Skip to content

Commit 11859ad

Browse files
cedricbonhommecedricbonhomme
committed
chg: [news] Vulnerability Report - january 2026
1 parent 098a2d1 commit 11859ad

File tree

4 files changed

+177
-0
lines changed

4 files changed

+177
-0
lines changed

content/news/2026-02-17-vulnerability-report-january-2026.md

Lines changed: 177 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,177 @@
1+
---
2+
title: "Vulnerability Report - January 2026"
3+
slug: vulnerability-report-january-2026
4+
author: CIRCL team
5+
layout: news
6+
date: 2026-02-18
7+
tags:
8+
- VulnerabilityReport
9+
- Report
10+
- FETTA
11+
---
12+
13+
{{< card link="/tags/vulnerabilityreport/" title="All vulnerability reports" icon="document-report" >}}
14+
15+
16+
## Introduction
17+
18+
This vulnerability report has been generated using data aggregated on
19+
[Vulnerability-Lookup](https://vulnerability.circl.lu),
20+
with contributions from the platform’s community.
21+
22+
It highlights the most frequently mentioned vulnerability for January 2026, based on sightings collected from various sources,
23+
including [MISP](https://www.misp-project.org), Exploit-DB, Bluesky, [Mastodon](https://joinmastodon.org), GitHub Gists,
24+
[The Shadowserver Foundation](https://www.shadowserver.org/), [Nuclei](https://github.com/projectdiscovery/nuclei),
25+
[SPLOITUS](https://sploitus.com), [Metasploit](https://github.com/rapid7/metasploit-framework), and more.
26+
For further details, please visit [this page](https://www.vulnerability-lookup.org/user-manual/sightings/).
27+
28+
29+
## The Month at a Glance
30+
31+
January 2026 saw two vulnerabilities tied for most frequently sighted with 110 sightings each: [CVE-2026-21858](https://vulnerability.circl.lu/vuln/CVE-2026-21858), a Critical-severity vulnerability in n8n-io's n8n workflow automation platform, and [CVE-2026-24061](https://vulnerability.circl.lu/vuln/CVE-2026-24061), a Critical vulnerability affecting GNU Inetutils. The n8n vulnerability was extensively covered in contributor insights, notably in ["The Ni8mare Test: n8n RCE Under the Microscope"](https://vulnerability.circl.lu/comment/d766d344-c029-419a-b990-fb512e9cb929).
32+
33+
Other critical vulnerabilities in the top 10 include [CVE-2025-55182](https://vulnerability.circl.lu/vuln/CVE-2025-55182) in Meta's react-server-dom-webpack (97 sightings), [CVE-2026-20045](https://vulnerability.circl.lu/vuln/CVE-2026-20045) in Cisco Unified Communications Manager (80 sightings), [CVE-2026-24858](https://vulnerability.circl.lu/vuln/CVE-2026-24858) in Fortinet FortiManager (80 sightings), [CVE-2026-1281](https://vulnerability.circl.lu/vuln/CVE-2026-1281) in Ivanti Endpoint Manager Mobile (70 sightings), and [CVE-2017-18368](https://vulnerability.circl.lu/vuln/CVE-2017-18368), an older but still active vulnerability in billion 5200w-t devices (62 sightings).
34+
35+
January was a busy month for actively exploited vulnerabilities, with 15 new entries added to the CISA Known Exploited Vulnerabilities catalog. Notable additions include:
36+
37+
- [CVE-2026-24858](https://vulnerability.circl.lu/vuln/CVE-2026-24858): Fortinet FortiManager (Critical severity)
38+
- [CVE-2026-21509](https://vulnerability.circl.lu/vuln/CVE-2026-21509) and [CVE-2026-24061](https://vulnerability.circl.lu/vuln/CVE-2026-24061): Microsoft 365 Apps and GNU Inetutils
39+
- [CVE-2025-52691](https://vulnerability.circl.lu/vuln/CVE-2025-52691) and [CVE-2026-23760](https://vulnerability.circl.lu/vuln/CVE-2026-23760): SmarterTools SmarterMail
40+
- [CVE-2026-20045](https://vulnerability.circl.lu/vuln/CVE-2026-20045): Cisco Unified Communications Manager
41+
- [CVE-2025-34026](https://vulnerability.circl.lu/vuln/CVE-2025-34026): Versa Concerto
42+
43+
No new entries were added to the ENISA KEV catalog in January.
44+
45+
The Ghost CVE Report reveals early detection of vulnerabilities with limited public information. [CVE-2025-58151](https://vulnerability.circl.lu/vuln/CVE-2025-58151) (Xen Security Advisory) and [CVE-2026-23456](https://vulnerability.circl.lu/vuln/CVE-2026-23456) (YoSmart YoLink Smart Hub) led with 5 sightings each, followed by [CVE-2024-31884](https://vulnerability.circl.lu/vuln/CVE-2024-31884) (4 sightings) and several GHSA identifiers and CVEs with 3 sightings.
46+
47+
Contributor insights covered a diverse range of topics, including EPMM detection techniques, PAN-OS firewall vulnerabilities, CVEs affecting the Svelte ecosystem, security advisories for Ivanti Endpoint Manager Mobile, GNU C Library updates, Trend Micro Apex Central vulnerabilities, and multiple vulnerabilities in GnuPG (gpg.fail).
48+
49+
50+
## Top 10 Vendors of the Month
51+
52+
[![Top 10 Vendors of the Month](/images/news/2026/02/top-10-vendors.png)](/images/news/2026/02/top-10-vendors.png)
53+
54+
55+
## Top 10 Assigners of the Month
56+
57+
[![Top 10 Assigners of the Month](/images/news/2026/02/top-10-assigners.png)](/images/news/2026/02/top-10-assigners.png)
58+
59+
60+
## Top 10 vulnerabilities of the Month
61+
62+
63+
| Vulnerability | Sighting Count | Vendor | Product | [VLAI Severity](https://arxiv.org/abs/2507.03607) |
64+
| ---------------------------------------------------------------------- | --------------- | --------------- | --------------- | --------------------------------------------------|
65+
| [CVE-2026-21858](https://vulnerability.circl.lu/vuln/CVE-2026-21858) | 110 | [n8n-io](https://vulnerability.circl.lu/search?vendor=n8n-io) | [n8n](https://vulnerability.circl.lu/search?vendor=n8n-io&product=n8n) | Critical (confidence: 0.8071) |
66+
| [CVE-2026-24061](https://vulnerability.circl.lu/vuln/CVE-2026-24061) | 110 | [GNU](https://vulnerability.circl.lu/search?vendor=GNU) | [Inetutils](https://vulnerability.circl.lu/search?vendor=GNU&product=Inetutils) | Critical (confidence: 0.9534) |
67+
| [CVE-2025-55182](https://vulnerability.circl.lu/vuln/CVE-2025-55182) | 97 | [Meta](https://vulnerability.circl.lu/search?vendor=Meta) | [react-server-dom-webpack](https://vulnerability.circl.lu/search?vendor=Meta&product=react-server-dom-webpack) | Critical (confidence: 0.9914) |
68+
| [CVE-2026-21509](https://vulnerability.circl.lu/vuln/CVE-2026-21509) | 94 | [Microsoft](https://vulnerability.circl.lu/search?vendor=Microsoft) | [Microsoft 365 Apps for Enterprise](https://vulnerability.circl.lu/search?vendor=Microsoft&product=Microsoft+365+Apps+for+Enterprise) | High (confidence: 0.9735) |
69+
| [CVE-2025-8088](https://vulnerability.circl.lu/vuln/CVE-2025-8088) | 84 | [win.rar GmbH](https://vulnerability.circl.lu/search?vendor=win.rar+GmbH) | [WinRAR](https://vulnerability.circl.lu/search?vendor=win.rar+GmbH&product=WinRAR) | High (confidence: 0.9881) |
70+
| [CVE-2026-20045](https://vulnerability.circl.lu/vuln/CVE-2026-20045) | 80 | [Cisco](https://vulnerability.circl.lu/search?vendor=Cisco) | [Cisco Unified Communications Manager](https://vulnerability.circl.lu/search?vendor=Cisco&product=Cisco+Unified+Communications+Manager) | Critical (confidence: 0.5226) |
71+
| [CVE-2026-24858](https://vulnerability.circl.lu/vuln/CVE-2026-24858) | 80 | [Fortinet](https://vulnerability.circl.lu/search?vendor=Fortinet) | [FortiManager](https://vulnerability.circl.lu/search?vendor=Fortinet&product=FortiManager) | Critical (confidence: 0.9378) |
72+
| [CVE-2025-14847](https://vulnerability.circl.lu/vuln/CVE-2025-14847) | 76 | [MongoDB Inc.](https://vulnerability.circl.lu/search?vendor=MongoDB+Inc.) | [MongoDB Server](https://vulnerability.circl.lu/search?vendor=MongoDB+Inc.&product=MongoDB+Server) | High (confidence: 0.9349) |
73+
| [CVE-2026-1281](https://vulnerability.circl.lu/vuln/CVE-2026-1281) | 70 | [Ivanti](https://vulnerability.circl.lu/search?vendor=Ivanti) | [Endpoint Manager Mobile](https://vulnerability.circl.lu/search?vendor=Ivanti&product=Endpoint+Manager+Mobile) | Critical (confidence: 0.9914) |
74+
| [CVE-2017-18368](https://vulnerability.circl.lu/vuln/CVE-2017-18368) | 62 | [billion](https://vulnerability.circl.lu/search?vendor=billion) | [5200w-t](https://vulnerability.circl.lu/search?vendor=billion&product=5200w-t) | Critical (confidence: 0.9748) |
75+
76+
77+
78+
79+
## Known Exploited Vulnerabilities
80+
81+
New entries have been added to major Known Exploited Vulnerabilities catalogs.
82+
83+
### CISA
84+
85+
| CVE ID | Date Added | Vendor | Product | [VLAI Severity](https://arxiv.org/abs/2507.03607) |
86+
|------------------------------------------|------------|---------|----------| --------------------------------------------------|
87+
| [CVE-2026-24858](https://vulnerability.circl.lu/vuln/CVE-2026-24858) | 2026-01-27 | [Fortinet](https://vulnerability.circl.lu/search?vendor=Fortinet) | [FortiManager](https://vulnerability.circl.lu/search?vendor=Fortinet&product=FortiManager) | Critical (confidence: 0.9378) |
88+
| [CVE-2025-52691](https://vulnerability.circl.lu/vuln/CVE-2025-52691) | 2026-01-26 | [SmarterTools](https://vulnerability.circl.lu/search?vendor=SmarterTools) | [SmarterMail](https://vulnerability.circl.lu/search?vendor=SmarterTools&product=SmarterMail) | Critical (confidence: 0.7545) |
89+
| [CVE-2018-14634](https://vulnerability.circl.lu/vuln/CVE-2018-14634) | 2026-01-26 | [The Linux Foundation](https://vulnerability.circl.lu/search?vendor=The+Linux+Foundation) | [kernel](https://vulnerability.circl.lu/search?vendor=The+Linux+Foundation&product=kernel) | High (confidence: 0.8719) |
90+
| [CVE-2026-23760](https://vulnerability.circl.lu/vuln/CVE-2026-23760) | 2026-01-26 | [SmarterTools](https://vulnerability.circl.lu/search?vendor=SmarterTools) | [SmarterMail](https://vulnerability.circl.lu/search?vendor=SmarterTools&product=SmarterMail) | Critical (confidence: 0.9916) |
91+
| [CVE-2026-21509](https://vulnerability.circl.lu/vuln/CVE-2026-21509) | 2026-01-26 | [Microsoft](https://vulnerability.circl.lu/search?vendor=Microsoft) | [Microsoft 365 Apps for Enterprise](https://vulnerability.circl.lu/search?vendor=Microsoft&product=Microsoft+365+Apps+for+Enterprise) | High (confidence: 0.9735) |
92+
| [CVE-2026-24061](https://vulnerability.circl.lu/vuln/CVE-2026-24061) | 2026-01-26 | [GNU](https://vulnerability.circl.lu/search?vendor=GNU) | [Inetutils](https://vulnerability.circl.lu/search?vendor=GNU&product=Inetutils) | Critical (confidence: 0.9534) |
93+
| [CVE-2024-37079](https://vulnerability.circl.lu/vuln/CVE-2024-37079) | 2026-01-23 | [vmware](https://vulnerability.circl.lu/search?vendor=vmware) | [vcenter_server](https://vulnerability.circl.lu/search?vendor=vmware&product=vcenter_server) | Critical (confidence: 0.9302) |
94+
| [CVE-2025-54313](https://vulnerability.circl.lu/vuln/CVE-2025-54313) | 2026-01-22 | [prettier](https://vulnerability.circl.lu/search?vendor=prettier) | [eslint-config-prettier](https://vulnerability.circl.lu/search?vendor=prettier&product=eslint-config-prettier) | High (confidence: 0.8864) |
95+
| [CVE-2025-34026](https://vulnerability.circl.lu/vuln/CVE-2025-34026) | 2026-01-22 | [Versa](https://vulnerability.circl.lu/search?vendor=Versa) | [Concerto](https://vulnerability.circl.lu/search?vendor=Versa&product=Concerto) | Critical (confidence: 0.9819) |
96+
| [CVE-2025-31125](https://vulnerability.circl.lu/vuln/CVE-2025-31125) | 2026-01-22 | [vitejs](https://vulnerability.circl.lu/search?vendor=vitejs) | [vite](https://vulnerability.circl.lu/search?vendor=vitejs&product=vite) | Medium (confidence: 0.6523) |
97+
| [CVE-2026-20045](https://vulnerability.circl.lu/vuln/CVE-2026-20045) | 2026-01-21 | [Cisco](https://vulnerability.circl.lu/search?vendor=Cisco) | [Cisco Unified Communications Manager](https://vulnerability.circl.lu/search?vendor=Cisco&product=Cisco+Unified+Communications+Manager) | Critical (confidence: 0.5226) |
98+
| [CVE-2026-20805](https://vulnerability.circl.lu/vuln/CVE-2026-20805) | 2026-01-13 | [Microsoft](https://vulnerability.circl.lu/search?vendor=Microsoft) | [Windows 10 Version 1607](https://vulnerability.circl.lu/search?vendor=Microsoft&product=Windows+10+Version+1607) | Medium (confidence: 0.995) |
99+
| [CVE-2025-8110](https://vulnerability.circl.lu/vuln/CVE-2025-8110) | 2026-01-12 | [Gogs](https://vulnerability.circl.lu/search?vendor=Gogs) | [Gogs](https://vulnerability.circl.lu/search?vendor=Gogs&product=Gogs) | High (confidence: 0.9905) |
100+
| [CVE-2009-0556](https://vulnerability.circl.lu/vuln/CVE-2009-0556) | 2026-01-07 | [Microsoft](https://vulnerability.circl.lu/search?vendor=Microsoft) | [Office](https://vulnerability.circl.lu/search?vendor=Microsoft&product=Office) | High (confidence: 0.8535) |
101+
| [CVE-2025-37164](https://vulnerability.circl.lu/vuln/CVE-2025-37164) | 2026-01-07 | [Hewlett Packard Enterprise (HPE)](https://vulnerability.circl.lu/search?vendor=Hewlett+Packard+Enterprise+(HPE)) | [HPE OneView](https://vulnerability.circl.lu/search?vendor=Hewlett+Packard+Enterprise+(HPE)&product=HPE+OneView) | High (confidence: 0.6929) |
102+
103+
104+
### ENISA
105+
106+
No new entry in January.
107+
108+
109+
## Top 10 Weaknesses of the Month
110+
111+
[![Top 10 Weaknesses of the Month](/images/news/2026/02/top-10-weaknesses.png)](https://vulnerability.circl.lu/cwes/?year=2026&month=01)
112+
113+
Click the image for more information.
114+
115+
116+
## Ghost CVE Report
117+
118+
A ghost CVE is a vulnerability identifier that's already popped up in the wild but is still listed as RESERVED or NOT_FOUND in official registries like NVD or MITRE.
119+
120+
Sightings detected between 2026-01-01 and 2026-01-31 that are associated with vulnerabilities without public records.
121+
122+
123+
| Vulnerability ID | Occurrences | Comment |
124+
| ------------------- | ----------: | ------- |
125+
| [CVE-2025-58151](https://vulnerability.circl.lu/vuln/CVE-2025-58151) | 5 | [Xen Security Advisory 478 v2](https://vulnerability.circl.lu/vuln/CVE-2025-58151#sightings) |
126+
| [CVE-2026-23456](https://vulnerability.circl.lu/vuln/CVE-2026-23456) | 5 | [Critical Vulnerabilities in YoSmart YoLink Smart Hub Expose Smart Homes to Remote Attacks](https://vulnerability.circl.lu/vuln/CVE-2026-23456#sightings) |
127+
| [CVE-2024-31884](https://vulnerability.circl.lu/vuln/CVE-2024-31884) | 4 | [Incorrect usage of certificate checking via Pybind](https://vulnerability.circl.lu/vuln/CVE-2024-31884#sightings) |
128+
| [GHSA-7hf5-mc28-xmcv](https://vulnerability.circl.lu/vuln/GHSA-7hf5-mc28-xmcv) | 3 | [CVE-2026-22794: Trust Issues: Hijacking Appsmith Accounts via Origin Header Abuse](https://vulnerability.circl.lu/vuln/GHSA-7hf5-mc28-xmcv#sightings) |
129+
| [GHSA-7g7f-ff96-5gcw](https://vulnerability.circl.lu/vuln/GHSA-7g7f-ff96-5gcw) | 3 | [CVE-2025-8217: Amazon Q's Self-Sabotage: The Backdoor That Couldn't Code](https://vulnerability.circl.lu/vuln/CVE-2025-8217) |
130+
| [CVE-2026-23594](https://vulnerability.circl.lu/vuln/CVE-2026-23594) | 3 | [Remote Privilege Elevation in HPE Alletra & Nimble Storage](https://vulnerability.circl.lu/vuln/CVE-2026-23594#sightings) |
131+
| [CVE-2026-1220](https://vulnerability.circl.lu/vuln/CVE-2026-1220) | 3 | [Google Chrome 144 Update Patches High-Severity V8 Vulnerability](https://vulnerability.circl.lu/vuln/CVE-2026-1220#sightings) |
132+
| [CVE-2023-42344](https://vulnerability.circl.lu/vuln/CVE-2023-42344) | 2 | [XXE in OpenCMS](https://vulnerability.circl.lu/vuln/CVE-2023-42344#sightings) |
133+
| [CVE-2026-12345](https://vulnerability.circl.lu/vuln/CVE-2026-12345) | 2 | [Zero-day RCE in NexusFlow API Gateway is actively exploited](https://vulnerability.circl.lu/vuln/CVE-2026-12345#sightings) |
134+
| [CVE-2025-53086](https://vulnerability.circl.lu/vuln/CVE-2025-53086) | 2 | [The recent patch for HarfBuzz (CVE-2025-53086) addresses a classic yet dangerous heap corruption bug](https://vulnerability.circl.lu/vuln/CVE-2025-53086#sightings) |
135+
| [CVE-2025-134655](https://vulnerability.circl.lu/vuln/CVE-2025-134655) | 1 | [prototype pollution flaw](https://vulnerability.circl.lu/vuln/CVE-2025-134655#sightings) |
136+
| [CVE-2025-63261](https://vulnerability.circl.lu/vuln/CVE-2025-63261) | 3 | [vulnerability in AWStats as shipped with cPanel](https://vulnerability.circl.lu/vuln/CVE-2025-63261#sightings) |
137+
138+
139+
140+
## Insights from Contributors
141+
142+
- [EPMM Nmap detection](https://vulnerability.circl.lu/comment/2e861f18-01e0-44ba-a7a4-2249e2e5efcf)
143+
- [Detection of EPMM devices](https://vulnerability.circl.lu/comment/76b43bdc-eede-4898-9809-5183c53c0d0f)
144+
- [PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal](https://vulnerability.circl.lu/comment/973f97c1-de69-4a51-9a06-2ef0ef1baf22)
145+
- [The Ni8mare Test: n8n RCE Under the Microscope (CVE-2026-21858)](https://vulnerability.circl.lu/comment/d766d344-c029-419a-b990-fb512e9cb929)
146+
- [CVEs affecting the Svelte ecosystem](https://vulnerability.circl.lu/bundle/2b58b75c-ed2f-43e6-9955-22f649ee1814)
147+
- [Security Advisory Ivanti Endpoint Manager Mobile (EPMM)](https://vulnerability.circl.lu/bundle/b6451050-d58c-4bfb-8ea2-a433b2c89297)
148+
- [The GNU C Library version 2.43 is now available](https://vulnerability.circl.lu/bundle/78ee0d13-7969-4870-8b23-a096918b6dc4)
149+
- [CRITICAL SECURITY BULLETIN: Trend Micro Apex Central (on-premise) January 2026 Multiple Vulnerabilities](https://vulnerability.circl.lu/bundle/c583fc84-536c-4c66-b98d-5525512bbece)
150+
- [gpg.fail - multiple vulnerabilities in GnuPG](https://vulnerability.circl.lu/bundle/2f22146f-462c-4841-9bff-17d8f791e1c2)
151+
152+
153+
## Thank you
154+
155+
Thank you to all the contributors and our diverse sources!
156+
157+
If you want to contribute to the next report, you can [create your account](https://vulnerability.circl.lu/user/signup).
158+
159+
160+
## Feedback and Support
161+
162+
If you have suggestions, please feel free to open a ticket on our GitHub repository. Your feedback is invaluable to us!
163+
https://github.com/vulnerability-lookup/vulnerability-lookup/issues/
164+
165+
166+
## Funding
167+
168+
169+
![eu_funded_en](/images/eu-funded.jpg)
170+
171+
The main objective of Federated European Team for Threat Analysis ([FETTA](https://ec.europa.eu/info/funding-tenders/opportunities/portal/screen/how-to-participate/org-details/999999999/project/101128030/program/43152860/details)) is improvement of Cyber Threat Intelligence (CTI) products available to the public and private sector in Poland, Luxembourg, and the European Union as a whole.
172+
Developing actionable CTI products (reports, indicators, etc) is a complex task and requires an in-depth understanding of the threat landscape and the ability to analyse and interpret large amounts of data. Many SOCs and CSIRTs build their capabilities in this area independently, leading to a fragmented approach and duplication of work.
173+
174+
175+
The Computer Incident Response Center Luxembourg ([CIRCL](https://www.circl.lu)) is a government-driven initiative designed to provide a systematic response facility to computer security threats and incidents. The organization brings to the table its extensive experience in cybersecurity incident management, threat intelligence, and proactive response strategies. With a strong background in developing innovative open source cybersecurity tools and solutions, CIRCL’s contribution to the FETTA project is instrumental in achieving enhanced collaboration and intelligence sharing across Europe.
176+
177+
[Press release](https://www.circl.lu/pub/press/20240131)

static/images/news/2026/02/top-10-assigners.png

97.8 KB
Loading

static/images/news/2026/02/top-10-vendors.png

103 KB
Loading

static/images/news/2026/02/top-10-weaknesses.png

67.2 KB
Loading

0 commit comments

Comments
 (0)