< ciso
brief />
Tag Banner

All news with #remote code execution tag

691 articles · page 13 of 35

CISA Orders Federal Patch for n8n RCE Vulnerability

🔔 CISA has ordered federal agencies to patch an actively exploited remote code execution flaw in n8n, tracked as CVE-2025-68613, which permits authenticated attackers to run arbitrary code with the n8n process's privileges. The n8n team released n8n v1.122.0 in December to address the issue and urges immediate upgrades; temporary mitigations include restricting workflow creation/editing, limiting OS privileges, and reducing network access. Shadowserver reports over 40,000 exposed instances globally, prompting a March 25 remediation deadline for federal civilian agencies under BOD 22-01.
read more →

Critical n8n Vulnerabilities Allow Remote Code Execution

⚠️ Cybersecurity researchers disclosed multiple critical vulnerabilities in the n8n workflow automation platform that can lead to remote code execution and the exposure of stored credentials. The principal issues include an expression sandbox escape (CVE-2026-27577) and an unauthenticated Form-node expression injection (CVE-2026-27493). n8n has released fixes in 1.123.22, 2.9.3 and 2.10.1 and recommends immediate patching; short-term mitigations and node exclusions are available for users who cannot upgrade immediately.
read more →

Critical Aruba AOS-CX Web Bug Lets Attackers Gain Admin

⚠️ HPE Aruba Networking released patches for five vulnerabilities in AOS-CX switch software, including a critical web-management flaw that allows unauthenticated remote actors to bypass authentication and potentially reset administrator credentials. The most severe issue, CVE-2026-23813 (CVSS 9.8), can be triggered entirely over the network without user interaction. Additional CLI command-injection vulnerabilities and an open-redirect flaw were also fixed; administrators should apply updates and restrict management interfaces immediately.
read more →

Microsoft March Patch Tuesday: 84 Flaws, 2 Zero-Days

🔒Microsoft released its March Patch Tuesday updates addressing 84 security vulnerabilities, including two publicly disclosed zero-days. Of the fixes, eight are rated Critical and 76 Important, spanning privilege escalation, remote code execution, information disclosure and other classes. The highest-scoring issue is CVE-2026-21536 (CVSS 9.8) in the Microsoft Devices Pricing Program, which Microsoft says is fully mitigated. Administrators should review MSRC advisories and apply updates based on risk and exposure.
read more →

Microsoft Patch Tuesday — March 2026 Security Fixes

🔒 Microsoft released fixes for at least 77 vulnerabilities across Windows and related products in its March 2026 Patch Tuesday. Two issues were previously disclosed publicly, including a SQL Server privilege elevation (CVE-2026-21262) that can allow network-based escalation to sysadmin. Several critical remote code execution bugs in Microsoft Office and other components, plus a notable AI-discovered 9.8-rated RCE (CVE-2026-21536), merit prioritized attention. Administrators should review privilege escalation and RCE patches first and monitor for any post-update issues.
read more →

March Patch Tuesday: High-Severity Microsoft Office Flaws

🛡️ Microsoft’s March Patch Tuesday addresses 78 vulnerabilities, led by three high-severity flaws in Microsoft Office, including an Excel information-disclosure bug (CVE-2026-26144) and two remote-code-execution issues (CVE-2026-26113, CVE-2026-26110). While Microsoft reports no known zero-day exploitation, experts urge expedited patching, restricting outbound Office traffic, and limiting AI automation such as Copilot Agent to mitigate potential silent exfiltration and preview-pane attack vectors.
read more →

Microsoft March 2026 Patch Tuesday: 79 Vulnerabilities

🔒 Microsoft issued its March 2026 Patch Tuesday addressing 79 vulnerabilities, three of which were marked critical though assessed as less likely to be exploited. The critical issues include Office remote code execution bugs (CVE-2026-26110, CVE-2026-26113) and an Excel information-disclosure flaw (CVE-2026-26144). Important fixes affect SharePoint, SQL Server and multiple Windows components. Cisco Talos published Snort and firewall rules to detect exploitation attempts and urges customers to apply patches and rule updates promptly.
read more →

Microsoft March 2026 Patch Tuesday: 79 Flaws, 2 Zero-Days

🔒 Microsoft's March 2026 Patch Tuesday addresses 79 vulnerabilities, including two publicly disclosed zero-days and three Critical flaws. Notable fixes include two Office remote code execution bugs exploitable via the preview pane and an Excel information-disclosure issue that could enable data exfiltration via Copilot. Administrators should prioritize Office, Windows and Azure updates immediately.
read more →

Apeman ID71 Camera Vulnerabilities Allow Remote Control

🔒Apeman ID71 cameras contain multiple remote-exploitable vulnerabilities, including CVE-2025-11126, CVE-2025-11851, and CVE-2025-11852. One issue, CVE-2025-11126, carries a CVSS v3.1 base score of 9.8 and involves insufficiently protected credentials. Proof-of-concept exploits for all three have been publicly disclosed and the vendor did not respond to coordination; CISA recommends isolating devices and minimizing network exposure.
read more →

Lantronix EDS3000PS and EDS5000 Critical Vulnerabilities

⚠️ Lantronix EDS3000PS and EDS5000 devices contain multiple critical vulnerabilities, including OS command injection and authentication bypass, some exploitable without authentication, that can result in root-level code execution. Affected firmware versions include EDS3000PS 3.1.0.0R2 and EDS5000 2.1.0.0R3, with several CVEs rated CVSS 9.8. Lantronix has published firmware updates to 3.2.0.0R2 and 2.2.0.0R1. Operators should apply updates, restrict network exposure, and follow CISA mitigation guidance.
read more →

March 2026 Patch Tuesday: 82 CVEs, 8 Critical Vulns

🔒 Microsoft’s March 2026 Patch Tuesday addresses 82 vulnerabilities, including eight Critical issues and two publicly disclosed flaws affecting Windows, Azure and Office. Notable high-severity items include a CVSS 9.8 RCE in the Microsoft Devices Pricing Program and several elevation-of-privilege and RCE flaws in Office, Excel and Azure Confidential Containers; some cloud-hosted issues were remediated server-side with no customer action required. CrowdStrike recommends prioritizing available fixes, applying mitigations where patches are absent, and using the Falcon Patch Tuesday dashboard to triage and track remediation.
read more →

Delta CNCSoft-G2 Out-of-Bounds Write Vulnerability

🛡️ An Out‑of‑Bounds Write vulnerability in the DOPSoft DPAX parser of CNCSoft‑G2 (CVE‑2026‑3094) can lead to remote code execution on affected devices. The flaw affects versions prior to V2.1.0.39 and has a CVSS v3.1 score of 7.8 (High). Although exploitation requires local access and is not remotely exploitable, Delta recommends updating to V2.1.0.39 to remediate the issue and CISA advises reducing network exposure and following ICS security best practices.
read more →

Zero-click RCE in FreeScout urges immediate patching

⚠️ Ox Security has disclosed a zero-click remote code execution (RCE) vulnerability affecting FreeScout, tracked as CVE-2026-28289 (Mail2Shell), which bypasses an earlier fix (CVE-2026-27636). By sending a single crafted email to any address configured in FreeScout, an attacker can execute code on the server without authentication and without any user interaction. Ox warned thousands of instances may be exposed and urged immediate upgrades to v1.8.207 or later. Administrators are also advised to disable AllowOverrideAll in Apache on affected servers.
read more →

Cisco Releases Patches for 48 Firewall Vulnerabilities

🔒 Cisco has published 25 joint advisories addressing 48 vulnerabilities across its Secure Firewall ASA, Secure FMC and FTD product lines. The two most critical flaws, CVE-2026-20079 and CVE-2026-20131, are rated CVSS 10 and impact Secure FMC, enabling authentication bypass and remote code execution respectively. The auth bypass can be triggered with crafted HTTP requests against a boot-created system process, while the RCE stems from insecure deserialization of a user-supplied Java byte stream to the web management interface. There are no workarounds; Cisco urges customers to install the fixed software and the bundle also addresses 15 high and 31 medium severity issues.
read more →

Mail2Shell zero-click bypass allows FreeScout server takeover

⚠️ A newly disclosed maximum-severity flaw, CVE-2026-28289, enables zero-click remote code execution against FreeScout by defeating filename validation. Researchers at OX Security found that inserting a zero-width space (U+200B) before a filename bypasses the prior patch, allowing an attacker to upload a .htaccess-style payload that is later processed as a dotfile. The uploaded file can be reached via the platform's /storage/attachment/ path and used to execute commands without authentication. FreeScout 1.8.207 fixes the bypass; admins should update immediately and consider disabling AllowOverrideAll in Apache.
read more →

Cisco Patches Maximum-Severity Flaws in Secure FMC

🔒 Cisco has released updates for two maximum-severity vulnerabilities in Cisco Secure FMC that allow unauthenticated remote attackers to obtain root on affected systems. CVE-2026-20079 is an authentication-bypass flaw exploitable via crafted HTTP requests to gain root, while CVE-2026-20131 is a remote code execution vulnerability triggered by a crafted serialized Java object that can execute arbitrary Java code as root. Cisco also patched dozens of other issues and says its PSIRT has no evidence these flaws are being actively exploited.
read more →

CISA Adds VMware Aria Operations RCE to KEV Catalog

⚠️ CISA has added a high‑severity VMware Aria Operations flaw, CVE-2026-22719, to its Known Exploited Vulnerabilities (KEV) catalog after reports of active exploitation; the issue is an unauthenticated command injection that can allow arbitrary command execution and potential remote code execution. Broadcom released fixes for VMware Cloud Foundation, vSphere Foundation 9.0.2.0 and Aria Operations 8.18.6, and provided a shell-script workaround (aria-ops-rce-workaround.sh) for appliance nodes. Public details of in‑the‑wild exploitation and attribution remain scarce. Federal civilian agencies must apply the fixes by March 24, 2026.
read more →

CISA Flags VMware Aria Operations RCE as Exploited

🚨 CISA has added a VMware Aria Operations command injection flaw (CVE-2026-22719) to its Known Exploited Vulnerabilities catalog and is treating the issue as exploited in attacks. Broadcom says it is aware of reports of exploitation but cannot independently confirm them. VMware released patches on February 24 and provided a temporary workaround script (aria-ops-rce-workaround.sh) that disables vulnerable migration components; administrators should apply the updates or the workaround immediately.
read more →

Critical macOS ExifTool Vulnerability CVE-2026-3102

⚠️ Kaspersky's GReAT discovered a critical flaw, CVE-2026-3102, in ExifTool that can execute embedded shell commands when processing crafted image metadata on macOS if ExifTool is invoked with the -n/--printConv flag. The issue affects ExifTool versions 13.49 and earlier and can be exploited in automated workflows or apps that bundle the library. Update to ExifTool 13.50 immediately, isolate processing of untrusted files, and verify third-party tools do not include older copies of the library.
read more →

ClawJacked: Local WebSocket Flaw Gives Remote Control

⚠️ Researchers have revealed a high-severity "ClawJacked" vulnerability in OpenClaw that can allow a malicious webpage to take full control of the AI assistant platform. The issue arises because the gateway binds to localhost and treats local connections as trusted, permitting a script to brute-force credentials and auto-register as a trusted node. Once authenticated, an attacker can enumerate devices, read logs and dispatch commands. Users are urged to upgrade to 2026.2.25 or later immediately.
read more →