In the early hours of March 18, 2026, the Auster Threat Research Team identified a previously unknown, critical zero-day vulnerability affecting major enterprise VPN appliances. Designated as CVE-2026-1847, this flaw allows unauthenticated remote attackers to execute arbitrary code with highest privileges.
Our telemetry indicates that advanced persistent threat (APT) groups, specifically those known for state-sponsored espionage, have been actively weaponizing this exploit in the wild for at least two weeks before public disclosure. The exploit chain bypasses traditional multi-factor authentication (MFA) controls entirely.
The vulnerability stems from an insecure memory allocation routine within the SSL/TLS VPN gateway portal service. By sending a specially crafted HTTP request, attackers can trigger a heap-based buffer overflow, directly injecting malicious payloads into the system architecture.
Organizations utilizing affected models must immediately apply the out-of-band emergency patches released by vendors. For environments where immediate patching is impossible, we strongly recommend disabling the public-facing portal interfaces and enforcing strict geo-blocking rules at edge firewalls.
Threat Research Team
Research Lead