Friday, March 13, 2026

Today's Security Snapshot

Critical vulnerabilities, curated daily for security professionals

đŸŽ¯ SSCV Profile

See how vulnerabilities affect your specific environment

CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework

Risk scores will be adjusted based on your selected environment

Today's Security Brief

Friday's vulnerability disclosures are dominated by multiple critical flaws in Veeam Backup & Replication, with four CVEs scoring 9.9 and one at 9.1, presenting significant risk to enterprise backup infrastructure. The day's total includes 10 critical and 100 high-priority CVEs, with critical counts down 58% from the prior day while high-priority volume held steady. CVE-2026-3611 in Honeywell IQ4x building controllers received a maximum CVSS 10.0 score, and CVE-2026-3059 and CVE-2026-3060 affect the SGLang AI framework at 9.8 each. Attack patterns span remote code execution and authentication bypass across enterprise backup, industrial control systems, and AI/ML infrastructure. Eleven CVEs have confirmed active exploitation, including vulnerabilities in Ivanti Endpoint Manager, VMware Aria Operations, and several legacy Apple and Hikvision flaws, while patch availability currently sits at 0%.

  • Veeam Backup & Replication faces five critical vulnerabilities (CVSS 9.1–9.9), requiring urgent review of all backup infrastructure
  • 10 critical CVEs disclosed, a 58% decrease from the prior day's 24 critical vulnerabilities
  • 100 high-priority CVEs reported, unchanged from the previous day's volume
  • Honeywell IQ4x building controllers received a maximum-severity CVSS 10.0 rating (CVE-2026-3611), affecting industrial control environments
  • Patch availability stands at 0% across all disclosed CVEs, limiting remediation to compensating controls and network segmentation
  • 11 actively exploited vulnerabilities include Ivanti EPM, VMware Aria Operations, Qualcomm chipsets, and legacy Apple and Hikvision flaws

Immediate action: Prioritize Veeam Backup & Replication environments for immediate risk assessment given five critical-severity flaws, and isolate Honeywell IQ4x building controllers from untrusted networks pending vendor guidance. With 0% patch availability across Friday's disclosures, implement compensating controls including network segmentation, enhanced monitoring, and access restrictions for all affected systems, particularly Ivanti EPM and VMware Aria Operations instances under active exploitation.

💡 Tip: Swipe CVE cards left to ⭐ star, right to ❌ remove

Section Navigation