Overview
Wordfence has published details of a critical vulnerability in the User Registration & Membership WordPress plugin. The registration process can be manipulated to submit a user role that isn’t properly restricted by server-side checks, which may allow an attack to create an administrator account during sign-up, leading to full site compromise.
- CVE-2026-1492: Unauthenticated Privilege Escalation via Membership Registration (CVSSv3 9.8). Affected Versions <= 5.1.2
FreeScout has released a fix for a vulnerability that bypasses earlier file upload protections. An attacker with upload permissions may be able to bypass security checks, potentially enabling Remote Code Execution (RCE) in exposed deployments.
- CVE-2026-28289: Patch Bypass via Zero-Width Space Character Leads to Remote Code Execution (CVSSv3 10.0). Affected Versions <= 1.8.206
Cisco has published details of a critical vulnerability in the Cisco Secure Firewall Management Center (FMC) web interface. An unauthenticated remote attacker could exploit the flaw to bypass authentication and run scripts/commands, potentially resulting in root-level access to the underlying system.
- CVE-2026-20079: Cisco Secure Firewall Management Center (FMC) Software Authentication Bypass (CVSSv3 10.0). Affected Versions: All configurations of Cisco Secure FMC Software.
Google has released its 2026 Android Security Bulletin, providing patches for 129 security vulnerabilities across Android platform and vendor components, including an open-source Qualcomm Display component actively being exploited. Additionally, there is a critical system component issue that could enable Remote Code Execution (RCE) which if exploited, a remote attacker could execute malicious code without requiring any additional execution privileges.
- CVE-2026-21385: Memory Corruption Vulnerability in the Qualcomm Display Component (CVSSv3 7.8). Affected Versions < 2026-03-05 patch level
- CVE-2026-0006: Heap Buffer Overflow in the Media Codecs System Component (CVSSv3 9.8). Affected Versions = Android 16
Recommended Action
Organisations are encouraged to review the appropriate security advisory pages and apply the updates:
Wordfence - User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration
FreeScout - CVE-2026-27636 · Advisory · freescout · GitHub
Cisco - Cisco Secure Firewall Management Center Software Authentication Bypass Vulnerability
Google Android - Android Security Bulletin—March 2026 | Android Open Source Project
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.