All news with #patch release tag

🔒 Chainlit, a widely used framework for building conversational AI applications, contained two server-side vulnerabilities (CVE-2026-22218 and CVE-2026-22219) that allow authenticated users to read arbitrary files and trigger SSRF in affected deployments. The flaws stem from insufficient validation of user-controlled properties in custom elements and SQLAlchemy-backed storage. Combined, they can expose environment variables, cached prompts, API keys and cloud metadata, enabling lateral movement beyond the app layer. Chainlit released 2.9.4 on 24 December 2025 and users are advised to apply the patch immediately; temporary WAF signatures were published as mitigation.

🛡️ Amazon announced quarterly security and critical updates for Amazon Corretto LTS distributions on January 20, 2026. Updated builds — Corretto 25.0.2, 21.0.10, 17.0.18, 11.0.30, and 8u482 — are available for download. Customers can obtain releases from the Corretto home page or configure Apt, Yum, or Apk repositories on Linux to receive updates. Feedback and issue reports are invited via the Corretto GitHub repository.

⚠️ Schneider Electric warns that multiple vulnerabilities in the CODESYS Runtime System V3 communication server affect many Schneider products and third-party devices embedding CODESYS. Exploitable issues include denial-of-service and, in some configurations, remote code execution; several CVEs carry CVSS scores up to 8.8. Schneider has published patches and mitigations for many affected product families; operators should apply vendor updates and follow immediate network and access controls to reduce exposure.

🔒 Rockwell Automation reported two high-severity vulnerabilities in Verve Asset Manager affecting legacy components: the ADI server and the Ansible playbook. Both issues can result in unencrypted sensitive information being stored in environment variables or during playbook execution and are rated CVSS 7.2 and 7.9. Rockwell states the flaws are resolved in 1.42; organizations should upgrade and contact Rockwell TechConnect for assistance. CISA also recommends minimizing network exposure and using secure remote access such as up-to-date VPNs.

⚠️ Microsoft is enforcing new Intune MAM security requirements beginning January 19 (or shortly after), requiring updated iOS SDKs/wrappers and an updated Android Company Portal to keep apps running. Enterprises that don’t update wrapped or SDK-integrated apps — including Outlook and Teams — risk having those apps blocked from launching. Admins should rebuild or rewrap affected apps, push updates, enable conditional launch policies, and monitor App Protection Status to avoid user outages.

🔧 Microsoft has issued out-of-band Windows updates to address two issues introduced by the January 2026 security updates: credential prompt failures that can block Microsoft 365 Cloud PC and remote desktop sign-ins, and a shutdown/hibernate failure on Windows 11 23H2 when Secure Launch is enabled. The fix packages must be manually downloaded from the Microsoft Update Catalog, and administrators can deploy Known Issue Rollback (KIR) installers via Group Policy for enterprise-managed devices when immediate deployment is required.

⚠️ Cisco has released patches for a critical zero-day, CVE-2025-20393, in AsyncOS that affects Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances. The flaw allows a remote attacker to gain root by sending a crafted HTTP request to the Spam Quarantine interface when it is enabled and reachable from the internet. Cisco first learned of exploitation in December, issued a public advisory on Dec. 17, and has now published fixes to address the issue.

🔓 Modular DS versions 2.5.1 and earlier contain a critical privilege-escalation bug (CVE-2026-23550) that lets unauthenticated attackers gain full WordPress admin access by calling unprotected API routes under /api/modular-connector/. Patchstack reported active exploitation and the vendor released Modular DS 2.5.2 on January 14, 2026. Administrators should update immediately, check for rogue admin accounts, enable two-factor authentication, apply IP restrictions, and consider Patchstack’s mitigation rules if immediate patching isn’t possible.

⚠️ Check Point Research links the Linux-based RondoDox botnet to a coordinated exploitation campaign against HPE OneView, leveraging the critical RCE flaw CVE-2025-37164. The vulnerability, published to the NVD on 16 December 2025 and rated CVSS 3.1 = 10 by HPE, has been the subject of tens of thousands of automated attack attempts. Check Point reported blocking more than 40,000 hits on 7 January 2026 and urged organizations to patch immediately and implement compensating controls.

🔒 Amazon RDS Custom for SQL Server now supports the latest General Distribution Release (GDR) updates, enabling SQL Server 2019 CU32+GDR (KB5068404) and SQL Server 2022 CU21+GDR (KB5068406) on managed instances. These releases correspond to RDS builds 15.00.4455.2.1.v1 and 16.00.4222.2.1.v1 and address vulnerabilities referenced by CVE-2025-59499. We recommend that you upgrade affected RDS Custom instances using the Amazon RDS Management Console, AWS SDK, or CLI and consult the Amazon RDS Custom User Guide for upgrade procedures. Before applying updates in production, review release notes and test the patches in non-production environments to validate application compatibility and backups.

🔔 Amazon RDS for SQL Server now supports Microsoft SQL Server GDR updates for 2016 SP3, 2017 CU31, 2019 CU32 and 2022 CU22 (RDS versions 13.00.6475.1.v1, 14.00.3515.1.v1, 15.00.4455.2.1.v1, 16.00.4225.2.1.v1). These GDRs address vulnerabilities tracked as CVE-2025-59499. We recommend upgrading instances via the Amazon RDS Console, SDK, or CLI and consult the RDS SQL Server upgrade guide to plan and apply the updates.

🚨 A critical remote code execution vulnerability, CVE-2026-21858 (CVSS 10.0), has been disclosed in n8n, allowing attackers to fully compromise locally deployed instances. Researchers estimate roughly 100,000 servers are affected and there are no official workarounds available. The n8n project has released a patched build; users must upgrade to n8n version 1.121.0 or later to remediate the issue. Administrators should prioritize patching and follow vendor advisories immediately.

🔒 Palo Alto Networks has released patches for a high-severity denial-of-service vulnerability (CVE-2026-0227, CVSS 7.7) affecting GlobalProtect Gateway and Portal components. The flaw, caused by an improper check for exceptional conditions (CWE-754), can be triggered by an unauthenticated attacker and may force affected firewalls into maintenance mode. A proof-of-concept exploit exists and there are no workarounds, so administrators should prioritize applying the vendor updates.

🔓 A critical FortiSIEM vulnerability, tracked as CVE-2025-25256, enables remote unauthenticated attackers to execute arbitrary commands by invoking exposed phMonitor handlers. Horizon3.ai disclosed technical details and published a demonstrative exploit after Fortinet issued patches across supported branches. The flaw combines arbitrary write with privilege escalation to root and affects a range of FortiSIEM releases; Fortinet advises applying the supplied updates or restricting access to the phMonitor port (7900) as a temporary mitigation.

🔔 Microsoft has released updates to WinSqlite3.dll after third-party security tools began flagging the Windows core DLL as vulnerable to CVE-2025-6965. The company said the false positive affected Windows 10, Windows 11, and server editions through Windows Server 2025. Microsoft resolved the detection in updates released January 13, 2026 and later and urges users to install the latest patches. It also clarified WinSqlite3.dll is distinct from sqlite3.dll.

⚠️ Pax8 confirmed it mistakenly emailed a CSV attachment on January 13 that contained internal pricing and Microsoft licensing data to fewer than 40 UK-based partners. Recipients reported the file listed about 56,000 entries covering roughly 1,800 partners, with fields including partner and customer IDs, SKUs, license counts, renewal dates, and booking details. Pax8 asked recipients to delete the message, required deletion confirmations, and said it launched an internal review. The company maintains the file did not contain personally identifiable information and that marketplace availability and security controls were not affected.

🔒 Fortinet issued patches for a critical FortiSIEM vulnerability (CVE-2025-64155, CVSS 9.4) that permits unauthenticated OS command injection and remote code execution via the phMonitor service on TCP port 7900. The flaw enables argument injection leading to arbitrary file writes as admin and a cron-triggered escalation to root. Affected releases span 6.7–7.4 with fixed builds; 7.5 and FortiSIEM Cloud are not impacted. Apply vendor updates or restrict access to port 7900 as a temporary mitigation.

🔒 Microsoft released its first security update of 2026 addressing 114 vulnerabilities across Windows, including one actively exploited in the wild. The set includes eight Critical and 106 Important flaws, spanning privilege escalation, information disclosure, and remote code execution issues. Administrators are urged to prioritize the exploited CVE-2026-20805 and VBS-related fixes, and to follow guidance for Secure Boot certificate updates to avoid disruption.

⚠️ Node.js has released critical updates to address a bug that can force the runtime to exit rather than throw a catchable error when a stack overflow occurs with async_hooks enabled. The defect causes Node.js to terminate with exit code 7, creating a potential Denial-of-Service vector for applications whose recursion is controlled by unsanitized input. A fix is available in Node.js 20.20.0, 22.22.0, 24.13.0, and 25.3.0; older, EOL releases remain vulnerable. Users and maintainers are urged to update promptly.

🛡️ Microsoft’s January 2026 Patch Tuesday addresses eight critical vulnerabilities and an actively exploited zero-day, with many high‑score flaws affecting Office and SharePoint. The Desktop Window Manager information-disclosure bug (CVE-2026-20805) is already being exploited and can leak memory to enable follow-on attacks. Other priorities include an RRAS heap overflow (CVE-2026-20868), Secure Boot certificate updates (CVE-2026-21265), and multiple NTFS and WinSock elevation issues. Administrators should accelerate patching, restrict local access, and monitor for suspicious activity.