MSP Threat Radar Weekly Briefing — Week of 2026-04-06

This week’s briefing tracks 12 recent watch items across 2 vendors, with emphasis on active service incidents and high-priority operational issues.

Top items

Workers AI Gemma 4 model unhealthy

• Vendor: Cloudflare
• Published: 2026-04-11
• Status: resolved
• Source: cloudflare-status
• Official advisory: https://stspg.io/v3snb3z2fwyt

Cloudflare is investigating isssues with Workers AI Gemma 4 model. Users may experience elevated error rates when trying to use Gemma 4 on Workers AI

Check cloudflare dependent workflows, notify affected clients if service disruption persists, and review workaround guidance from the official incident page.

Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo (CVE-2026-28390)

• Vendor: Microsoft
• Published: 2026-04-11
• Status: active
• Source: msrc
• Official advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-28390

Information published. Information published.

Customer action is required. Review the Security Update Guide entry, confirm affected Microsoft products, and prioritize patch validation or mitigation.

Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo (CVE-2026-28389)

• Vendor: Microsoft
• Published: 2026-04-11
• Status: active
• Source: msrc
• Official advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-28389

Information published. Information published.

Customer action is required. Review the Security Update Guide entry, confirm affected Microsoft products, and prioritize patch validation or mitigation.

Chromium: CVE-2026-5919 Insufficient validation of untrusted input in WebSockets (CVE-2026-5919)

• Vendor: Microsoft
• Published: 2026-04-11
• Status: active
• Source: msrc
• Official advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5919

Information published.

Customer action is required. Review the Security Update Guide entry, confirm affected Microsoft products, and prioritize patch validation or mitigation.

Chromium: CVE-2026-5918 Inappropriate implementation in Navigation (CVE-2026-5918)

• Vendor: Microsoft
• Published: 2026-04-11
• Status: active
• Source: msrc
• Official advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5918

Information published.

Customer action is required. Review the Security Update Guide entry, confirm affected Microsoft products, and prioritize patch validation or mitigation.