NVD disclosure day

Published threat advisories for April 2, 2026

CVE-2025-15620

HiOS Switch Web Interface Reboot Vulnerability.

Halo Surface Signal: 3 out of 5 — possibly public-facing.

A denial-of-service vulnerability in the HiOS Switch Platform's web interface allows unauthenticated remote attackers to reboot devices via crafted HTTP requests, causing service disruption. This could impact network availability if reachable. Confirmation of affected devices and exposure is recommended.

NVD published: April 2, 2026

CVE advisoryCRITICAL

CVE-2026-34877

Mbed TLS Session Structure Memory Corruption Vulnerability

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A flaw in Mbed TLS allows an attacker to corrupt memory and potentially execute arbitrary code by manipulating serialized SSL context or session data, due to improper handling of privileged APIs. This vulnerability could affect the integrity and availability of services using the Mbed TLS library. It is uncertain if Mb

NVD published: April 2, 2026