MSP Threat Radar Weekly Briefing — Week of 2026-04-13

This week’s briefing tracks 12 recent watch items across 3 vendors, with emphasis on active service incidents and high-priority operational issues.

Top items

NVD watch item CVE-2026-6563

• Vendor: NVD
• Published: 2026-04-19
• Status: watch
• Source: nvd
• Official advisory: https://nvd.nist.gov/vuln/detail/CVE-2026-6563

A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function SetAPWifiorLedInfoById of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Review the official advisory, map affected products against managed client environments, and determine whether patching or temporary mitigation is required.

NVD watch item CVE-2026-6562

• Vendor: NVD
• Published: 2026-04-19
• Status: watch
• Source: nvd
• Official advisory: https://nvd.nist.gov/vuln/detail/CVE-2026-6562

A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is the function getListByPage of the file /index/Search/index.html. Executing a manipulation of the argument keyword can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Review the official advisory, map affected products against managed client environments, and determine whether patching or temporary mitigation is required.

NVD watch item CVE-2026-6560

• Vendor: NVD
• Published: 2026-04-19
• Status: watch
• Source: nvd
• Official advisory: https://nvd.nist.gov/vuln/detail/CVE-2026-6560

A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects the function Edit_BasicSSID of the file /goform/aspForm. Such manipulation of the argument param leads to buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Review the official advisory, map affected products against managed client environments, and determine whether patching or temporary mitigation is required.

R2 customers may see an increase of HTTP 500s in KIX

• Vendor: Cloudflare
• Published: 2026-04-19
• Status: resolved
• Source: cloudflare-status
• Official advisory: https://stspg.io/59f74034q1bf

Cloudflare is investigating reports of HTTP 500 responses for R2 services in the KIX (Osaka) location. We are working to mitigate this, more updates to follow shortly.

Check cloudflare dependent workflows, notify affected clients if service disruption persists, and review workaround guidance from the official incident page.

WARP connectivity

• Vendor: Cloudflare
• Published: 2026-04-18
• Status: investigating
• Source: cloudflare-status
• Official advisory: https://stspg.io/325rcprhq75l

Cloudflare is investigating issues with Cloudflare WARP and Cloudflare Zero Trust. Cloudflare WARP and Zero Trust users may experience connectivity issues or a degraded Internet experience.

Check cloudflare dependent workflows, notify affected clients if service disruption persists, and review workaround guidance from the official incident page.