cybr.cx Daily Digest — March 25, 2026

Critical Vulnerabilities

CVE-2026-20012 | Cisco IOS/IOS XE/ASA/FTD (IKEv2) | CVSS 8.6
A memory leak in the IKEv2 implementation across Cisco's core networking lineup—IOS, IOS XE, ASA, and FTD—allows unauthenticated remote attackers to exhaust device memory and force a DoS. If you're running VPN infrastructure on Cisco gear, prioritise this patch; attackers don't need credentials to trigger it.

CVE-2026-20084 | Cisco IOS XE (DHCP Snooping) | CVSS 8.6
Improper BOOTP packet handling on Catalyst 9000 switches lets attackers forward packets between VLANs, breaking segmentation and causing DoS conditions. This undermines one of the fundamental controls in enterprise networks—patch Catalyst 9000s running DHCP snooping immediately.

CVE-2026-20086 | Cisco IOS XE Wireless Controller (CAPWAP) | CVSS 8.6
Malformed CAPWAP packets can crash Catalyst CW9800 wireless controllers without authentication. If you're running large-scale wireless deployments on these controllers, a single crafted packet could take down your entire WLAN management plane.

CVE-2026-1519 & CVE-2026-3104 | ISC BIND 9 | CVSS 7.5
Two BIND vulnerabilities this cycle: one causes excessive CPU consumption via malicious DNSSEC zones, the other triggers memory leaks through specially crafted domain queries. BIND 9.20.x and 9.21.x are affected. Note that 9.18.x is NOT vulnerable to the memory leak (CVE-2026-3104). DNS operators running DNSSEC validation should update promptly.

CVE-2026-28842 | macOS Tahoe 26.4 | CVSS 7.3
A buffer overflow in macOS Tahoe can corrupt memory and crash applications. Apple's fixed this in 26.4—standard "update your Macs" advice applies, though the local exploitation requirement makes this less urgent than the network-reachable Cisco bugs.

Headline News

Trivy Supply Chain Attack Compromises 1,000+ Cloud Environments
The fallout from last week's Trivy supply chain compromise is worse than initially reported. According to The Register, over a thousand cloud environments have now been infected with credential-stealing malware after attackers poisoned the popular open-source container scanning tool. The criminals are reportedly leveraging their initial access to pivot into other open source projects, "creating a snowball effect" across the ecosystem. If your CI/CD pipelines pull Trivy, audit your build infrastructure and rotate any secrets that may have been exposed. This is a reminder that your software supply chain is only as secure as its weakest dependency—and even security tools aren't immune.

FCC Bans Foreign-Made Consumer Routers
The FCC has added all consumer routers manufactured outside the United States to its Covered List, effectively banning new foreign-made models from sale in the U.S. market. BleepingComputer reports this is a national security play aimed at reducing supply chain risks from adversary nations. The move has generated significant discussion on r/pwnhub (1,182 upvotes), with practitioners digging into the waiver process and noting much of this policy predates the current administration. UK experts are now calling for similar measures. For network defenders, this signals a long-term shift in how consumer edge devices will be sourced—expect procurement headaches and potential cost increases.

TP-Link Critical Auth Bypass Requires Immediate Patching
TP-Link has issued an urgent advisory warning users to patch a critical authentication bypass vulnerability affecting multiple router models. The flaw allows attackers to completely sidestep login controls, gaining administrative access to affected devices. Given TP-Link's massive consumer and SMB market share, this is a juicy target for botnet operators. If you're managing TP-Link gear—or have family members who are—push this update now before it becomes the next Mirai recruitment vector.

Nerdy Corner

An astrophotographer discovered their work made it into the film adaptation of Project Hail Mary—and wrote up the whole story on their site. Turns out Hollywood needed realistic star field imagery, and rather than CGI everything, they licensed actual astrophotography. The post details which shots made the cut and the surreal experience of seeing your hobby on the big screen. Sometimes the universe rewards pointing expensive cameras at the void for hundreds of hours. Check it out at rpastro.square.site if you need a break from patching Cisco gear.