MSP Threat Radar Weekly Briefing — Week of 2026-04-27

This week’s briefing tracks 12 recent watch items across 5 vendors, with emphasis on active service incidents and high-priority operational issues.

Top items

Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability

• Vendor: Linux Kernel
• Published: 2026-05-01
• Status: active
• Source: cisa-kev
• Official advisory: https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/

Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation.

"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-05-15.

ConnectWise ScreenConnect Path Traversal Vulnerability

• Vendor: Connectwise
• Published: 2026-04-28
• Status: active
• Source: cisa-kev
• Official advisory: https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8

ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems.

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-05-12.

cpanel vulnerability (CVE-2026-41940)

• Vendor: Cpanel
• Published: 2026-04-29
• Status: active
• Source: nvd
• Official advisory: https://nvd.nist.gov/vuln/detail/CVE-2026-41940

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Review affected assets, prioritize patch validation, and map remediation against managed client inventory.

Microsoft Windows Protection Mechanism Failure Vulnerability

• Vendor: Microsoft
• Published: 2026-04-28
• Status: active
• Source: cisa-kev
• Official advisory: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32202

Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network.

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-05-12.

net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption (CVE-2026-31533)

• Vendor: Microsoft
• Published: 2026-05-01
• Status: active
• Source: msrc
• Official advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-31533

Information published. Information published.

Customer action is required. Review the Security Update Guide entry, confirm affected Microsoft products, and prioritize patch validation or mitigation.