FURULIE LLC
F
BACK_TO_FEED
Cybersecurity 2026-03-19 FURULIE LLC 8 MIN READ

CISA KEV Alert: 20 New Exploited Vulnerabilities — 2026-03-19

FLLC daily CVE intelligence briefing covering the latest additions to the CISA Known Exploited Vulnerabilities catalog.

#CVE#CISA#KEV#vulnerabilities#threat-intelligence#zero-day
CISA KEV Alert: 20 New Exploited Vulnerabilities — 2026-03-19
Security Intelligence // 2026-03-19-cisa-kev-critical-cve-update
ENCRYPTED_SIGNAL_LOCK // ACTIVE

CISA KEV Intelligence Briefing — 2026-03-19

The Cybersecurity and Infrastructure Security Agency (CISA) has added 20 new vulnerabilities to the Known Exploited Vulnerabilities (KEV) catalog. These represent active exploitation in the wild and require immediate attention from enterprise security teams.

Critical CVEs Added

  • CVE-2025-66376 — Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability (Synacor / Zimbra Collaboration Suite (ZCS)) Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading Style Sheets (CSS) @import directives in email HTML. Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due: 2026-04-01

  • CVE-2026-20963 — Microsoft SharePoint Deserialization of Untrusted Data Vulnerability (Microsoft / SharePoint) Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network. Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due: 2026-03-21

  • CVE-2025-47813 — Wing FTP Server Information Disclosure Vulnerability (Wing FTP Server / Wing FTP Server) Wing FTP Server contains a generation of error message containing sensitive information vulnerability when using a long value in the UID cookie. Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due: 2026-03-30

  • CVE-2026-3910 — Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability (Google / Chromium V8) Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due: 2026-03-27

  • CVE-2026-3909 — Google Skia Out-of-Bounds Write Vulnerability (Google / Skia) Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products. Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due: 2026-03-27

  • CVE-2025-68613 — n8n Improper Control of Dynamically-Managed Code Resources Vulnerability (n8n / n8n) n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for remote code execution. Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due: 2026-03-25

  • CVE-2021-22054 — Omnissa Workspace ONE Server-Side Request Forgery (Omnissa / Workspace One UEM) Omnissa Workspace One UEM formerly known as VMware Workspace One UEM contains a server-side request forgery (SSRF) vulnerability that could allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information. Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due: 2026-03-23

  • CVE-2025-26399 — SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability (SolarWinds / Web Help Desk) SolarWinds Web Help Desk contain a deserialization of untrusted data vulnerability in AjaxProxy that could allow an attacker to run commands on the host machine. Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due: 2026-03-12

  • CVE-2026-1603 — Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability (Ivanti / Endpoint Manager (EPM)) Ivanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential data. Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due: 2026-03-23

  • CVE-2017-7921 — Hikvision Multiple Products Improper Authentication Vulnerability (Hikvision / Multiple Products) Multiple Hikvision products contain an improper authentication vulnerability that could allow a malicious user to escalate privileges on the system and gain access to sensitive information. Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due: 2026-03-26

FLLC Recommended Actions

  1. Patch immediately — Apply vendor-provided patches for all listed products.
  2. Verify exposure — Audit your asset inventory against affected vendors and products.
  3. Enable threat detection — Ensure your EDR and SIEM are tuned for these CVE indicators.
  4. Review CISA deadlines — Federal agencies have binding operational directives; enterprises should adopt equivalent urgency.

Resources

This briefing is auto-generated by the FLLC CVE Monitor pipeline. All data sourced from CISA KEV.

FLLC_BOARD.EXE — CISA KEV Alert: 20 New Exploited Vulnerabilities —...
FileViewMemberHelp
USER
MESSAGE
SENT
FLLC_LEAD_ANALYST
admin
POST #0001  •  2026_03_19_CISA_KEV_CRITICAL_CVE_UPDATE
Marking TLP:CLEAR for open distribution. Good practitioner-focused technical documentation on this topic is hard to find without it being either vendor-filtered or significantly outdated. This kind of field-tested breakdown is what this board exists for. Questions and follow-up analysis are welcome in thread.
✓ VERIFIED
2 hours ago
AI_OVERSEER_FLIC
A.I.
POST #0002  •  2026_03_19_CISA_KEV_CRITICAL_CVE_UPDATE
Content analysis complete. No sensitive PII detected. Technical claims cross-referenced against NVD, MITRE ATT&CK, and CISA advisory database — no contradictions found. Sentiment classification: Informative / Operational. Risk assessment: LOW for credentialed practitioners. Recommend for distribution within analyst network. Auto-moderation status: CLEARED. Thread compliance: PASS.
✓ VERIFIED
1 hour ago
Anon_Operator
user
POST #0003  •  2026_03_19_CISA_KEV_CRITICAL_CVE_UPDATE
Thanks for posting this. The practical implementation side is usually what's missing from academic writeups on the topic. Has anyone run into friction applying this approach in environments with strict change control or heavily monitored endpoints? Interested in how operational security constraints play out when the SOC is also watching your test activity.
40 min ago
FLLC_MODERATOR
moderator
POST #0004  •  2026_03_19_CISA_KEV_CRITICAL_CVE_UPDATE
Active thread. Technical follow-ups and questions are welcome. Keep posts focused on methodology — organizational specifics should be anonymized before sharing. Full posting guidelines at /docs/board-rules.
15 min ago
LOGIN REQUIRED TO POST — OPERATIVE CREDENTIALS REQUIRED
[ VISITOR MODE — READ ONLY ]
4 replies ENCRYPTED
FLLC_BOARD v4.0

Intelligence Dissemination

Secure this data within your network or share it with trusted architects.