Bastion Codex – Weekly Defender Brief (2026-03-16)

This weekly defender brief summarizes vulnerability movement observed over the past 7 and 30 days.

The goal is simple: highlight signal that matters to frontline defenders — patch workload pressure, severity shifts, and KEV movement.

Bastion Codex – Weekly Defender Brief

Week of 2026-03-16

Executive Snapshot

  • 1205 CVEs observed in the last 7 days
  • 97 Critical
  • 421 High
  • 2 KEV-listed vulnerabilities in last 30 days

Week-over-Week Movement

  • Total CVEs: -244 (from 1449 to 1205, -16.8%)
  • Critical: -57 (from 154 to 97, -37.0%)
  • High: -114 (from 535 to 421, -21.3%)
  • Medium: 61 (from 405 to 466, 15.1%)
  • Low: 1 (from 43 to 44, 2.3%)
  • Unknown: -135 (from 312 to 177, -43.3%)

Defender Takeaways

  • Elevated volume of Critical vulnerabilities this week. Prioritize external-facing asset review.
  • Recently added KEV vulnerabilities detected. Review CISA remediation timelines.
  • High severity volume suggests increased patch workload. Focus on internet-exposed services first.

Severity Breakdown (7 Days)

  • Critical: 97
  • High: 421
  • Medium: 466
  • Low: 44
  • Unknown: 177

Top Vendors (30 Days)

  • Google: 2

Top Products (30 Days)

  • Chromium V8: 1
  • Skia: 1

Priority Watchlist (Top 10)

  • CVE-2025-68613 | CVSS: 9.9 | KEV: True | n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a crit
  • CVE-2025-26399 | CVSS: 9.8 | KEV: True | SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability tha
  • CVE-2025-54236 | CVSS: 9.1 | KEV: True | Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Vali
  • CVE-2024-23222 | CVSS: 8.8 | KEV: True | A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, iO
  • CVE-2023-43000 | CVSS: 8.8 | KEV: True | A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, S
  • CVE-2026-3909 | CVSS: 8.8 | KEV: True | Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a c
  • CVE-2026-3910 | CVSS: 8.8 | KEV: True | Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sand
  • CVE-2026-1603 | CVSS: 8.6 | KEV: True | An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored
  • CVE-2023-41974 | CVSS: 7.8 | KEV: True | A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, iOS 15.8.7 and iPadOS 15.
  • CVE-2021-22054 | CVSS: 7.5 | KEV: True | VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5

Generated via Bastion Codex pipeline at 2026-03-16T12:49:25.042017+00:00