March 2026 CVE Landscape: 31 High-Impact Vulnerabilities Identified, Interlock Ransomware Group Exploits Cisco FMC Zero-Day

March 2026 saw a 139% increase in high-impact vulnerabilities, with Recorded Future's Insikt Group® identifying 31 vulnerabilities requiring immediate remediation, up from 13 in February 2026.

March 2026 saw a 139% increase in high-impact vulnerabilities, with Recorded Future's Insikt Group® identifying 31 vulnerabilities requiring immediate remediation, up from 13 in February 2026. In March 2026, Insikt Group® identified 31 high-impact vulnerabilities that should be prioritized for remediation , 29 of which had a Very Critical Recorded Future Risk Score. These vulnerabilities affected products from the following vendors: Cisco, Microsoft, Google, ConnectWise, Langflow, Citrix, Aquasecurity, Nginx UI, Qualcomm, F5, Craft CMS, Laravel, Apple, Synacor, Wing FTP Server, n8n, Omnissa, SolarWinds, Ivanti, Hikvision, Rockwell, and Broadcom. This month’s most affected vendors were Microsoft and Apple, together accounting for approximately 32% of the 31 vulnerabilities. One vulnerability ( CVE-2017-7921 affecting Hikvision) is approximately nine years old, reinforcing how attackers continue to exploit long-known weaknesses in environments where patching has lagged . Legacy and unpatched systems remain attractive targets. Defenders should not discount older CVEs; instead, they should prioritize based on observed activity, maintain strong asset visibility, and apply compensating controls where remediation is not possible. In March, Insikt Group® created Nuclei templates for a high-severity path traversal vulnerability in MindsDB (CVE-2026-27483) and a critical missing authentication vulnerability in Nginx UI (CVE-2026-27944). Additionally, Insikt Group® had already published a Nuclei template for CVE-2025-68613 (n8n) in December, prior to its exploitation this month. We also identified public proof-of-concept (PoC) exploits for 10 of the 31 vulnerabilities. Quick Reference: March 2026 Vulnerability Table All 31 vulnerabilities below were actively exploited in March 2026. The table below also provides examples of public PoCs identified by Insikt Group®. These PoCs were not tested for accuracy or efficacy. Vulnerability management teams should exercise caution and verify the validity of PoCs before testing. # Vulnerability Risk Score Affected Vendor/Product Vulnerability Type/Component Public PoC 1 CVE-2026-20131 99 Cisco Secure Firewall Management Center (FMC) CWE-502 (Deserialization of Untrusted Data) Yes 2 CVE-2026-21262 99 Microsoft SQL Server (2016 SP3, 2017, 2019, 2022, 2025) CWE-284 (Improper Access Control) No 3 CVE-2026-26127 99 Microsoft .NET (9.0, 10.0) and Microsoft.Bcl.Memory CWE-125 (Out-of-bounds Read) No 4 CVE-2026-3909 99 Google Skia CWE-787 (Out-of-bounds Write) No 5 CVE-2026-3910 99 Google Chromium V8 CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) No 6 CVE-2026-3564 99 ConnectWise ScreenConnect CWE-347 (Improper Verification of Cryptographic Signature) No 7 CVE-2026-33017 99 Langflow CWE-94 (Code Injection), CWE-95 (Eval Injection), CWE-306 (Missing Authentication for Critical Function) Yes 8 CVE-2026-3055 99 Citrix NetScaler CWE-125 (Out-of-bounds Read) Yes 9 CVE-2026-33634 99 Aquasecurity Trivy CWE-506 (Embedded Malicious Code) Yes 10 CVE-2026-25187 94 Microsoft Windows CWE-59 (Link Following) No 11 CVE-2026-33032 94 Nginx UI CWE-306 (Missing Authentication for Critical Function) No 12 CVE-2026-21385 89 Qualcomm (Multiple Chipsets) CWE-190 (Integer Overflow or Wraparound) No 13 CVE-2025-53521 99 F5 BIG-IP CWE-121 (Stack-based Buffer Overflow) No 14 CVE-2025-32432 99 Craft CMS CWE-94 (Code Injection) Yes 15 CVE-2025-54068 99 Laravel Livewire CWE-94 (Code Injection) Yes 16 CVE-2025-43510 99 Apple (Multiple Products) CWE-667 (Improper Locking) No 17 CVE-2025-43520 99 Apple (Multiple Products) CWE-120 (Classic Buffer Overflow) No 18 CVE-2025-31277 99 Apple (Multiple Products) CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) No 19 CVE-2025-66376 99 Synacor Zimbra Collaboration Suite (ZCS) CWE-79 (Cross-site Scripting) No 20 CVE-2026-20963 99 Microsoft SharePoint CWE-502 (Deserialization of Untrusted Data) Yes 21 CVE-2025-47813 99 Wing FTP Server CWE-209 (Generation of Error Message Containing Sensitive Information) No 22 CVE-2025-68613 99 n8n CWE-913 (Improper Control of Dynamically-Managed Code Resources) Yes 23 CVE-2021-22054 99 Omnissa Workspace One UEM CWE-918 (SSRF) Yes 24 CVE-2025-26399 99 SolarWinds Web Help Desk CWE-502 (Deserialization of Untrusted Data) No 25 CVE-2026-1603 99 Ivanti Endpoint Manager (EPM) CWE-288 (Authentication Bypass Using an Alternate Path or Channel) No 26 CVE-2017-7921 99 Hikvision (Multiple Products) CWE-287 (Improper Authentication) Yes 27 CVE-2021-22681 99 Rockwell (Multiple Products) CWE-522 (Insufficiently Protected Credentials) No 28 CVE-2023-43000 99 Apple (Multiple Products) CWE-416 (Use After Free) No 29 CVE-2021-30952 92 Apple (Multiple Products) CWE-190 (Integer Overflow or Wraparound) No 30 CVE-2023-41974 99 Apple iOS and iPadOS CWE-416 (Use After Free) No 31 CVE-2026-22719 89 Broadcom VMware Aria Operations CWE-77 (Command Injection) No Table 1: List of vulnerabilities that were...