March 2026 Critical CVEs: Cisco Deserialization to Trivy Supply Chain Attacks
March 2026 saw a surge in vulnerability exploits, with attackers striking within hours of disclosure. Targets include AI platforms and supply chains. Here's a rundown of key CVEs scoring CVSS 8.7+ with confirmed real-world activity.
Cisco Secure Firewall Management Center Deserialization Flaw
CVE-2026-20131 (CVSS 10.0 CRITICAL)
A flaw in the web interface of Cisco FMC lets attackers deserialize malicious Java objects without authentication. It hits all versions, including Cisco Security Cloud Control. The Interlock group exploited this zero-day starting January 26, 2026; CISA added it to KEV with a March 22 deadline.
Exploitation: A POST request with a serialized object triggers root-level RCE.
Impacts:
- Firewall config tampering.
- Traffic interception and data theft.
- Ransomware entry point.
Mitigations:
- Patch FMC immediately.
- Isolate the management interface behind Zero Trust.
- Audit logs for deserialization payloads (use AWS IoCs).
Unauthenticated RCE in Langflow
CVE-2026-33017 (CVSS 9.3 CRITICAL)
This visual AI agent platform (145k+ GitHub stars) has a vulnerability in the /api/v1/build_public_tmp/{flow_id}/flow endpoint. Python code from JSON payloads runs via exec() with no sandboxing. Affects versions ≤1.8.2. Sysdig spotted exploits just 20 hours after the March 17 bulletin.
Exploitation: Single POST with malicious code in node definitions.
Impacts:
- RCE with process privileges.
- Theft of secrets (OpenAI API keys, DB passwords, SSH).
- Attacks on integrated ML pipelines.
Mitigations:
- Upgrade to 1.9.0+ (1.8.2 remains vulnerable per JFrog).
- Rotate all env secrets.
- Add FW/proxy auth for Langflow.
- Monitor POSTs to
/api/v1/and outbound traffic.
Chrome Zero-Days: Skia and V8 Vulnerabilities
CVE-2026-3909 (CVSS 8.7 HIGH) — out-of-bounds write in Skia (2D rendering).
CVE-2026-3910 (CVSS 8.7 HIGH) — type confusion in V8 (JS/WebAssembly).
Google confirmed active exploitation on March 10; CISA KEV deadline is March 27. Third Chrome zero-day of 2026.
Exploitation: Malicious HTML/JS page (watering hole or malvertising).
Impacts:
- Code execution in renderer process: cookie and session theft.
- Risk to headless Chrome in CI/CD.
- Escalation needs sandbox escape.
Mitigations:
- Update to Chrome 146.0.7680.75+.
- Patch Chromium-based browsers (Edge, Brave).
- Inventory headless instances.
- Enable auto-updates.
Aqua Trivy Supply Chain Compromise
CVE-2026-33634 (CVSS 9.4 CRITICAL)
On March 19, TeamPCP compromised a dev account and force-pushed malicious tags to the trivy-action GitHub Action. It steals CI/CD secrets (tokens, SSH, cloud creds). Affects Docker images and PyPI LiteLLM.
Exploitation: Action exfiltrates env secrets on run.
Impacts:
- Access to AWS/GCP/Azure credentials.
- Malicious Trivy images on Docker Hub.
- Ripple effects to LLM libraries.
Mitigations:
- Audit CI/CD runs after March 19.
- Rotate all secrets.
- Verify Trivy images.
- Pin GitHub Actions by SHA.
Microsoft Patch Tuesday: AI-XSS and Office RCE
79 CVEs patched, 8 critical. Standouts:
CVE-2026-26144 (CVSS 8.7 HIGH) — XSS in Excel Copilot Agent for stealthy data exfil.
Exploitation: Malicious XLSX triggers Copilot to send data.
CVE-2026-26110/26113 (CVSS 8.6 HIGH) — Office RCE from invalid pointer/type confusion.
Nginx UI and More
Nginx UI: Unauthenticated backup dumps (RCE risk).
Grafana: SQLi leading to RCE via SQL expressions.
GNU InetUtils telnetd: Buffer overflow.
Android: Qualcomm zero-day.
Key Takeaways
- Record-fast exploitation: 20 hours for Langflow, no public PoC.
- Supply chains under fire: Trivy, LiteLLM.
- AI-targeted attacks: Langflow exec(), Excel Copilot XSS.
- CISA KEV priorities: Cisco, Chrome—patch now.
- Headless Chrome in CI/CD: overlooked risk.
— Editorial Team
No comments yet.