Cybersecurity review Q1 2026: the most exploited flaws in France
> TL;DR: Data breach summary, most exploited CVEs, affected sectors, and vibe coding impact in Q1 2026.
Q1 2026: a record quarter for data breaches in France
The first quarter of 2026 was marked by an acceleration of data breaches in France. ANSSI published an alarming report: +34% incident reports compared to Q1 2025. SMBs are increasingly affected, now representing 43% of declared victims.
Major incidents of the quarter
January 2026: an HR software vendor exposed 120,000 employees' payslips through an unauthenticated API. Data included names, salaries, IBANs, and social security numbers. The flaw was exploited for 3 weeks before detection.
February 2026: a telemedicine platform suffered a leak of 45,000 patient records. Cause: missing Supabase RLS policies on consultation tables. Any authenticated user could read all patients' consultations.
March 2026: 35 CVEs directly attributed to AI-generated code (Georgia Tech Vibe Security Radar). Applications built with Cursor, Lovable, and Bolt represent a growing share of incidents.
Most exploited CVEs in France in Q1 2026
CVE-2026-0127: critical WordPress plugin vulnerability (ACF Pro) allowing remote code execution. 2.3 million sites potentially affected.
CVE-2026-0234: n8n flaw allowing workflow execution via unauthenticated webhooks. Massive exploitation in France upon publication.
CVE-2025-4892: Laravel session management vulnerability enabling session fixation and account hijacking.
Most affected sectors
Healthcare (28% of incidents): the accelerated digital transformation of healthcare actors, combined with the HDS 2.0 deadline in May 2026, creates an environment where speed trumps security.
Finance (22%): fintechs built with modern stacks (Supabase, Next.js) are particularly vulnerable to configuration errors.
HR & payroll (18%): payroll software becoming preferred targets for data monetization (IBANs, salaries).
E-commerce (15%): price manipulation, privilege escalation, and customer data theft.
The vibe coding impact
Vibe coding is the new factor this quarter. AI-generated applications reach production faster than ever. But AI code contains 2.74x more vulnerabilities than human code. Recurring patterns: total absence of access control, hardcoded secrets, and unverified dependencies.
What SMBs should take away
Our view
Free 10-minute diagnosis. External Review (€1,900) if a critical flaw is identified. Full Audit (€4,200) for a comprehensive report usable with CNIL.
Key Takeaways
Building HR, payroll, or recruiting software? CleanIssue performs security audits for HR SaaS in real-world conditions, no source code access needed. For a first read of your exposure, start with an external review of your application.
Related articles
Three adjacent analyses to keep exploring the same attack surface.
The 10 flaws we found most in 2025-2026
Ranked list of most frequent vulnerabilities across our audits. Missing RLS at #1, unauthenticated webhooks at #2, exposed API keys at #3.
Viamedis and Almerys 2024: 33M French Health Records Breached
Analysis of the dual Viamedis/Almerys breach that exposed health data of 33 million French citizens in January 2024.
France Travail 2024: 43M French Citizens Leaked, What Really Happened
Technical breakdown of the France Travail data breach in 2024: how 43 million records were exposed, timeline, and lessons learned.
Sources
Editorial analysis based on official vendor, project, and regulator documentation.
Related services
If this topic maps to a real risk in your stack, these are the most relevant CleanIssue audits.