VMware/Broadcom May 2026 virtualization checklist for VCF 9.1, vCenter virtual hardware, Workstation/Fusion 26H1, XCP-ng, and VM hosting admins.
HAProxy Community, Enterprise, and ALOHA saw May 2026 release movement. Check versions, validate configs, reload safely, and verify TLS/backend health.
Updated June 17: Plesk Obsidian admins should check SOGo Webmail 1.2.5, Grafana 1.7.0, Monitoring 2.11.0, WP Toolkit 6.11.0, PHP handlers, backups, logs, and customer workflows.
Patch Gravity SMTP CVE-2026-4020 and CVE-2026-4162, rotate WordPress mail-service credentials, and review sending logs after active attack reports.
Patch ingress-nginx CVE-2026-4342, review Kubernetes Ingress permissions, protect Secrets, and plan migration away from retired ingress-nginx.
Patch Linux ksmbd for CVE-2026-31718 and CVE-2026-31717, verify SMB exposure, disable unused ksmbd, and reboot into fixed kernels.
Patch Citrix NetScaler ADC and Gateway for CVE-2026-3055 and CVE-2026-4368, verify SAML/Gateway/AAA exposure, and review authentication logs.
Patch Drupal SAML SSO Service Provider CVE-2026-5343 by updating to 3.1.4 or newer and reviewing SSO logs, role mapping, and admin accounts.
Patch Drupal core CVE-2026-6365 by updating supported Drupal 10 and 11 branches, rebuilding caches, and verifying editor workflows.
Patch Drupal Date iCal CVE-2026-8495 by updating to 4.0.15 or newer, rebuilding caches, and reviewing private calendar feed exposure.
