Top Cyber Security Vulnerabilities – March 2026 Roundup

CVE-2026-3055 (Citrix NetScaler ADC and Gateway)

A critical vulnerability in Citrix NetScaler ADC and Gateway is caused by an out of bounds read error. This happens when the device is set up as a SAML Identity Provider. This setup is very common for companies using single sign on. An unauthenticated remote attacker can exploit this flaw to leak sensitive information directly from the device memory. Exploitation bypasses normal security checks. Systems are heavily at risk if they are exposed to the internet.

• Severity and Score: Critical | CVSS 9.3
• Type: Out of Bounds Read
• Disclosure: March 23, 2026
• Exploitation Status: Highly active. Added to the CISA KEV catalog on March 30, 2026, due to active exploitation in the wild.
• Mitigation Strategies: Upgrade to version 14.1-66.59 or 13.1-62.23. Check your settings for the string “add authentication samlIdPProfile” to see if you are at risk.

CVE-2026-21536 (Microsoft Devices Pricing)

A critical remote code execution vulnerability affects the Microsoft Devices Pricing Program. This flaw is caused by a weakness that allows the upload of unrestricted file types. An unauthenticated attacker can upload a dangerous file that is automatically processed by the system. This allows the attacker to run arbitrary code over the network without needing any user interaction.

• Severity and Score: Critical | CVSS 9.8
• Type: Unauthenticated Remote Code Execution (RCE)
• Disclosure: March 5, 2026
• Exploitation Status: Publicly disclosed. Microsoft fixed this issue in their cloud servers, so no action is needed from users.
• Mitigation Strategies: Microsoft has proactively patched this vulnerability within the cloud infrastructure without requiring any customer intervention.

CVE-2026-26110 and CVE-2026-26113 (Microsoft Office)

Two critical memory safety vulnerabilities in Microsoft Office allow for remote code execution. These flaws involve untrusted pointer dereference and type confusion in Office components. Exploitation happens without any user interaction. An attacker only needs to send a specially crafted malicious file to the target user. The attack can be triggered simply by viewing the file in the preview pane.

• Severity and Score: Critical | CVSS 8.4
• Type: Remote Code Execution (RCE)
• Disclosure: March 10, 2026
• Exploitation Status: Proof of concept available. High risk target for phishing campaigns since no user action beyond viewing a message is required.
• Mitigation Strategies: Apply the March 10, 2026 Microsoft Office security updates. Turn off the Preview Pane for untrusted senders via Group Policy.

CVE-2026-21262 (Microsoft SQL Server)

A high severity elevation of privilege vulnerability in Microsoft SQL Server allows users with limited permissions to gain higher access. This flaw occurs because SQL Server incorrectly enforces access control rules. If successfully exploited, a user with low access could escalate their privileges to gain full SQL sysadmin rights. This gives them complete control over the databases.

• Severity and Score: High | CVSS 8.8
• Type: Elevation of Privilege (EoP)
• Disclosure: March 10, 2026
• Exploitation Status: Publicly disclosed. Microsoft considers exploitation less likely at this time.
• Mitigation Strategies: Deploy the March 10, 2026 Microsoft Security Updates immediately. Check all user access levels and restrict permissions.

CVE-2026-26127 (Microsoft .NET)

A high severity denial of service vulnerability affects Microsoft .NET 9.0 and 10.0. This flaw occurs because the software fails to properly check memory limits. This allows memory to be read outside the intended area. An attacker can exploit this to cause the runtime or the application to crash completely. This results in a full denial of service for the affected software.

• Severity and Score: High | CVSS 7.5
• Type: Denial of Service (DoS)
• Disclosure: March 10, 2026
• Exploitation Status: Publicly disclosed. No active exploits have been reported yet.
• Mitigation Strategies: Apply the March 10, 2026 updates from Microsoft. Ensure your applications are running on the latest patched versions of .NET.

CVE-2026-26118 (Azure Model Context Protocol Server)

An elevation of privilege vulnerability exists in the Azure Model Context Protocol Server. This flaw can be triggered by sending specially crafted input to a vulnerable server that processes user supplied data. If an attacker successfully exploits this, they could use a compromised managed identity token to gain higher privileges within the cloud environment.

• Severity and Score: High | CVSS 8.8
• Type: Elevation of Privilege (EoP)
• Disclosure: March 10, 2026
• Exploitation Status: Publicly disclosed. Elevated risk for cloud environments relying on managed identities.
• Mitigation Strategies: Apply the Microsoft updates released on March 10, 2026. Review your identity and access management settings.

CVE-2026-24289 (Windows Kernel)

An elevation of privilege vulnerability in the Windows Kernel allows a local attacker to gain full system control. A local, authenticated attacker could exploit this flaw to obtain SYSTEM level privileges on a vulnerable machine. This flaw targets deep system parts that are usually hard to monitor. Microsoft has marked this specific flaw as being more likely to be exploited soon.

• Severity and Score: Important | CVSS 7.8
• Type: Local Privilege Escalation (LPE)
• Disclosure: March 10, 2026
• Exploitation Status: Exploitation is considered highly likely. Often chained with browser sandbox escapes to achieve complete system takeover.
• Mitigation Strategies: Deploy the March 10, 2026 Microsoft Security Updates. Prioritize patching for workstations and multi user systems.

CVE-2026-26132 (Windows Kernel)

A second elevation of privilege vulnerability in the Windows Kernel also allows a local attacker to gain SYSTEM level access. Like the previous flaw, an authenticated attacker can exploit this vulnerability to take full control of the operating system. Microsoft has also assessed this vulnerability as more likely to be exploited by threat actors in the near future.

• Severity and Score: Important | CVSS 7.8
• Type: Local Privilege Escalation (LPE)
• Disclosure: March 10, 2026
• Exploitation Status: Exploitation is considered highly likely. High priority for patching.
• Mitigation Strategies: Apply the March 10, 2026 Microsoft Security Updates. Monitor for unusual privilege escalation events on local endpoints.

Key Takeaways for Security Leadership

The vulnerabilities found in March 2026 show the fast changing threat landscape across enterprise software and cloud platforms. Several critical flaws allow remote code execution, zero click compromise, or major privilege escalation. Fast attacks by both automated tools and targeted threat actors show the real urgency of proactive patch management and watching closely for strange activity.

Organizations must prioritize the immediate fixing of critical weak points, enforce strict login rules, and keep full visibility into their systems. Failing to fix these vulnerabilities quickly can lead to full system compromise, major data loss, or long term attacker access.

As one of the top cybersecurity companies in UAE, we spend a lot of time helping clients secure their enterprise infrastructure and protect their connected networks. These monthly vulnerability reports show exactly why core security habits like regular patching, strict access controls, and continuous network monitoring are so important. The strongest network walls will not hold up if the systems behind them are ignored. Take a moment to review these CVEs with your IT teams and make sure your update cycles are moving as fast as the attackers are.