Getty Images/iStockphoto

News

News brief: Patch critical and high-severity vulnerabilities now

Check out the latest security news from the Informa TechTarget team.

Staff report
By
Published: 30 Jan 2026

More than 48,000 Common Vulnerabilities and Exposures were tracked in the CVE database in 2025, up approximately 20% from 2024 and 66% from 2023. If these trends continue, the number of CVEs in 2026 could reach anywhere from 57,600 to 79,680.

According to research from penetration testing services provider DeepStrike, attackers in 2025 exploited 28% of vulnerabilities within one day of their CVE disclosure. For context, it took an average of 30 days in 2020.

Granted, not all CVEs are high severity, and not all will be exploitable -- or require patching -- in every organization. It is still important for security and IT teams to stay abreast of new vulnerabilities -- especially critical ones -- including those highlighted in this week's featured news.

More critical vulnerabilities in n8n workflow automation platform exposed

Researchers at JFrog have identified two critical vulnerabilities in n8n, a popular low-code workflow automation platform used to integrate large language models into business processes. The news comes on the heels of a separate critical vulnerability that Cyera researchers found in late 2025.

The flaws, CVE-2026-1470 (severity 9.9) and CVE-2026-0863 (severity 8.5), enable attackers to bypass security controls, execute arbitrary code and gain full control over n8n services, and access credentials, API keys and other sensitive data.

These vulnerabilities affect both cloud and unpatched self-hosted deployments. Organizations are urged to update to patched versions and implement strong security measures.

Read the full article by Jai Vijayan on Dark Reading.

Critical Fortinet FortiCloud single sign-on vulnerability exploited

Federal authorities and researchers are warning about CVE-2026-24858, a critical vulnerability in Fortinet FortiCloud SSO that enables attackers with registered devices and accounts to access other users' devices.

Exploitation involves malicious activities, such as altering firewall configurations, creating unauthorized accounts and enabling VPN access for persistence.

Previous patches for related flaws -- CVE-2025-59718 and CVE-2025-59719 -- do not protect against the current vulnerability.

Fortinet disabled FortiCloud SSO temporarily and advised users to upgrade to secure versions. Arctic Wolf researchers observed automated attacks involving rapid configuration changes and data exfiltration. Shadowserver reported 10,000 vulnerable instances, emphasizing the urgency for users to patch and secure affected systems.

Read the full article by David Jones on Cybersecurity Dive.

WinRAR vulnerability exploited by threat actors

Threat actors, including state-sponsored groups, are actively exploiting CVE-2025-8088, a high-severity path traversal vulnerability in file-archiving software WinRAR, despite a patch released in July 2025.

The flaw enables attackers to execute arbitrary code via malicious archive files, posing significant risks to SMBs and professionals handling compressed files.

WinRAR's widespread use and lack of regular updates make it an attractive target for attackers. Exploitation involves hiding malicious payloads in Alternate Data Streams within archives, enabling persistence on systems. Google and security experts have urged users to update WinRAR immediately to mitigate risks and reduce exposure to ongoing targeted attacks.

Read the full article by Alexander Culafi on Dark Reading.

Critical Telnet vulnerability exploited by threat actors

A critical authentication bypass flaw in the GNU InetUtils telnetd server, tracked as CVE-2026-24061, has resurfaced as a major threat, affecting hundreds of thousands of telnet servers globally. Despite being addressed in version 2.8 of InetUtils, the flaw, introduced in 2015, remains easy to exploit, granting attackers full device control.

Telnet, an outdated and insecure protocol, is still widely used in legacy systems and IoT devices, with an estimated 800,000 instances exposed worldwide. Experts warned of delayed patch rollouts and recommended disabling telnet servers, restricting access and segmenting high-risk devices to mitigate risks.

Read the full article by Rob Wright on Dark Reading.

Microsoft patches actively exploited Office zero-day vulnerability

Microsoft has released an emergency patch for CVE-2026-21509, a zero-day vulnerability in Microsoft Office and Microsoft 365 that attackers are actively exploiting. Rated CVSS 7.8, the flaw enables attackers to bypass security controls and execute arbitrary code, potentially compromising system confidentiality, integrity and availability.

Exploitation requires user interaction, such as opening a malicious Office file. CISA has mandated federal agencies to patch the vulnerability by February 16. While Office 2021 users are protected, Office 2016 and 2019 users must install updates. Experts warned that the flaw is likely being used in advanced, targeted attacks, and emphasized the importance of immediate patching.

Read the full article by Jai Vijayan on Dark Reading.

Editor's note: An editor used AI tools to aid in the generation of this news brief. Our expert editors always review and edit content before publishing.

Sharon Shea is executive editor of TechTarget Security.

Dig Deeper on Threats and vulnerabilities