Cyber Centre Daily Advisory Digest — 2026-05-27 (8 advisories)

What Happened

On May 27, 2026, the Canadian Centre for Cyber Security released a digest of eight security advisories affecting widely used software. Organizations using products from Microsoft, GitHub, Google, GitLab, Jenkins, Veeam, Phoenix Contact, and Hitachi are affected. These advisories highlight newly discovered vulnerabilities, including a critical flaw in Microsoft SharePoint, that could allow attackers to compromise systems. Administrators should review the specific advisories and apply the recommended software updates immediately to secure their environments.

Key Takeaways

• The Canadian Centre for Cyber Security released 8 security advisories on May 27, 2026.
• Microsoft issued an out-of-band update for a previously omitted SharePoint Remote Code Execution vulnerability (CVE-2026-45659).
• GitHub Enterprise Server customers must rotate to a new public key to install future patches and releases.
• Critical updates are available for major platforms including Google Chrome, GitLab, Jenkins, Veeam, and Hitachi.

Affected Systems

• Hitachi products (Cosminexus, Automation Director, Ops Center, etc.)
• GitHub Enterprise Server (3.16.x to 3.20.x)
• Microsoft products (including SharePoint Enterprise Server 2019, SharePoint Server 2016, and Subscription Edition)
• Veeam Backup & Replication, Veeam ONE, Veeam Service Provider Console
• Phoenix Contact control systems (AXC F, BCP 9102S, EPC 1522, RFC 4072R/S, VL3 UPC 2440 EDGE, VPLCNEXT CONTROL)
• Jenkins plugins
• GitLab Community Edition (CE) and Enterprise Edition (EE)
• Google Chrome for Desktop (Windows, Mac, Linux)

Vulnerabilities (CVEs)

• CVE-2026-45659

Attack Chain

This report is a compilation of security advisories and does not detail a specific attack chain. The advisories cover various vulnerabilities across multiple vendors, including a Remote Code Execution flaw in Microsoft SharePoint (CVE-2026-45659) which could potentially allow an attacker to execute arbitrary code on affected servers if left unpatched.

Detection Availability

• YARA Rules: No
• Sigma Rules: No
• Snort/Suricata Rules: No
• KQL Queries: No
• Splunk SPL Queries: No
• EQL Queries: No
• Other Detection Logic: No

No detection rules or queries are provided in the advisory digest.

Detection Engineering Assessment

EDR Visibility: None — The article is a patch digest and does not provide behavioral indicators, payloads, or attack telemetry. Network Visibility: None — No network indicators or traffic patterns are discussed in the advisories. Detection Difficulty: Hard — Without specific exploitation details or IOCs, detection relies entirely on vulnerability scanning rather than behavioral monitoring.

Control Gaps

• Vulnerability Management

False Positive Assessment

• Low

Recommendations

Immediate Mitigation

• Verify against your organization's incident response and patch management runbooks before acting.
• Apply the out-of-band Microsoft security update for CVE-2026-45659 on affected SharePoint servers.
• Rotate the GitHub Enterprise Server signing key as required to install future patches.
• Deploy the latest Google Chrome stable channel updates to all endpoints.

Infrastructure Hardening

• Update affected GitLab, Jenkins, Veeam, and Hitachi enterprise applications to their latest secure versions.
• Review Phoenix Contact control systems and apply firmware updates once they become available.

User Protection

• Ensure endpoint management tools are configured to automatically push critical browser updates like Google Chrome.

Security Awareness

• Communicate the importance of timely patching to system administrators responsible for the affected platforms.