Vulnerability
- Langflow CVE-2026-33017: Unauthenticated RCE Exploited Within 20 Hours, Now on CISA KEV
CVE-2026-33017 is a CVSS 9.3 unauthenticated RCE in Langflow's public flow build endpoint. Attackers were scanning and exploiting within 20 hours of disclosure -- with no public PoC. CISA added it to the KEV catalog on March 25. If you run Langflow, upgrade to v1.9.0 now.
- TP-Link Patches Critical Auth Bypass in Archer NX Routers
CVE-2025-15517 lets attackers upload arbitrary firmware to Archer NX200/NX210/NX500/NX600 without credentials. Patch is available -- given TP-Link's botnet exploitation history, treat this as urgent.
- Android March 2026: 129 Fixes, One Qualcomm Zero-Day Already in the Wild
Google's March 2026 Android security bulletin patches 129 vulnerabilities including CVE-2026-21385, a Qualcomm graphics zero-day under active targeted exploitation. Patch level 2026-03-05 required for full coverage.
- CVE-2026-2441: Chrome Zero-Day Actively Exploited, Headless Workloads at Risk
A memory corruption flaw in the Chromium rendering engine is being actively exploited in the wild, allowing arbitrary code execution via malicious web content -- and it reaches further than your browser.
- Cisco FMC Zero-Day CVE-2026-20131: Interlock Ransomware Had Root for 36 Days Before the Patch Existed
CVE-2026-20131, a CVSS 10.0 zero-day in Cisco Secure Firewall Management Center, was exploited by the Interlock ransomware gang for 36 days before Cisco disclosed it. CISA added it to KEV with a federal patch deadline of March 22; no workarounds exist.
- Node.js March 2026 Security Releases: Two High-Severity Issues Across All Active Lines
Node.js pushed security releases across all active lines today -- 25.x, 24.x, 22.x, and 20.x. Two high-severity and multiple medium-severity issues are patched. CVE details are pending. If you're running Node in production, you need to update.
- Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE
CVE-2026-32746 is a CVSS 9.8 buffer overflow in GNU InetUtils telnetd that lets an unauthenticated attacker execute code as root before any login prompt appears. No patch yet. If you're running telnetd exposed to the internet, act now.
- When the Management Plane Falls: CVE-2025-32975 and the Quest KACE SMA Problem
CVE-2025-32975 is a CVSS 10.0 authentication bypass in Quest KACE SMA, actively exploited since the week of March 9, 2026. Arctic Wolf has documented the full attack chain: initial access via the auth bypass, Mimikatz credential harvesting, and lateral movement to domain controllers and backup infrastructure.
- March 2026 Patch Tuesday: 78 CVEs Including Active Zero-Day
March 2026 Patch Tuesday addressed 78 vulnerabilities including at least one zero-day under active exploitation. The gap between patch release and patch applied is where breaches happen.
- n8n RCE: What CISA's KEV Addition Reveals About AI Workflow Tool Security
CISA has added CVE-2025-68613, a critical RCE in n8n, to its Known Exploited Vulnerabilities catalogue. With 24,700+ unpatched instances still online, this is an active threat -- and it exposes a structural problem with self-hosted AI tooling.
- Claude Just Found 22 CVEs in Firefox. Here's What That Actually Means.
Anthropic's Frontier Red Team used Claude to find 22 CVEs and 112 bugs in Firefox -- one of the most scrutinised codebases on the planet. The implications for security teams go well beyond one browser.