Citrix has patched two vulnerabilities in NetScaler ADC and NetScaler Gateway — a critical memory overread (CVE-2026-3055) that lets unauthenticated attackers leak session tokens from SAML IDP-configured appliances, and a high-severity race condition (CVE-2026-4368) that can expose one user’s authenticated session to another. Given the rapid exploitation history of prior NetScaler memory-read flaws, organizations running affected on-premises builds should prioritize patching immediately
A maximum-severity path traversal in the Ubiquiti UniFi Network Application allows unauthenticated attackers to read and manipulate files on the underlying host, enabling full account takeover of the controller managing an organization’s switches, access points, and gateways.
CVE-2026-32746 is an emerging critical buffer overflow in GNU Inetutils telnetd. It allows pre-authentication remote code execution during Telnet option negotiation.
CVE-2026-23813 and CVE-2026-23814 are critical vulnerabilities affecting HPE Aruba Networking AOS-CX, the network operating system used by Aruba CX-series campus and data center switches.
CVE-2026-21262 is an elevation of privilege vulnerability affecting Microsoft SQL Server. The issue is caused by improper access control within SQL Server components, allowing an authenticated attacker to elevate privileges over a network.
Two critical Cisco Secure Firewall Management Center flaws let unauthenticated remote attackers gain root on on-prem deployments through authentication bypass or Java deserialization.
CVE-2026-22769 is a hardcoded credential vulnerability in Dell RecoverPoint for VMs that can expose disaster recovery management interfaces to unauthorized access. Organizations with internet-reachable instances face elevated risk of administrative compromise and downstream infrastructure impact.
CVE-2026-1731 affects BeyondTrust privileged access deployments, introducing potential risk to internet-facing administrative interfaces. External exposure data shows cross-industry impact, particularly in technology, hospitality, healthcare, and energy sectors, where exposed access management systems may expand attackers’ paths to high-value enterprise infrastructure.
SolarWinds disclosed multiple critical vulnerabilities in its Web Help Desk platform that may allow unauthenticated attackers to bypass security controls or execute code remotely. Organizations running exposed instances should patch immediately and assess external exposure to reduce risk.
