Skip to content
.ca
sign in
4 mincritical

Cyber Centre Daily Advisory Digest — 2026-05-07 (5 advisories)

The Canadian Centre for Cyber Security released a daily digest highlighting five security advisories. Notably, Ivanti Endpoint Manager Mobile (EPMM) contains an actively exploited vulnerability (CVE-2026-6973), and critical updates were issued for Spring Cloud Config, VM2 Node.js library, Mozilla Firefox, and multiple Broadcom VMware Tanzu products.

Sens:ImmediateConf:highAnalyzed:2026-05-07Google

Authors: Canadian Centre for Cyber Security

VulnerabilityNode.jsPatch ManagementTOCTOUIvanti EPMMFirefoxCVE-2026-6973Spring Cloudvm2

Source:Canadian Centre for Cyber Security

Detection / HunterGoogle

What Happened

The Canadian Centre for Cyber Security published a daily digest of five security advisories for various software products. Users of Ivanti Endpoint Manager Mobile, Spring Cloud Config, VM2 Node.js, Mozilla Firefox, and VMware Tanzu are affected. This is highly important because one of the vulnerabilities in Ivanti Endpoint Manager Mobile is already being actively exploited by attackers. Organizations should immediately review the advisories and apply the necessary software updates to protect their systems.

Key Takeaways

  • Ivanti Endpoint Manager Mobile (EPMM) has an actively exploited vulnerability (CVE-2026-6973).
  • Critical updates were released for Spring Cloud Config addressing secrets access, directory traversal, and TOCTOU attacks.
  • Critical vulnerabilities were patched in the VM2 Node.js sandboxing library prior to version 3.11.2.
  • Broadcom VMware released critical updates for multiple Tanzu products.
  • Mozilla released security updates for Firefox and Firefox ESR.

Affected Systems

  • Spring Cloud Config
  • VM2 Node.js library (< 3.11.2)
  • Mozilla Firefox (< 150.0.2)
  • Mozilla Firefox ESR (< 140.10.2, < 115.35.2)
  • VMware Tanzu Greenplum Command Center
  • VMware Tanzu Greenplum Data Copy Utility
  • VMware Tanzu for MySQL on Kubernetes
  • VMware Tanzu Greenplum Streaming Server
  • VMware Tanzu Greenplum Text
  • VMware Tanzu for Valkey on Kubernetes
  • Ivanti Endpoint Manager Mobile (EPMM) (< 12.6.1.1, < 12.7.0.1, < 12.8.0.1)

Vulnerabilities (CVEs)

  • CVE-2026-40981
  • CVE-2026-40982
  • CVE-2026-41002
  • CVE-2026-6973

Attack Chain

The advisory digest does not detail a specific attack chain, but notes that CVE-2026-6973 affecting Ivanti Endpoint Manager Mobile (EPMM) is currently being exploited in the wild. Other vulnerabilities involve directory traversal, Time-of-Check to Time-of-Use (TOCTOU) attacks, and unauthorized secrets access in Spring Cloud Config.

Detection Availability

  • YARA Rules: No
  • Sigma Rules: No
  • Snort/Suricata Rules: No
  • KQL Queries: No
  • Splunk SPL Queries: No
  • EQL Queries: No
  • Other Detection Logic: No

No specific detection rules or queries are provided in the advisory digest.

Detection Engineering Assessment

EDR Visibility: Low — The advisory focuses on software vulnerabilities and patching rather than post-exploitation EDR telemetry. Network Visibility: Medium — Exploitation of public-facing applications like Ivanti EPMM may be visible in network traffic or WAF logs. Detection Difficulty: Hard — No specific IOCs or exploitation patterns are provided, requiring defenders to rely on generic exploit detection or vendor-specific patch compliance.

Required Log Sources

  • Web Application Firewall (WAF) logs
  • Application logs (Ivanti EPMM, Spring Cloud)

Hunting Hypotheses

HypothesisTelemetryATT&CK StageFP Risk
Look for anomalous inbound network requests or error logs associated with Ivanti Endpoint Manager Mobile (EPMM) that may indicate exploitation attempts of CVE-2026-6973.WAF logs, Ivanti EPMM application logsInitial AccessMedium

Control Gaps

  • Lack of timely patching for public-facing infrastructure

Key Behavioral Indicators

  • Anomalous access to Spring Cloud Config server endpoints
  • Unexpected crashes or errors in Ivanti EPMM services

False Positive Assessment

  • Low

Recommendations

Immediate Mitigation

  • Apply updates for Ivanti Endpoint Manager Mobile (EPMM) immediately due to active exploitation of CVE-2026-6973.
  • Apply critical updates for Spring Cloud Config, VM2 Node.js, and VMware Tanzu products.

Infrastructure Hardening

  • Restrict access to management interfaces like Ivanti EPMM and VMware Tanzu Command Center to trusted IP addresses or VPNs.
  • Ensure Spring Cloud Config servers are properly authenticated and authorized.

User Protection

  • Update Mozilla Firefox and Firefox ESR to the latest versions across all endpoints.

Security Awareness

  • Ensure patch management processes prioritize actively exploited vulnerabilities and critical infrastructure components.

MITRE ATT&CK Mapping

  • T1190 - Exploit Public-Facing Application
  • T1552.001 - Credentials In Files

Related