Decoding the world of cybersecurity

CERT-EU advisories expose infrastructure risk

CERT-EU’s 2026 advisory stream shows exploited and high-impact flaws across perimeter appliances, identity infrastructure, firewalls, and enterprise network systems.

CERT-EU advisories expose infrastructure risk
Summary
  • CERT-EU’s 2026 advisory page includes exploited or high-impact vulnerabilities affecting Ivanti Sentry, Windows Netlogon, PAN-OS, Cisco, Citrix, and Ivanti EPMM.
  • Several issues affect infrastructure that sits close to identity, remote access, network control, or administrative trust.
  • The pattern reinforces the operational risk created by exposed appliances and delayed patch governance across EU estates.

CERT-EU’s 2026 advisory stream shows how much enterprise cyber risk remains concentrated in infrastructure used to authenticate users, manage remote access, route traffic, and administer networks.

The EU institutions’ computer emergency response team has issued advisories this year covering critical vulnerabilities in Ivanti Sentry, Windows Netlogon, PAN-OS, Citrix NetScaler and ADC, Cisco SD-WAN products, and Ivanti EPMM. Several of the advisories point to exploitation, limited exploitation, or serious remote-code-execution potential.

The 2026 advisory page includes a June notice on critical Ivanti Sentry vulnerabilities that could allow unauthenticated remote code execution on vulnerable devices. It also lists a critical Windows Netlogon vulnerability affecting Windows Server when acting as a domain controller, with CERT-EU citing the Belgian Centre for Cybersecurity’s assessment that the flaw was being exploited by threat actors.

A separate PAN-OS advisory says Palo Alto observed limited exploitation of a critical vulnerability that could allow unauthenticated root-level code execution. Earlier advisories covered Cisco Catalyst SD-WAN controllers and Cisco SD-WAN Manager, Citrix NetScaler and ADC, and Ivanti EPMM vulnerabilities, including a limited number of exploitation cases for one of the EPMM flaws.

Each advisory belongs to the normal rhythm of enterprise patching, but the pattern across the list is more serious. Many affected technologies sit at points of concentration: domain controllers, edge appliances, mobile management gateways, firewalls, SD-WAN controllers, and remote-access infrastructure. Compromise at those layers can give attackers reach, administrative context, credentials, or a path into systems that defenders assume are protected by the same technologies now under pressure.

That creates a governance problem as well as a technical one. Patching a high-severity server application is often hard enough; patching a security gateway, domain controller, or network control plane can involve outage windows, vendor dependencies, architecture constraints, and internal ownership disputes. Delays accumulate in places where attackers are already looking.

EU institutions and member-state bodies face that exposure alongside private organisations supporting public services, regulated sectors, and cross-border operations. Suppliers running vulnerable infrastructure can create the same operational consequences as a direct compromise of a government or regulated entity, particularly where managed services, remote access, and outsourced network administration are involved.

The advisory stream also reflects a wider change in vulnerability management. Exploitation status, internet exposure, asset criticality, and business-service dependency increasingly carry more weight than generic severity scores. A flaw in a perimeter appliance or identity component carries a different operational profile from the same score in a less exposed product.

For organisations covered by NIS2, DORA, or national cyber resilience regimes, these advisories are not only patch notes. They form part of the evidence base for whether asset inventories are accurate, whether risk-based remediation is defensible, and whether suppliers can prove that critical infrastructure under their control has been assessed and updated.

CERT-EU’s list maps recurring pressure points across edge systems, administrative trust, and security infrastructure. Resilience depends on whether organisations can respond at the speed those layers now demand.

×