|
| Look for unexpected child processes spawning from the telnetd daemon, which may indicate successful exploitation of the remote pre-auth buffer overflow vulnerability in GNU InetUtils. | Process execution logs (e.g., Event ID 4688 or Sysmon Event ID 1 / Linux auditd) | Execution | Low |
Recommendations
Immediate Mitigation
- Review the provided advisories and apply security updates to affected systems immediately, prioritizing critical vulnerabilities like the GNU InetUtils telnetd buffer overflow.
Infrastructure Hardening
- Ensure public-facing applications and services are patched to the latest versions.
- Disable unnecessary services such as telnetd if not actively required for business operations.
User Protection
- Update Apple devices (iOS, iPadOS, macOS) to the latest versions.
- Update Google Chrome to the latest stable channel release.
Security Awareness
- Establish a routine patch management process to handle daily security advisories from vendors and national cyber centers.
MITRE ATT&CK Mapping
- T1190 - Exploit Public-Facing Application
- T1203 - Exploitation for Client Execution