All news with #remote code execution tag

🔔 Veeam has released updates to address multiple vulnerabilities in Veeam Backup & Replication, including three critical authenticated RCE flaws affecting builds up to 12.3.2.4165. The three RCE issues (CVE-2026-21666, CVE-2026-21667 and CVE-2026-21708) carry CVSS 9.9 scores and can permit authenticated users to execute code on backup servers; two additional high-severity bugs enable file manipulation and local privilege escalation. Veeam fixed the issues in build 12.3.2.4465 and urges organizations to patch immediately, emphasizing that backup infrastructure represents a highly privileged target for attackers.

🔒 Veeam has released security updates addressing seven critical vulnerabilities in Veeam Backup & Replication that could enable remote code execution, file manipulation, or privilege escalation if exploited. Affected builds include 12.3.2.4165 and earlier 12.x releases; fixes are available in 12.3.2.4465 and select fixes in 13.0.1.2067. Notable issues include multiple CVEs with CVSS scores up to 9.9 that allow authenticated domain users, Backup Viewers, or Backup Administrators to execute code, alter files, or escalate privileges. Veeam warned attackers may reverse-engineer patches, and customers are urged to update promptly.

🛡️ Veeam has released updates for Veeam Backup & Replication that address multiple vulnerabilities, including four critical remote code execution (RCE) flaws that allow low-privileged users or Backup Viewer accounts to execute code on backup servers. The key issues (CVE-2026-21666, CVE-2026-21667, CVE-2026-21669, CVE-2026-21708) are fixed in 12.3.2.4465 and 13.0.1.2067. Administrators are urged to upgrade immediately, as ransomware actors have repeatedly targeted VBR to move laterally, steal data, and prevent recovery.

⚠️ Researchers at Pillar Security disclosed two critical vulnerabilities in both self-hosted and cloud n8n deployments that can yield complete server compromise without any user interaction. The most severe, CVE-2026-27493, is an unauthenticated zero-click flaw in Form nodes that enables expression injection through public form endpoints; CVE-2026-27577 is a sandbox escape in the expression compiler enabling remote code execution. n8n issued patches and automated cloud mitigations; self-hosted users should upgrade to the recommended versions and rotate all stored credentials if a vulnerable workflow was exposed.

🔒 Apple has released security updates that backport fixes for vulnerabilities exploited by the Coruna exploit kit to older iPhones and iPads that cannot run the latest iOS releases. The patches, issued as iOS/iPadOS 15.8.7 and 16.7.15 builds, remediate kernel and WebKit issues — including CVE-2023-41974, CVE-2024-23222, CVE-2023-43000 and CVE-2023-43010 — to prevent privilege escalation and remote code execution. Affected legacy devices include a range of iPhone 6s through iPhone X models, multiple iPad Air/Pro and mini models, and the 7th‑gen iPod touch.

🔒 A deserialization vulnerability in Inductive Automation Ignition (CVE-2025-13913) allows a privileged, authenticated user to import a crafted file that executes embedded code during deserialization, potentially running with the OS application service account's permissions. The flaw affects Ignition versions prior to 8.3.0 and carries a CVSS v3.1 base score of 6.3; CISA reports it is not remotely exploitable and no public exploitation is known. Remediation is to upgrade to 8.3.0 or later. As interim mitigations, follow the Ignition Security Hardening Guide, restrict project imports to trusted sources, use dedicated low-privilege service accounts, and segment gateways from corporate networks.

🔐 Fortinet disclosed multiple FortiOS vulnerabilities that affect Siemens RUGGEDCOM APE1808 devices. Siemens has issued firmware updates and advises operators to install vendor fixes promptly. Issues include an authentication bypass, HTTP request smuggling, and an externally controlled format string that can enable code execution or unauthorized access. Apply vendor patches and limit device exposure.

⚠️n8n's critical expression-injection flaw, tracked as CVE-2025-68613 (CVSS 9.9), has been added to CISA's Known Exploited Vulnerabilities catalog following evidence of active exploitation. The issue allows an authenticated attacker to perform remote code execution via the workflow expression evaluation system, risking full instance compromise. n8n issued fixes in December 2025 (1.120.4, 1.121.1, 1.122.0), but thousands of instances remain exposed online.

🔔 CISA has ordered federal agencies to patch an actively exploited remote code execution flaw in n8n, tracked as CVE-2025-68613, which permits authenticated attackers to run arbitrary code with the n8n process's privileges. The n8n team released n8n v1.122.0 in December to address the issue and urges immediate upgrades; temporary mitigations include restricting workflow creation/editing, limiting OS privileges, and reducing network access. Shadowserver reports over 40,000 exposed instances globally, prompting a March 25 remediation deadline for federal civilian agencies under BOD 22-01.

⚠️ Cybersecurity researchers disclosed multiple critical vulnerabilities in the n8n workflow automation platform that can lead to remote code execution and the exposure of stored credentials. The principal issues include an expression sandbox escape (CVE-2026-27577) and an unauthenticated Form-node expression injection (CVE-2026-27493). n8n has released fixes in 1.123.22, 2.9.3 and 2.10.1 and recommends immediate patching; short-term mitigations and node exclusions are available for users who cannot upgrade immediately.

⚠️ HPE Aruba Networking released patches for five vulnerabilities in AOS-CX switch software, including a critical web-management flaw that allows unauthenticated remote actors to bypass authentication and potentially reset administrator credentials. The most severe issue, CVE-2026-23813 (CVSS 9.8), can be triggered entirely over the network without user interaction. Additional CLI command-injection vulnerabilities and an open-redirect flaw were also fixed; administrators should apply updates and restrict management interfaces immediately.

🔒Microsoft released its March Patch Tuesday updates addressing 84 security vulnerabilities, including two publicly disclosed zero-days. Of the fixes, eight are rated Critical and 76 Important, spanning privilege escalation, remote code execution, information disclosure and other classes. The highest-scoring issue is CVE-2026-21536 (CVSS 9.8) in the Microsoft Devices Pricing Program, which Microsoft says is fully mitigated. Administrators should review MSRC advisories and apply updates based on risk and exposure.

🔒 Microsoft released fixes for at least 77 vulnerabilities across Windows and related products in its March 2026 Patch Tuesday. Two issues were previously disclosed publicly, including a SQL Server privilege elevation (CVE-2026-21262) that can allow network-based escalation to sysadmin. Several critical remote code execution bugs in Microsoft Office and other components, plus a notable AI-discovered 9.8-rated RCE (CVE-2026-21536), merit prioritized attention. Administrators should review privilege escalation and RCE patches first and monitor for any post-update issues.

🛡️ Microsoft’s March Patch Tuesday addresses 78 vulnerabilities, led by three high-severity flaws in Microsoft Office, including an Excel information-disclosure bug (CVE-2026-26144) and two remote-code-execution issues (CVE-2026-26113, CVE-2026-26110). While Microsoft reports no known zero-day exploitation, experts urge expedited patching, restricting outbound Office traffic, and limiting AI automation such as Copilot Agent to mitigate potential silent exfiltration and preview-pane attack vectors.

🔒 Microsoft issued its March 2026 Patch Tuesday addressing 79 vulnerabilities, three of which were marked critical though assessed as less likely to be exploited. The critical issues include Office remote code execution bugs (CVE-2026-26110, CVE-2026-26113) and an Excel information-disclosure flaw (CVE-2026-26144). Important fixes affect SharePoint, SQL Server and multiple Windows components. Cisco Talos published Snort and firewall rules to detect exploitation attempts and urges customers to apply patches and rule updates promptly.

🔒 Microsoft's March 2026 Patch Tuesday addresses 79 vulnerabilities, including two publicly disclosed zero-days and three Critical flaws. Notable fixes include two Office remote code execution bugs exploitable via the preview pane and an Excel information-disclosure issue that could enable data exfiltration via Copilot. Administrators should prioritize Office, Windows and Azure updates immediately.

🔒Apeman ID71 cameras contain multiple remote-exploitable vulnerabilities, including CVE-2025-11126, CVE-2025-11851, and CVE-2025-11852. One issue, CVE-2025-11126, carries a CVSS v3.1 base score of 9.8 and involves insufficiently protected credentials. Proof-of-concept exploits for all three have been publicly disclosed and the vendor did not respond to coordination; CISA recommends isolating devices and minimizing network exposure.

⚠️ Lantronix EDS3000PS and EDS5000 devices contain multiple critical vulnerabilities, including OS command injection and authentication bypass, some exploitable without authentication, that can result in root-level code execution. Affected firmware versions include EDS3000PS 3.1.0.0R2 and EDS5000 2.1.0.0R3, with several CVEs rated CVSS 9.8. Lantronix has published firmware updates to 3.2.0.0R2 and 2.2.0.0R1. Operators should apply updates, restrict network exposure, and follow CISA mitigation guidance.

🔒 Microsoft’s March 2026 Patch Tuesday addresses 82 vulnerabilities, including eight Critical issues and two publicly disclosed flaws affecting Windows, Azure and Office. Notable high-severity items include a CVSS 9.8 RCE in the Microsoft Devices Pricing Program and several elevation-of-privilege and RCE flaws in Office, Excel and Azure Confidential Containers; some cloud-hosted issues were remediated server-side with no customer action required. CrowdStrike recommends prioritizing available fixes, applying mitigations where patches are absent, and using the Falcon Patch Tuesday dashboard to triage and track remediation.

🛡️ An Out‑of‑Bounds Write vulnerability in the DOPSoft DPAX parser of CNCSoft‑G2 (CVE‑2026‑3094) can lead to remote code execution on affected devices. The flaw affects versions prior to V2.1.0.39 and has a CVSS v3.1 score of 7.8 (High). Although exploitation requires local access and is not remotely exploitable, Delta recommends updating to V2.1.0.39 to remediate the issue and CISA advises reducing network exposure and following ICS security best practices.