(TLP:CLEAR) Weekly Vulnerabilities to Prioritize – March 5, 2026

Author: Chase Snow

Created: Thursday, March 5, 2026 - 13:57

Categories: Cybersecurity, Security Preparedness

The below vulnerabilities have been identified by WaterISAC analysts as important for water and wastewater utilities to prioritize in their vulnerability management efforts. WaterISAC shares critical vulnerabilities that affect widely used products and may be under active exploitation. WaterISAC draws additional awareness in alerts and advisories when vulnerabilities are confirmed to be impacting, or have a high likelihood of impacting, water and wastewater utilities. Members are encouraged to regularly review these vulnerabilities, many of which are often included in CISA’s Known Exploited Vulnerabilities (KEV) Catalog.

Cisco Secure Firewall Management Center (FMC) RCE via Insecure Deserialization
CVSS v3.1: 10.0
CVE: CVE-2026-20131
Description: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.
Source: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh

Cisco Secure Firewall Management Center Authentication Bypass Vulnerability
CVSS v3.1: 10.0
CVE: CVE-2026-20079
Description: This vulnerability can be exploited remotely by unauthenticated attackers to execute code on an affected device and obtain root access to the underlying operating system. An authentication bypass vulnerability (classified under CWE-288) in the web interface of Cisco Secure Firewall Management Center. According to Cisco, the flaw stems from an improper system process created at boot time. By sending crafted HTTP requests to an affected device, an attacker can exploit this process to execute scripts and commands that allow root access to the device. All on-premises FMC software releases are affected regardless of device configuration. Cloud-Delivered FMC (cdFMC) is not affected.
Source: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-fmc-authbypass-5JPp45V2
Additional Reading:

Qualcomm Multiple Chipsets Memory Corruption Vulnerability
CVSS v3.1: 7.8
CVE: CVE-2026-21385
Description: Memory corruption vulnerability while using alignments for memory allocation. CISA has added this vulnerability to its KEV catalog.
Source: https://docs.qualcomm.com/securitybulletin/march-2026-bulletin.html

Broadcom VMware Aria Operations Command Injection Vulnerability
CVSS v3.1: 8.1
CVE: CVE-2026-22719
Description: VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress. To remediate CVE-2026-22719, apply the patches listed in the ‘Fixed Version’ column of the ‘ Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ‘ in VMSA-2026-0001 Workarounds for CVE-2026-22719 are documented in the ‘Workarounds’ column of the ‘ Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ‘ in VMSA-2026-0001. CISA has added this vulnerability to its KEV catalog.
Source: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947