NVD disclosure day

Published threat advisories for March 12, 2026

CVE-2026-3611

Honeywell IQ4x Building Controllers Authentication Bypass

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

Honeywell IQ4x controllers allow unauthenticated remote users to create administrative accounts via the web interface, potentially locking out legitimate operators and disrupting building control functions.

NVD published: March 12, 2026

CVE advisoryCRITICAL

CVE-2026-21708

Veeam Backup & Replication RCE via Backup Viewer

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

A vulnerability in Veeam Backup & Replication allows a Backup Viewer to perform remote code execution as the postgres user, potentially compromising backup data and infrastructure. This issue requires authenticated access to the Backup Viewer component and could impact backup system integrity and confidentiality.

NVD published: March 12, 2026