252 new CVEs were published on March 16, 2026. Of those, 87 are relevant to enterprise and developer environments. The batch is anchored by two Chrome Mojo sandbox escapes, one a patched zero-day and the other the $250,000 bounty winner. A chainable Unraid NAS authentication bypass and RCE pair (via ZDI) and a SQL injection in AnythingLLM round out the top tier.
Chrome Mojo IPC: two sandbox escapes, one component
CVE-2025-4609 carries a CVSS score of 9.6. Researcher Micky reported it on April 22, 2025. Google patched it in Chrome 136 in May 2025 and paid the maximum Chrome bounty of $250,000 in August. The flaw resides in Chrome's Mojo inter-process communication (IPC) system on Windows. A compromised renderer could duplicate a privileged browser-process handle, escape the sandbox, and run system commands with 70-80% reliability.
Google called it "a very complex logic bug" with "a functional exploit."
CVE-2025-2783 (CVSS 8.3) inspired Micky's research. Kaspersky discovered this Mojo zero-day in the wild in March 2025. The TaxOff APT used it against Russian organizations. CISA added it to the Known Exploited Vulnerabilities catalog. Google released out-of-band fixes in Chrome 134.0.6998.178.
Both CVEs target the same Mojo IPC component on Windows but exploit different handle-duplication flaws.
Two Mojo sandbox escapes in one feed reflect NVD processing timelines catching up with prior disclosures. Both are patched. Organizations on Chrome 136 or later are not affected. But the concentration of critical findings in one component signals that Mojo IPC, which manages the trust boundary between the sandboxed renderer and the privileged browser process, will continue to produce high-impact bugs.
— Artem Safonov, Threat Analyst at AnonHaven
ZKTeco ZKBioSecurity: hardcoded credentials from 2016
CVE-2016-20026 (CVSS 9.3) carries a 2016 identifier but appeared in this batch as a new NVD record. ZKTeco ZKBioSecurity 3.0, a physical access control and biometric platform, contains hardcoded credentials on its embedded Apache Tomcat server. The credentials are now publicly documented. No vendor patch exists for this legacy release.
ZKBioSecurity controls door controllers, attendance tracking, and visitor logs in enterprise physical security deployments. Anyone with network access to the server can authenticate to the Tomcat management interface and deploy arbitrary WAR files. Organizations running ZKBioSecurity 3.0 should isolate the system from reachable network segments immediately.
Unraid NAS: auth bypass chains into root RCE
Two Unraid flaws reported through the Zero Day Initiative form a chainable pair. CVE-2026-3839 (CVSS 7.3, ZDI-CAN-28912) is a path traversal in auth-request.php that lets an unauthenticated remote adversary bypass authentication. CVE-2026-3838 (CVSS 8.8, ZDI-CAN-28951) is a path traversal in update.php that lets an authenticated attacker run arbitrary code as root.
Individually, CVE-2026-3838 requires authentication. Chained with CVE-2026-3839, the pair provides an unauthenticated-to-root RCE path.
Unraid has a history with this exact file. In February 2020, CVE-2020-5847 and CVE-2020-5849 targeted the same auth_request.php component with an identical auth bypass + RCE chain. That pair received a Metasploit module. The 2026 flaws hitting the same endpoint six years later suggest the original remediation was incomplete or a regression was introduced.
When a component is patched for an authentication bypass and the same file produces a second bypass six years later, the question is whether the authentication model itself is sound. Unraid administrators should not rely on the web interface alone. Network-level controls (VPN, firewall rules limiting management port access) are essential.
— Artem Safonov, Threat Analyst at AnonHaven
AnythingLLM: SQL injection through an AI agent plugin
CVE-2026-32628 (CVSS 7.7) affects AnythingLLM by Mintplex-Labs, versions 1.11.1 and earlier. The built-in SQL Agent plugin's getTableSchemaSql() method constructs queries by directly concatenating the user-controlled table_name parameter. No sanitization, no parameterization. The flaw hits all three supported database connectors (MySQL, PostgreSQL, MSSQL).
AnythingLLM is an open-source LLM platform with over 37,000 GitHub stars. The table_name parameter is likely populated by the LLM during chat. The injection vector may originate from a natural-language prompt. That makes it a form of indirect prompt injection with SQL injection consequences, invisible to any traditional WAF on the user-facing layer.
TP-Link router command injection
CVE-2026-3227 (CVSS 8.5) targets TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6. An authenticated attacker can upload a crafted configuration payload that injects OS commands executed with root privileges during port-trigger processing.
TP-Link published security advisory FAQ 5018 with firmware downloads for the TL-WR802N and TL-WR841N. The TL-WR840N is noted as "not sold in the US." The TL-WR841N is one of the best-selling consumer routers globally. Default TP-Link credentials (admin/admin) are commonly left unchanged.
Legacy CVEs newly published
CVE-2017-20218 (CVSS 8.5) is an unquoted service path in Serviio PRO 1.8. The DLNA media streaming server for Windows runs with elevated privileges. A local attacker can place a malicious executable in a directory that runs before the intended binary. The product is unmaintained.
CVE-2015-20121 (CVSS 8.8) is an unauthenticated SQL injection in RealtyScript 4.0.2 by Next Click Ventures. The real estate platform is abandoned. Sites still running it should consider the application fully compromised.
Response summary
| CVE | Vendor response | Reader action |
|---|---|---|
| CVE-2025-4609 (Chrome Mojo) | Patched in Chrome 136 (May 2025) | Confirm Chrome is at version 136+ |
| CVE-2025-2783 (Chrome Mojo 0-day) | Patched in Chrome 134.0.6998.178 | Confirm Chrome is updated |
| CVE-2016-20026 (ZKTeco) | No patch (legacy product) | Isolate ZKBioSecurity 3.0 from network |
| CVE-2026-3839 + 3838 (Unraid) | Reported via ZDI; patch status unclear | Restrict admin access to trusted networks |
| CVE-2026-32628 (AnythingLLM) | Fixed post-1.11.1 | Update AnythingLLM; restrict SQL Agent access |
| CVE-2026-3227 (TP-Link) | Firmware updates available (FAQ 5018) | Update firmware on affected router models |
| CVE-2017-20218 (Serviio) | No patch (EOL) | Remove Serviio from Windows servers |
| CVE-2015-20121 (RealtyScript) | No patch (abandoned) | Decommission immediately |
The remaining 165 lower-priority CVEs in the March 16 batch span niche products and lower CVSS ranges. The full list with advisory links is in the AnonHaven vulnerability database. Confirm Chrome is at version 136 or later. Restrict Unraid admin interfaces to trusted networks. Update AnythingLLM if using the SQL Agent plugin and apply TP-Link firmware patches on the three vulnerable models. The ZKTeco hardcoded credentials have no remedy. Isolate or replace the system.
Have a story? Become a contributor.
We work with independent researchers and cybersecurity professionals. Send us a tip or submit your article for editorial review.
