Crucial Juniper, Cisco SD-WAN, and EV charging infrastructure vulnerabilities surfaced on underground boards, whereas ICS flaws impacted Vitality and Transportation sectors.
Cyble Analysis & Intelligence Labs (CRIL) tracked 1,641 vulnerabilities between March 04 and March 10, 2026. Of those, 175 vulnerabilities have already got publicly accessible Proof-of-Idea (PoC) exploits, considerably rising the probability of real-world assaults.
A complete of 200 vulnerabilities have been rated important beneath CVSS v3.1, whereas 61 acquired important severity beneath CVSS v4.0.
Moreover, CISA added a number of vulnerabilities to its Identified Exploited Vulnerabilities (KEV) catalog, highlighting confirmed exploitation within the wild, together with legacy flaws nonetheless actively weaponized in operational environments.
On the commercial aspect, CISA issued 9 ICS advisories masking 24 vulnerabilities, affecting distributors together with Mitsubishi Electrical, Hitachi Vitality, Mobiliti, ePower, Everon, and Delta Electronics.
The Week’s Prime Vulnerabilities
CVE-2026-21902 — Juniper Junos OS (Crucial)
CVE-2026-21902 is a important authentication bypass and distant code execution vulnerability in Juniper Junos OS Advanced. The flaw exposes an inner anomaly detection service externally, permitting unauthenticated attackers to ship crafted requests and execute arbitrary code as root.
A publicly accessible PoC and underground discussion board discussions considerably enhance the probability of exploitation.
CVE-2026-20127 — Cisco SD-WAN (Crucial)
CVE-2026-20127 is a important authentication bypass vulnerability affecting Cisco SD-WAN controllers. On account of flawed authentication logic, attackers can bypass peering authentication and achieve administrative entry over the community.
Profitable exploitation allows visitors manipulation, lateral motion, and chronic entry throughout enterprise networks.
CVE-2026-29000 — pac4j-jwt Library (Crucial)
CVE-2026-29000 is a important authentication bypass vulnerability within the pac4j-jwt library. The flaw permits attackers with entry to a public key to forge authentication tokens and impersonate any person, together with directors.
CVE-2026-27971 — Qwik Framework (Crucial)
CVE-2026-27971 is a important distant code execution vulnerability attributable to unsafe deserialization in Qwik’s server-side RPC mechanism. A single malicious request can set off arbitrary code execution on the backend server.
CVE-2026-29128 — IDC SFX Satellite tv for pc Receivers (Crucial)
CVE-2026-29128 includes hardcoded credentials and unauthenticated distant code execution in IDC SFX Sequence Satellite tv for pc Receivers. Attackers can extract privileged credentials and execute instructions as root, enabling full compromise of satellite tv for pc communication infrastructure.
Vulnerabilities Added to CISA KEV
CISA continued increasing its KEV catalog with vulnerabilities reflecting energetic exploitation traits.
Notable additions embody:
- CVE-2021-22681 — Rockwell Automation credential publicity vulnerability enabling unauthorized OT entry
- CVE-2017-7921 — Hikvision authentication bypass vulnerability nonetheless actively exploited years after disclosure
These additions spotlight the persistent threat of legacy vulnerabilities in each IT and OT environments.
Crucial ICS Vulnerabilities
CISA issued 9 ICS advisories masking 24 vulnerabilities, with most rated excessive severity.
CVE-2026-26051 — Mobiliti EV Charging Platform (Crucial)
CVE-2026-26051 is a important lacking authentication vulnerability in Mobiliti’s EV charging platform, permitting unauthenticated entry to infrastructure programs.
The danger is amplified by the absence of vendor patches or response, requiring organizations to implement unbiased mitigation controls.
CVE-2026-22552 — ePower EV Charging Platform (Crucial)
CVE-2026-22552 is a important authentication bypass vulnerability affecting ePower EV charging programs. Exploitation may allow unauthorized entry to the charging infrastructure and repair disruption.
CVE-2026-26288 — Everon Platform (Crucial)
CVE-2026-26288 is a important lacking authentication vulnerability in Everon APIs, permitting attackers to entry delicate backend providers with out credentials.
CVE-2026-1775 — Labkotec LID-3300IP (Crucial)
CVE-2026-1775 is a important lacking authentication vulnerability in Labkotec programs, the place no repair is accessible for sure {hardware} variations, requiring system alternative.
Impacted Crucial Infrastructure Sectors
Evaluation reveals that Vitality and Transportation Techniques account for 50% of ICS vulnerabilities, with Vitality showing in 62.5% of all circumstances .
This highlights tightly coupled dangers between power infrastructure and transportation programs, significantly in rising sectors comparable to EV charging ecosystems.
Conclusion
This week’s findings spotlight a convergence of large-scale IT vulnerability disclosures, energetic exploitation traits, and rising publicity throughout industrial environments.
With 175 publicly accessible PoCs, energetic underground discussions, and KEV additions confirming exploitation, organizations should prioritize proactive protection methods.
Key suggestions embody:
- Prioritizing vulnerabilities based mostly on exploit availability and threat
- Securing internet-facing belongings and demanding infrastructure endpoints
- Implementing sturdy authentication and entry controls
- Segmenting IT and OT environments to restrict lateral motion
- Changing or isolating unsupported and unpatched programs
- Conducting common safety assessments and penetration testing
Cyble’s assault floor administration options allow organizations to determine uncovered belongings, prioritize remediation, and detect early indicators of compromise. Mixed with menace intelligence and third-party threat intelligence, organizations can proactively defend towards evolving threats throughout each IT and ICS environments.
