(TLP:CLEAR) Weekly Vulnerabilities to Prioritize – March 12, 2026

The below vulnerabilities have been identified by WaterISAC analysts as important for water and wastewater utilities to prioritize in their vulnerability management efforts. WaterISAC shares critical vulnerabilities that affect widely used products and may be under active exploitation. WaterISAC draws additional awareness in alerts and advisories when vulnerabilities are confirmed to be impacting, or have a high likelihood of impacting, water and wastewater utilities. Members are encouraged to regularly review these vulnerabilities, many of which are often included in CISA’s Known Exploited Vulnerabilities (KEV) Catalog.

n8n Improper Control of Dynamically-Managed Code Resources Vulnerability
CVSS v3.1: 10.0
CVE: CVE-2025-68613
Description: n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. This issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0. Users are strongly advised to upgrade to a patched version, which introduces additional safeguards to restrict expression evaluation. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only; and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully eliminate the risk and should only be used as short-term measures. CISA has added this vulnerability to its KEV catalog.
Source: https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp

Omnissa Workspace ONE Server-Side Request Forgery
CVSS v3.1: 7.5
CVE: CVE-2021-22054
Description: VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information. CISA has added this vulnerability to its KEV catalog.
Source: https://www.greynoise.io/blog/new-ssrf-exploitation-surge

SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
CVSS v3.1: 9.8
CVE: CVE-2025-26399
Description: SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986. CISA has added this vulnerability to its KEV catalog.
Source: https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399

Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
CVSS v3.1: 8.6
CVE: CVE-2026-1603
Description: An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data. CISA has added this vulnerability to its KEV catalog.
Source: https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US

Django SQLi Vulnerability
CVSS: N/A
CVE: CVE-2026-1207
Description: An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on “RasterField“ (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Tarek Nakkouch for reporting this issue.
Source: https://www.djangoproject.com/weblog/2026/feb/03/security-releases/

SmarterTools SmarterMail RCE via ConnectToHub API
CVSS v3.1: 9.3
CVE: CVE-2026-24423
Description: SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the vulnerable application.
Source: https://docs.qualcomm.com/securitybulletin/march-2026-bulletin.html