2026年4月10日の
セキュリティ情報

Subject: [Action Required] Critical Vulnerabilities in Docker Engine and Flowise

Dear IT Administration Team,

We are sharing critical security updates regarding several high-severity vulnerabilities that require your immediate attention.

■ Overview
A high-risk vulnerability in Docker Engine (CVE-2026-34040) allows attackers to bypass authorization plugins via specially crafted API requests, potentially leading to container escape and host access. Additionally, a critical remote code execution (RCE) vulnerability in Flowise (CVE-2025-59528, CVSS 10.0) has been identified in MCP nodes, with active exploitation reported across thousands of instances.

■ Scope
- Docker Engine (Environments relying on AuthZ plugins for request body validation)
- Flowise (Instances utilizing MCP nodes)

■ Mitigation Steps
1. Update Docker Engine to version 29.3.1 or later. If updating is not immediately possible, restrict API access permissions.
2. Apply the latest security patches to Flowise and verify MCP node configurations.
3. Given that threat actors like Storm-1175 are weaponizing N-day vulnerabilities within 24 hours, please review and accelerate your organization's patch management lifecycle.

■ Reference
- Docker Official Release Notes
- Flowise Security Advisory

Priority: High (Prompt action is strongly recommended)

Subject: [Action Required] Critical RCE Vulnerability in Apache ActiveMQ Classic

Hi all,

This is a security advisory regarding a critical Remote Code Execution (RCE) vulnerability discovered in Apache ActiveMQ Classic.

■ Overview
A critical vulnerability (CVE-2026-34197) has been identified in the Jolokia API of Apache ActiveMQ Classic. This flaw allows an attacker to force the server to load a malicious configuration file from a remote source, leading to arbitrary command execution. Furthermore, in certain 6.x versions, this can be combined with CVE-2024-32114 to achieve unauthenticated RCE.

■ Affected Scope
- Apache ActiveMQ Classic versions prior to 5.19.4
- Various 6.x versions

■ Mitigation Steps
1. Promptly update Apache ActiveMQ Classic to version 5.19.4 or later.
2. Strictly enforce access controls for the Jolokia API and restrict unnecessary internet exposure.
3. Immediately change any default administrative credentials (e.g., admin:admin).

■ Reference
- CVE-2026-34197 / CVE-2024-32114
- Apache ActiveMQ Official Security Advisories

Priority: High (Prompt remediation is strongly recommended)

Subject: [Action Required] Critical RCE Vulnerability in Wazuh (CVE-2026-25769)

Hi all,

This is a security advisory regarding a critical vulnerability identified in Wazuh.

■ Overview
A remote code execution (RCE) vulnerability (CVE-2026-25769) has been discovered in the Wazuh cluster communication protocol. The issue stems from the insecure deserialization of JSON messages sent from worker nodes to the master node. An attacker who has compromised a worker node can leverage this to execute arbitrary system commands on the master node with root privileges. The CVSS score is 9.1 (CRITICAL).

■ Affected Scope
- Product: Wazuh
- Affected Versions: 4.0.0 through 4.14.2

■ Remediation Steps
1. Verify the current version of your Wazuh deployment.
2. Update to the fixed version 4.14.3 or later as soon as practical.

■ Reference
- CVE-2026-25769
- Wazuh GitHub Security Advisory

Priority: High (Prompt update is strongly recommended)

Subject: [Security Advisory] Remote Code Execution Vulnerability in Apache Struts2 (CVE-2020-17530)

Hi all,

This is a security notification regarding a critical vulnerability in Apache Struts2.

■ Overview
A Remote Code Execution (RCE) vulnerability, identified as S2-061 (CVE-2020-17530), has been reported in Apache Struts2. An attacker can execute arbitrary commands on the server by sending a specially crafted payload with the Content-Type set to 'multipart/form-data' containing malicious OGNL expressions.

■ Scope
- Affected versions of Apache Struts2

■ Mitigation Steps
1. Identify all assets running Apache Struts2 and check their current versions.
2. Update Apache Struts2 to the latest patched version promptly.
3. If an immediate update is not feasible, consider implementing WAF rules to block requests containing suspicious OGNL expressions.

■ Reference
- CVE-2020-17530
- Apache Struts Official Security Advisory

Priority: High (Prompt action is recommended)

Subject: [Security Notice] Use of Browser Extensions (AI Tools)

Hi everyone,

Our security team would like to bring your attention to increasing risks associated with AI-powered browser extensions. Some of these tools may inadvertently expose sensitive company data or introduce security vulnerabilities to your browser.

How you can help:
1. Review your installed AI browser extensions and check if they request excessive permissions (e.g., access to all website data).
2. Promptly remove any extensions that are not officially approved or from untrusted sources.

Please prioritize this review to keep our environment secure.

件名: 【共有】AIブラウザ拡張機能による新たな脅威ベクトルについて

お疲れさまです。AIブラウザ拡張機能に関するセキュリティリスクの情報共有です。

■ 概要
AIブラウザ拡張機能が、従来のDLPやSaaSログを回避してデータを窃取する新たな経路となっていることがLayerXのレポートで指摘されました。統計的にAI拡張機能は一般的な拡張機能より脆弱性が60%多く、クッキーへのアクセス権やリモートスクリプト実行権限を持つ傾向が非常に高いことが判明しています。

■ 影響範囲
- AI系ブラウザ拡張機能を導入している全エンドポイント
- 機密データを扱う業務端末

■ 対応手順
1. ブラウザ管理ポリシー（Chrome Enterprise等）を用いて、許可されていない拡張機能のインストールを制限するホワイトリスト運用の導入を検討してください。
2. 現在導入済みの拡張機能について、過剰な権限（cookies, all_urls等）を要求しているものの監査および削除を実施してください。

■ 参考情報
- The Hacker News: Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

対応優先度: 高（速やかな対策の検討を推奨）

Subject: [Security Advisory] New Threat Vector via AI Browser Extensions

Hi,

This is a security update regarding the risks associated with AI-powered browser extensions.

■ Overview
A recent report from LayerX highlights that AI browser extensions are becoming a significant blind spot in enterprise security. These extensions often bypass DLP and SaaS logs, providing direct access to user data. Statistically, AI extensions are 60% more likely to have vulnerabilities and significantly more likely to request access to cookies and execute remote scripts compared to standard extensions.

■ Scope
- All endpoints with AI-powered browser extensions installed.
- Workstations handling sensitive corporate data.

■ Recommended Actions
1. Implement a whitelist-based policy via browser management tools (e.g., Chrome Enterprise) to restrict unauthorized extension installations.
2. Audit currently installed extensions and remove those requesting excessive permissions (e.g., access to cookies or all URLs).

■ Reference
- The Hacker News: Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

Priority: High (Prompt action is recommended)