Weekly Exploit Roundup

Generated 2026-03-03T08:00:14.233026+00:00 (UTC)

1. Metasploit Wrap-Up 02/27/2026
   Source: Rapid7 Cybersecurity Blog | Published: 2026-02-27T20:25:50+00:00 | Score: 23.513
   No Prob-ollama This release brings some serious firepower with multiple new exploit modules and critical vulnerability support! The standout additions are the Ollama path traversal RCE (CVE-2024-37032), a sophisticated exploit chaining arbitrary file writes into unauthenticated root RCE, and the Grandstream GXP1600 stack overflow (CVE-2026-2329), which targets VoIP devices with accompanying credential harvesting and SIP interception post-modules. The BeyondTrust PRA/RS module got upgraded with support for the new CVE-2026-1731 command injection vulnerability along with legacy CVE support. On the evasion front, there's fresh ARM64 RC4 encryption support with sleep-based detection bypass. Classic vulnerability modules like Unreal IRCd and vsftpd backdoors got quality-of-life improvements with proper check methods and multiple exploitation targets. Several auxiliary scanners (LDAP ESC, GraphQL introspection) also received critical bugfix updates eliminating false positives and crashes. Ne
2. Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access
   Source: The Hacker News | Published: 2026-02-26T06:13:00+00:00 | Score: 19.975
   A newly disclosed maximum-severity security flaw in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager (formerly vManage) has come under active exploitation in the wild as part of malicious activity that dates back to 2023.
   The vulnerability, tracked as CVE-2026-20127 (CVSS score: 10.0), allows an unauthenticated remote attacker to bypass authentication and obtain
3. SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution
   Source: The Hacker News | Published: 2026-02-25T07:04:00+00:00 | Score: 16.786
   SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution.
   The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below –

   CVE-2025-40538 – A broken access control vulnerability that allows an attacker to create a system admin user and execute arbitrary

4. Critical Cisco Catalyst Vulnerability Exploited in the wild (CVE-2026-20127)
   Source: Rapid7 Cybersecurity Blog | Published: 2026-02-25T22:03:33+00:00 | Score: 16.133
   Overview On February 25, 2026, Cisco disclosed a critical authentication bypass vulnerability in Cisco Catalyst SD‑WAN Controller and Cisco Catalyst SD‑WAN Manager, tracked as CVE‑2026‑20127 , that allows an unauthenticated attacker to gain administrative access to affected systems. The Cisco Catalyst SD-WAN Controller and Manager are core components of Cisco’s software-defined wide area networking (SD-WAN) architecture. The issue was originally identified and reported by Australian cybersecurity authorities, who observed real‑world attacks leveraging this flaw. Customers running these products must urgently upgrade to a fixed release to prevent further compromise. This vulnerability affects the following deployment types: On-Prem Deployment Cisco Hosted SD-WAN Cloud Cisco Hosted SD-WAN Cloud – Cisco Managed Cisco Hosted SD-WAN Cloud – FedRAMP Environment At the time of disclosure, Cisco Talos published a report that outlined how malicious actors in the wild leveraged CVE-2026-20127 to
5. Before the Breach: When digital footprints become a strategic cyber risk
   Source: Rapid7 Cybersecurity Blog | Published: 2026-02-26T14:00:00+00:00 | Score: 15.607
   Overview For years, organizations have prioritized strengthening technical defenses, including hardening networks, accelerating patch management, and expanding endpoint detection and response capabilities. Defensive systems have become more adaptive, identity has moved to the center of security architectures, and zero-trust has emerged as a foundational design principle. Despite these advances, successful intrusions continue to occur in environments that appear technically mature. While traditional attack vectors like vulnerability exploitation, misconfigurations, and malware-based intrusions show no sign of decline, modern attacks are increasingly preceded or materially enabled by extensive reconnaissance conducted beyond the victim’s technical perimeter. Organizations and their employees expose substantial volumes of data online, both intentionally and unintentionally. This includes professional and personal information shared through corporate websites, SaaS platforms, social media,
6. New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel
   Source: The Hacker News | Published: 2026-03-02T17:08:00+00:00 | Score: 15.157
   Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system.
   The vulnerability, tracked as CVE-2026-0628 (CVSS score: 8.8), has been described as a case of insufficient policy enforcement in the WebView tag. It was patched by Google in early January 2026
7. APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday
   Source: The Hacker News | Published: 2026-03-02T10:36:00+00:00 | Score: 14.963
   A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai.
   The vulnerability in question is CVE-2026-21513 (CVSS score: 8.8), a high-severity security feature bypass affecting the MSHTML Framework.
   "Protection mechanism failure in MSHTML Framework allows an unauthorized
8. CISA warns that RESURGE malware can be dormant on Ivanti devices
   Source: BleepingComputer | Published: 2026-02-27T15:57:04+00:00 | Score: 14.379
   The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282 to breach Ivanti Connect Secure devices. […]
9. CISA and Partners Release Guidance for Ongoing Global Exploitation of Cisco SD-WAN Systems
   Source: Alerts | Published: 2026-02-25T12:00:00+00:00 | Score: 13.833
   The purpose of this Alert is to provide resources for organizations with Cisco Software-Defined Wide-Area Networking (SD-WAN) systems, including Federal Civilian Executive Branch (FCEB) agencies, to address ongoing exploitation of multiple vulnerabilities. Notably, the Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-20127 and CVE-2022-20775 to its Known Exploited Vulnerabilities (KEV) Catalog on Feb. 25, 2026. As a result of the malicious cyber activity and vulnerabilities involving Cisco SD-WAN systems, CISA has outlined requirements for FCEB agencies in Emergency Directive (ED) 26-03 to inventory Cisco SD-WAN systems, update them, and assess compromise. CISA and partners have observed malicious cyber actors targeting and compromising Cisco SD-WAN systems of organizations, globally. These actors have been observed exploiting a previously undisclosed authentication bypass vulnerability, CVE-2026-20127, for initial access before escalating privileges using CVE
10. CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability
    Source: The Hacker News | Published: 2026-02-25T05:23:00+00:00 | Score: 13.736
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed vulnerability in FileZen to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
    The vulnerability, tracked as CVE-2026-25108 (CVSS v4 score: 8.7), is a case of operating system (OS) command injection that could allow an authenticated user to execute

End of report.