Security Check-in Quick Hits: Ubiquiti UniFi Criticals, Cisco Zero-Day Ransomware, SharePoint KEV Alert, and Telnetd Root-Access Flaw Dominate X Discussions

For March 19, 2026

Ubiquiti UniFi Network Application Vulnerabilities – CVSS 10.0 Path Traversal and NoSQL Injection Disclosed

International Cyber Digest dropped a bombshell late on March 18: two critical flaws in the Ubiquiti UniFi Network Application were just publicly disclosed.

CVE-2026-22557 (CVSS 10.0) is a remote path traversal bug that requires zero authentication. Attackers can access and manipulate files on the server, leading directly to account takeovers. CVE-2026-22558 (CVSS 7.7) is an authenticated NoSQL injection that escalates privileges.

These hit a widely deployed networking platform used by enterprises and MSPs for Wi-Fi, switching, and security management. The combination of no-auth remote code paths and privilege escalation makes this a nightmare for unpatched environments. X users flooded the thread with screenshots and urgent patch reminders.

Immediate action: If you run UniFi, isolate management interfaces, apply patches the moment they drop, and scan for unauthorized file access. This one moved fast on X for good reason—expect exploitation reports soon.

Interlock Ransomware Weaponizes Cisco FMC Zero-Day (CVSS 10.0) Since January

The Hacker News and BleepingComputer broke the story: the Interlock ransomware gang has been exploiting an undisclosed Cisco Firepower Management Center (FMC) flaw rated CVSS 10.0 as a true zero-day for weeks (attacks traced back to January).

Attackers used insecure deserialization to gain root access on the firewall appliance. From there they deployed remote access trojans (RATs), proxies, and persistence mechanisms before encrypting systems. Amazon publicly confirmed the campaign targeted their environment.

This isn’t opportunistic—it’s sophisticated, targeted, and leverages a management-plane flaw most defenders assumed was secure. Multiple X threads highlighted the “weeks before disclosure” timeline, underscoring how long threat actors can operate undetected.

Takeaway for defenders: Review all Cisco FMC instances immediately, enable strict input validation where possible, and treat management interfaces as high-value targets. Patch as soon as Cisco releases it—this campaign proves zero-days in network gear are actively sold and used.

CISA Adds Microsoft SharePoint Deserialization Flaw (CVE-2026-20963) to KEV Catalog – Actively Exploited

CISA and Cyber Security News accounts lit up X on March 18–19: the agency officially added CVE-2026-20963 (deserialization of untrusted data in Microsoft SharePoint) to its Known Exploited Vulnerabilities (KEV) catalog.

The flaw allows attackers to execute code by feeding malicious serialized objects into the platform. Real-world exploitation is already occurring, prompting the urgent KEV listing. SharePoint servers handling collaboration and intranet data are now confirmed targets.

The timing—right after the Stryker medical-tech attack that also hit Microsoft environments—has security pros on X linking it to broader supply-chain and collaboration-platform risks.

Action steps: If your organization uses on-premises or hybrid SharePoint, patch immediately, restrict external access, and monitor for anomalous deserialization attempts. CISA’s KEV addition means federal contractors and anyone following best practices must address this within the mandated timeframe.

Telnetd Buffer Overflow (CVE-2026-32746) Grants Remote Root via Port 23 – Legacy Systems at Extreme Risk

Cyber Security News highlighted a brutal new vulnerability in the GNU Inetutils telnetd daemon: CVE-2026-32746, a classic buffer overflow triggered during the initial connection handshake on TCP port 23.

No authentication required. No user interaction. Send one specially crafted message and gain root access. The CVSS isn’t explicitly listed but the description screams “trivial exploitation” for any internet-facing legacy Linux or Unix systems still running telnet.

X threads warned that scanning port 23 just became “real scary” again, especially for industrial, embedded, or forgotten infrastructure that never migrated to SSH.

Bottom line: Disable telnetd everywhere—yesterday. If you must keep it for legacy reasons, air-gap it, firewall port 23 aggressively, and monitor for handshake anomalies. This is the textbook example of why “it still works” is never an acceptable security posture.