New Cisco zero-day, CVE-2026-20045

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b

‼️Attackers Actively Probing RCE Vulnerability in Cisco Enterprise Communications Products

CVE-2026-20045: Cisco Unified Communications Products Code Injection Vulnerability

CVSS: 8.2
CISA KEV: Added today; January 21st, 2026
CVE Published: January 21st, 2026

Advisory: https://nvd.nist.gov/vuln/detail/CVE-2026-20045

Description: A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.  This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root.

🟠 CVE-2026-20045 - High (8.2)

A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Uni...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20045/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

CVE-2025-59718 – Des firewalls FortiGate piratés malgré l’installation des derniers patchs https://www.it-connect.fr/cve-2025-59718-des-firewalls-fortigate-pirates-malgre-linstallation-des-derniers-patchs/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Fortinet

Fortinet FortiGate admins are observing exploitation patterns consistent with CVE-2025-59718 even on patched systems, suggesting incomplete mitigation in earlier updates.

Reports include SSO-based admin creation and activity aligned with previously documented attacks. Additional FortiOS releases are expected.

The situation reinforces the need for defense-in-depth around identity, logging, and privileged access.

Source: https://www.bleepingcomputer.com/news/security/fortinet-admins-report-patched-fortigate-firewalls-getting-hacked/

Follow @technadu for neutral, operationally focused security reporting.

#Infosec #Fortinet #FirewallSecurity #IAM #VulnerabilityManagement #TechNadu

Kritische Schwachstellen (CVE-2025-59718, CVE-2025-59719) in Fortinet Firewall-Systemen ermöglichen entfernten Angreifenden, eine Authentifizierung mittels FortiCloud SSO zu umgehend und darüber administrativen Zugriff auf die Konfiguration der Firewall-Systeme zu erlangen.

Berichten zufolge werden aktuell in größerem Umfang weiterhin Fortinet-Firewalls kompromittiert, da die am 09.12.2025 zur Verfügung gestellten Patches die Schwachstelle nicht vollständig schließen.

https://www.bleepingcomputer.com/news/security/fortinet-admins-report-patched-fortigate-firewalls-getting-hacked/

Si vous administrez des FortiGate/FortiOS : des admins signalent un contournement du patch de la vulnérabilité critique CVE-2025-59718 (FortiCloud SSO https://fortiguard.fortinet.com/psirt/FG-IR-25-647 ) → compromission possible même sur des firewalls « patchés » (ex. 7.4.9/7.4.10).

( https://www.reddit.com/r/fortinet/comments/1qibdcb/possible_new_sso_exploit_cve202559718_on_749/ )

Préreq : “Allow administrative login using FortiCloud SSO” activé (souvent après enregistrement FortiCare).

Mitigation : désactiver admin-forticloud-sso-login + restreindre l’accès admin + vérifier logs/nouveaux comptes.

Chaîne d'exploitation: CVE-2025-59718 (+ CVE-2025-59719 côté FortiWeb) ➡️ envoi de messages SAML forgés ➡️ bypass de vérification de signature ➡️ accès admin non autorisé.

[Références]
"Fortinet admins report patched FortiGate firewalls getting hacked"
👇
https://www.bleepingcomputer.com/news/security/fortinet-admins-report-patched-fortigate-firewalls-getting-hacked/

( https://cyberveille.ch/posts/2026-01-21-fortigate-contournement-de-correctif-sur-lauthentification-forticloud-sso-cve-2025-59718-activement-exploite/)

💬
⬇️
https://infosec.pub/post/40878137

#CyberVeille #Fortinet #FortiGate #FortiOS #CVE_2025_59718

We caught a few (desperate) fiends trying to have their way with our vulnerable-to Telnetd -f Auth Bypass vuln (CVE-2026-24061) systems and I took a spelunk in the PCAPs:

Some of the least clever and least capable actors I've seen in a while.

"-f Around and Find Out: 18 Hours of Unsolicited Telnet Houseguests “ takes you on a deep dive into the packets.

https://www.labs.greynoise.io//grimoire/2026-01-22-f-around-and-find-out-18-hours-of-unsolicited-houseguests/

cc: @darses

I shot a 📄 to the team to 👀 later today but we've seen some activity on the recent Inetutils Telnetd -f Auth Bypass vuln (CVE-2026-24061) — https://viz.greynoise.io/tags/inetutils-telnetd--f-auth-bypass-attempt?days=30

We stood up some full vulnerable systems and a cpl IPs only hit those, so the targeting precision was oddly fast.

If they don't do a main GN blog I'll post deets on the Labs blog (I'm OOO today).

Rly glad this was a nothingburger.

Spidey-sense says something yuge (not related to this) is coming soon tho. The internet feels “off”.

Kritische Schwachstellen (CVE-2025-59718, CVE-2025-59719) in Fortinet Firewall-Systemen ermöglichen entfernten Angreifenden, eine Authentifizierung mittels FortiCloud SSO zu umgehend und darüber administrativen Zugriff auf die Konfiguration der Firewall-Systeme zu erlangen.

Berichten zufolge werden aktuell in größerem Umfang weiterhin Fortinet-Firewalls kompromittiert, da die am 09.12.2025 zur Verfügung gestellten Patches die Schwachstelle nicht vollständig schließen.

https://www.bleepingcomputer.com/news/security/fortinet-admins-report-patched-fortigate-firewalls-getting-hacked/

Si vous administrez des FortiGate/FortiOS : des admins signalent un contournement du patch de la vulnérabilité critique CVE-2025-59718 (FortiCloud SSO https://fortiguard.fortinet.com/psirt/FG-IR-25-647 ) → compromission possible même sur des firewalls « patchés » (ex. 7.4.9/7.4.10).

( https://www.reddit.com/r/fortinet/comments/1qibdcb/possible_new_sso_exploit_cve202559718_on_749/ )

Préreq : “Allow administrative login using FortiCloud SSO” activé (souvent après enregistrement FortiCare).

Mitigation : désactiver admin-forticloud-sso-login + restreindre l’accès admin + vérifier logs/nouveaux comptes.

Chaîne d'exploitation: CVE-2025-59718 (+ CVE-2025-59719 côté FortiWeb) ➡️ envoi de messages SAML forgés ➡️ bypass de vérification de signature ➡️ accès admin non autorisé.

[Références]
"Fortinet admins report patched FortiGate firewalls getting hacked"
👇
https://www.bleepingcomputer.com/news/security/fortinet-admins-report-patched-fortigate-firewalls-getting-hacked/

( https://cyberveille.ch/posts/2026-01-21-fortigate-contournement-de-correctif-sur-lauthentification-forticloud-sso-cve-2025-59718-activement-exploite/)

💬
⬇️
https://infosec.pub/post/40878137

#CyberVeille #Fortinet #FortiGate #FortiOS #CVE_2025_59718

Die Schwachstelle CVE-2026-22200 in der Default-Konfiguration des Open-Source Ticket-Systems "osTicket" kann von entfernten Angreifenden durch Übermittlung eines speziell präparierten Tickets ausgenutzt werden, um ggf. sensible Daten aus dem Dateisystem des Servers auszuspähen.

Betroffen sind die Versionen 1.17.x < 1.17.7 und 1.18.x < 1.18.3.

CERT-Bund informiert deutsche Netzbetreiber ab heute zu verwundbaren Systemen in ihren Netzen. Aktuell sind uns rund 250 betroffene Systeme bekannt.

oss-sec: CVE-2024-31884 Ceph: Incorrect usage of certificate checking via Pybind

https://seclists.org/oss-sec/2026/q1/101

🔴 CVE-2025-69766 - Critical (9.8)

Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the citytag stack buffer, which may result in memory corruption and remote code execution.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69766/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

‼️CVE-2026-23744: Versions 1.4.2 and earlier of MCPJam inspector are vulnerable to remote code execution (RCE)

CVSS: 9.8
CVE Published: January 16th, 2026
PoC/Exploit Published: January 20th, 2026

GitHub PoC: https://github.com/boroeurnprach/CVE-2026-23744-PoC/

Advisory: https://github.com/advisories/GHSA-232v-j27c-5pp6

MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam inspector by default listens on 0.0.0.0 instead of 127.0.0.1, an attacker can trigger the RCE remotely via a simple HTTP request. Version 1.4.3 contains a patch.

🔴 CVE-2026-0920 - Critical (9.8)

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Administrative User Creation in all versions up to, and including, 1.5.6.3. This is due to the 'ajax_register_handle' function not restricting what user roles a user can...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0920/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack