Centre for Cybersecurity Belgium (CCB)
ccb-belgium · A · active
https://ccb.belgium.be/advisories
Belgian national cybersecurity authority; publishes EN advisories on EU-relevant CVEs. Discovered 2026-05-24 via its corroborating Unbound 1.25.1 advisory (CVE-2026-33278 et al.) which carried technical detail beyond the NLnet Labs primary. Candidate — promote to active after 3 runs with content contribution. | 2026-06-02: contributed corroborating content (CVE-2026-41089 exploitation confirmation). | 2026-06-20 full audit (v2.62): live=Y, drill=Y. FETCH → bridge: python3 tools/fetch_source.py url https://ccb.belgium.be/advisories (listing, 72KB, dated advisories) then bridge url https://ccb.belgium.be/advisories/<slug> for the advisory body (48KB). AVOID: WebFetch listing works but its summariser rewrites article hosts to www.ccb.be — the canonical host is ccb.belgium.be; per-article WebFetch on www.ccb.be 503s. Use the bridge against ccb.belgium.be for the real hrefs and body.. | 2026-07-05 admiralty audit: A — Belgium's national cyber authority (CERT.be) publishing its own jurisdiction's official advisories; primary authority. No status change (active). Justified A: national CSIRT per rubric.
Cited in 9 entries
Citation cadence
Citation days per ISO week (8 weeks of coverage span, total 8).
- SimpleHelp RMM auth bypass (CVE-2026-48558) went from disclosure to in-the-wild exploitation this week — an RMM supply-chain foothold2026-07-05
- CVE-2026-57517 — Control Web Panel: pre-auth blind SQL injection to web-shell RCE (CVSS 9.8)2026-07-03
- CVE-2026-48558 — SimpleHelp RMM: OIDC SSO authentication bypass, actively exploited2026-06-30
- CVE-2026-25089 — Fortinet FortiSandbox: unauthenticated OS command injection in the web UI's VNC-launch handler (CVSS 9.8)2026-06-12
- CVE-2026-44748 — SAP June Patch Day: SAML XML Signature Wrapping in NetWeaver AS ABAP (CVSS 9.9) plus an unauth RFC kernel memory-corruption (CVSS 9.8)2026-06-10
- CVE-2026-44848 & CVE-2026-44849 — Portainer CE: Docker plugin endpoints unguarded; Swarm-service security checks bypassed (CVSS 9.4)2026-05-29
- CVE-2026-32996 & CVE-2026-32997 — Veeam Backup & Replication KB4852: LPE in Windows Agent, arbitrary file write in Linux appliance2026-05-29
- DNS-resolver patch cluster — Unbound 1.25.1 (11 CVEs) and ISC BIND 9.18.49 / 9.20.232026-05-24
- Dirty Frag — Microsoft confirms limited in-the-wild exploitation; Red Hat, NCSC.ch, CCB Belgium publish coordinated advisories2026-05-11