SolarWinds Web Help Desk Multiple Vulnerabilities

Release Date: 30 Jan 2026

RISK: Medium Risk

TYPE: Clients - Productivity Products

Multiple vulnerabilities were identified in SolarWinds Web Help Desk. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, elevation of privilege and security restriction bypass on the targeted system.

---

Impact

• Remote Code Execution
• Security Restriction Bypass
• Elevation of Privilege

---

System / Technologies affected

• SolarWinds Web Help Desk 12.8.8 HF1 and all previous versions

---

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

• Update to SolarWinds Web Help Desk version 12.8.8 HF1 or later

---

Vulnerability Identifier

• CVE-2025-40536
• CVE-2025-40537
• CVE-2025-40551
• CVE-2025-40552
• CVE-2025-40553
• CVE-2025-40554

---

Source

• SolarWinds

---

Related Link

• https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40536
• https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40537
• https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40551
• https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40552
• https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40553
• https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40554

QNAP NAS 權限提升漏洞

發佈日期: 2026年01月30日

風險: 中度風險

類型: 伺服器 - 其他伺服器

於 QNAP NAS 發現一個漏洞。遠端攻擊者可利用這個漏洞，於目標系統觸發權限提升。

---

影響

• 權限提升

---

受影響之系統或技術

• QTS 4.3.x

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

• https://www.qnap.com/en/security-advisory/qsa-25-56

---

漏洞識別碼

• CVE-2025-66276

---

資料來源

• QNAP

---

相關連結

• https://www.qnap.com/en/security-advisory/qsa-25-56

QNAP NAS Elevation of Privilege Vulnerability

Release Date: 30 Jan 2026

RISK: Medium Risk

TYPE: Servers - Other Servers

A vulnerability was identified in QNAP NAS. A remote attacker can exploit this vulnerability to trigger elevation of privilege on the targeted system.

---

Impact

• Elevation of Privilege

---

System / Technologies affected

• QTS 4.3.x

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://www.qnap.com/en/security-advisory/qsa-25-56

---

Vulnerability Identifier

• CVE-2025-66276

---

Source

• QNAP

---

Related Link

• https://www.qnap.com/en/security-advisory/qsa-25-56

Mozilla 產品多個漏洞

發佈日期: 2026年01月29日

風險: 中度風險

類型: 用戶端 - 瀏覽器

於 Mozilla 產品發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發阻斷服務狀況、繞過保安限制及敏感資料洩露。

---

影響

• 阻斷服務
• 資料洩露
• 繞過保安限制

---

受影響之系統或技術

以下版本之前的版本﹕

 

• Firefox 147.0.2
• Thunderbird 140.7.1
• Thunderbird 147.0.1

---

解決方案

在安裝軟體之前，請先瀏覽供應商之官方網站，以獲得更多詳細資料。

更新至版本:

 

• Firefox 147.0.2
• Thunderbird 140.7.1
• Thunderbird 147.0.1

---

漏洞識別碼

• CVE-2026-0818
• CVE-2026-24868
• CVE-2026-24869

---

資料來源

• Mozilla

---

相關連結

• https://www.mozilla.org/en-US/security/advisories/mfsa2026-06/
• https://www.mozilla.org/en-US/security/advisories/mfsa2026-07/
• https://www.mozilla.org/en-US/security/advisories/mfsa2026-08/

Mozilla Products Multiple Vulnerabilities

Release Date: 29 Jan 2026

RISK: Medium Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in Mozilla Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, security restriction bypass and sensitive information disclosure on the targeted system.

---

Impact

• Denial of Service
• Information Disclosure
• Security Restriction Bypass

---

System / Technologies affected

Versions prior to:

 

• Firefox 147.0.2
• Thunderbird 140.7.1
• Thunderbird 147.0.1

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 

• Firefox 147.0.2
• Thunderbird 140.7.1
• Thunderbird 147.0.1

---

Vulnerability Identifier

• CVE-2026-0818
• CVE-2026-24868
• CVE-2026-24869

---

Source

• Mozilla

---

Related Link

• https://www.mozilla.org/en-US/security/advisories/mfsa2026-06/
• https://www.mozilla.org/en-US/security/advisories/mfsa2026-07/
• https://www.mozilla.org/en-US/security/advisories/mfsa2026-08/

Aruba 產品多個漏洞

發佈日期: 2026年01月28日

風險: 中度風險

類型: 保安軟件及應用設備 - 保安軟件及應用設備

在Aruba產品發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發阻斷服務狀況、洩露敏感資料、資料篡改及遠端執行任意程式碼。

---

影響

• 遠端執行程式碼
• 篡改
• 資料洩露
• 阻斷服務

---

受影響之系統或技術

• Aruba Networking Fabric Composer 7.x.x: 7.2.3 及以下版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

• https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04996en_us&docLocale=en_US

---

漏洞識別碼

• CVE-2024-4741
• CVE-2026-23592
• CVE-2026-23593

---

資料來源

• Aruba

---

相關連結

• https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04996en_us&docLocale=en_US

Aruba Product Multiple Vulnerabilities

Release Date: 28 Jan 2026

RISK: Medium Risk

TYPE: Security software and application - Security Software & Appliance

Multiple vulnerabilities were identified in Aruba Product. A remote attacker could exploit these vulnerabilities to trigger denial of service condition, sensitive information disclosure, data manipulation and remote code execution on the targeted system.

---

Impact

• Remote Code Execution
• Data Manipulation
• Information Disclosure
• Denial of Service

---

System / Technologies affected

• Aruba Networking Fabric Composer 7.x.x: 7.2.3 and below

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04996en_us&docLocale=en_US

---

Vulnerability Identifier

• CVE-2024-4741
• CVE-2026-23592
• CVE-2026-23593

---

Source

• Aruba

---

Related Link

• https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04996en_us&docLocale=en_US

Fortinet 產品繞過保安限制漏洞

發佈日期: 2026年01月28日

風險: 高度風險

類型: 操作系統 - Network

於 Fortinet 產品發現一個漏洞。遠端攻擊者可利用此漏洞，於目標系統觸發繞過保安限制。

 

注意：

CVE-2026-24858 正被廣泛利用。Fortinet 產品中利用備用路徑或通道繞過身份驗證的漏洞，可能允許擁有 FortiCloud 帳戶和已註冊設備的攻擊者登入其他帳戶註冊的其他設備，前提是這些設備上啟用了 FortiCloud SSO 身份驗證。因此，風險等級為高度風險。

---

影響

• 繞過保安限制

---

受影響之系統或技術

• FortiAnalyzer 7.0 版本 7.0.0 至 7.0.15
• FortiAnalyzer 7.2 版本 7.2.0 至 7.2.11
• FortiAnalyzer 7.4 版本 7.4.0 至 7.4.9
• FortiAnalyzer 7.6 版本 7.6.0 至 7.6.5
• FortiManager 7.0 版本 7.0.0 至 7.0.15
• FortiManager 7.2 版本 7.2.0 至 7.2.11
• FortiManager 7.4 版本 7.4.0 至 7.4.9
• FortiManager 7.6 版本 7.6.0 至 7.6.5
• FortiOS 7.0 版本 7.0.0 至 7.0.18
• FortiOS 7.2 版本 7.2.0 至 7.2.12
• FortiOS 7.4 版本 7.4.0 至 7.4.10
• FortiOS 7.6 版本 7.6.0 至 7.6.5
• FortiProxy 7.0 所有版本
• FortiProxy 7.2 所有版本
• FortiProxy 7.4 版本 7.4.0 至 7.4.12
• FortiProxy 7.6 版本 7.6.0 至 7.6.4

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

• https://www.fortiguard.com/psirt/FG-IR-26-060

---

漏洞識別碼

• CVE-2026-24858

---

資料來源

• Fortinet

---

相關連結

• https://www.fortiguard.com/psirt/FG-IR-26-060

Fortinet Products Security Restriction Bypass Vulnerability

Release Date: 28 Jan 2026

RISK: High Risk

TYPE: Operating Systems - Networks OS

A vulnerability has been identified in Fortinet Products. A remote attacker could exploit this vulnerability to trigger security restriction bypass on the targeted system.

 

Note:

CVE-2026-24858 is being exploited in the wild. An Authentication Bypass Using an Alternate Path or Channel vulnerability in Fortinet products may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices. Hence, the risk level is rated as High Risk.

---

Impact

• Security Restriction Bypass

---

System / Technologies affected

• FortiAnalyzer 7.0 version 7.0.0 through 7.0.15
• FortiAnalyzer 7.2 version 7.2.0 through 7.2.11
• FortiAnalyzer 7.4 version 7.4.0 through 7.4.9
• FortiAnalyzer 7.6 version 7.6.0 through 7.6.5
• FortiManager 7.0 version 7.0.0 through 7.0.15
• FortiManager 7.2 version 7.2.0 through 7.2.11
• FortiManager 7.4 version 7.4.0 through 7.4.9
• FortiManager 7.6 version 7.6.0 through 7.6.5
• FortiOS 7.0 version 7.0.0 through 7.0.18
• FortiOS 7.2 version 7.2.0 through 7.2.12
• FortiOS 7.4 version 7.4.0 through 7.4.10
• FortiOS 7.6 version 7.6.0 through 7.6.5
• FortiProxy 7.0 all versions
• FortiProxy 7.2 all versions
• FortiProxy 7.4 version 7.4.0 through 7.4.12
• FortiProxy 7.6 version 7.6.0 through 7.6.4

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://www.fortiguard.com/psirt/FG-IR-26-060

---

Vulnerability Identifier

• CVE-2026-24858

---

Source

• Fortinet

---

Related Link

• https://www.fortiguard.com/psirt/FG-IR-26-060

Google Chrome 遠端執行程式碼漏洞

發佈日期: 2026年01月28日

風險: 中度風險

類型: 用戶端 - 瀏覽器

於 Google Chrome 發現一個漏洞。遠端攻擊者可利用此漏洞，於目標系統觸發阻斷服務狀況及遠端執行任意程式碼。

---

影響

• 阻斷服務
• 遠端執行程式碼

---

受影響之系統或技術

• Google Chrome 144.0.7559.109 (Linux) 之前的版本
• Google Chrome 144.0.7559.109/.110 (Mac) 之前的版本
• Google Chrome 144.0.7559.109/.110 (Windows) 之前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

安裝軟件供應商提供的修補程式：

• 更新至 144.0.7559.109 (Linux) 或之後版本
• 更新至 144.0.7559.109/.110 (Mac) 或之後版本
• 更新至 144.0.7559.109/.110 (Windows) 或之後版本

---

漏洞識別碼

• CVE-2026-1504

---

資料來源

• Google Chrome

---

相關連結

• https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_27.html

Google Chrome Remote Code Execution Vulnerability

Release Date: 28 Jan 2026

RISK: Medium Risk

TYPE: Clients - Browsers

A vulnerability was identified in Google Chrome. A remote attacker could exploit this vulnerability to trigger denial of service condition and remote code execution on the targeted system.

---

Impact

• Denial of Service
• Remote Code Execution

---

System / Technologies affected

• Google Chrome prior to 144.0.7559.109 (Linux)
• Google Chrome prior to 144.0.7559.109/.110 (Mac)
• Google Chrome prior to 144.0.7559.109/.110 (Windows)

---

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

• Update to version 144.0.7559.109 (Linux) or later
• Update to version 144.0.7559.109/.110 (Mac) or later
• Update to version 144.0.7559.109/.110 (Windows) or later

---

Vulnerability Identifier

• CVE-2026-1504

---

Source

• Google Chrome

---

Related Link

• https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_27.html

TP-Link 路由器多個漏洞

發佈日期: 2026年01月28日

風險: 中度風險

類型: 操作系統 - Network

於 TP-Link 路由器 發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發阻斷服務狀況及遠端執行任意程式碼。

 

---

影響

• 阻斷服務
• 遠端執行程式碼

---

受影響之系統或技術

• TL-WR841N v14 的 250908 之前的版本
• Archer MR600 v5 的 1.1.0 0.9.1 v0001.0 Build 250930 Rel.63611n 之前的版本
• Archer C20 v6.0 的 V6_251031 之前的版本
• Archer AX53 v1.0 的 V1_251215 之前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

• https://www.tp-link.com/hk/support/faq/4894/
• https://www.tp-link.com/hk/support/faq/4905/
• https://www.tp-link.com/hk/support/faq/4916/

---

漏洞識別碼

• CVE-2025-9014
• CVE-2025-14756
• CVE-2026-0834

---

資料來源

• TP-Link

---

相關連結

• https://www.tp-link.com/hk/support/faq/4894/
• https://www.tp-link.com/hk/support/faq/4905/
• https://www.tp-link.com/hk/support/faq/4916/

TP-Link Router Multiple Vulnerabilities

Release Date: 28 Jan 2026

RISK: Medium Risk

TYPE: Operating Systems - Networks OS

Multiple vulnerabilities were identified in TP-Link Router. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and remote code execution on the targeted system.

---

Impact

• Denial of Service
• Remote Code Execution

---

System / Technologies affected

• TL-WR841N v14 versions below 250908
• Archer MR600 v5 versions below 1.1.0 0.9.1 v0001.0 Build 250930 Rel.63611n
• Archer C20 v6.0 versions below V6_251031
• Archer AX53 v1.0 versions below V1_251215

 

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://www.tp-link.com/hk/support/faq/4894/
• https://www.tp-link.com/hk/support/faq/4905/
• https://www.tp-link.com/hk/support/faq/4916/

---

Vulnerability Identifier

• CVE-2025-9014
• CVE-2025-14756
• CVE-2026-0834

---

Source

• TP-Link

---

Related Link

• https://www.tp-link.com/hk/support/faq/4894/
• https://www.tp-link.com/hk/support/faq/4905/
• https://www.tp-link.com/hk/support/faq/4916/

Microsoft Office 繞過保安限制漏洞

發佈日期: 2026年01月27日

風險: 中度風險

類型: 用戶端 - 瀏覽器

於微軟 Office 發現一個漏洞。攻擊者可利用此漏洞，於目標系統觸發繞過保安限制。

 

注意：

CVE-2026-21509 正被廣泛利用。在 Microsoft Office 的安全決策中依賴不受信任的輸入，會導致未經授權的攻擊者在本機繞過安全功能。攻擊者必須向使用者發送惡意 Office 文件，並誘騙其開啟。因此，該漏洞的風險等級被評為中度風險。

---

影響

• 繞過保安限制

---

受影響之系統或技術

• Microsoft 365 Apps for Enterprise
• Microsoft Office 2016
• Microsoft Office 2019
• Microsoft Office LTSC 2021
• Microsoft Office LTSC 2024

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

• 執行 Office 2021 及更高版本的客戶將透過服務端變更自動獲得保護，但需要重新啟動 Office 應用程式才能使變更生效。
• 執行 Office 2016 和 2019 的客戶在安裝安全性更新之前無法獲得保護。這些版本的客戶可以應用以下所述的登錄檔機碼以立即獲得保護。請參考下方連結以了解具體步驟。

安裝軟件供應商提供的修補程式或緩解措施：

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509

---

漏洞識別碼

• CVE-2026-21509

---

資料來源

• Microsoft

---

相關連結

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509
• https://www.cisa.gov/news-events/alerts/2026/01/26/cisa-adds-five-known-exploited-vulnerabilities-catalog

Microsoft Office Security Restriction Bypass Vulnerability

Release Date: 27 Jan 2026

RISK: Medium Risk

TYPE: Clients - Browsers

A vulnerability was identified in Microsoft Office. An attacker could exploit this vulnerability to trigger security restriction bypass on the targeted system.

 

Note:

CVE-2026-21509 is being exploited in the wild. Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally. An attacker must send a user a malicious Office file and convince them to open it. Hence, the risk level is rated as Medium Risk.

---

Impact

• Security Restriction Bypass

---

System / Technologies affected

• Microsoft 365 Apps for Enterprise
• Microsoft Office 2016
• Microsoft Office 2019
• Microsoft Office LTSC 2021
• Microsoft Office LTSC 2024

---

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

• Customers running Office 2021 and later will be automatically protected via a service-side change, but will be required to restart their Office applications for this to take effect.
• Customers running Office 2016 and 2019 are not protected until they install the security update. Customers on these versions can apply the registry keys described as follows to be immediately protected. Please refer to the below link for the steps.

Apply fixes or mitigations issued by the vendor:

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509

---

Vulnerability Identifier

• CVE-2026-21509

---

Source

• Microsoft

---

Related Link

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509
• https://www.cisa.gov/news-events/alerts/2026/01/26/cisa-adds-five-known-exploited-vulnerabilities-catalog

Microsoft Edge 阻斷服務漏洞

發佈日期: 2026年01月27日

風險: 中度風險

類型: 用戶端 - 瀏覽器

於 Microsoft Edge 發現一個漏洞。遠端攻擊者可利用這個漏洞，於目標系統觸發阻斷服務狀況。

---

影響

• 阻斷服務

---

受影響之系統或技術

• Microsoft Edge 144.0.3719.92 之前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

安裝軟件供應商提供的修補程式：

• 更新至 144.0.3719.92 或之後版本

---

漏洞識別碼

• CVE-2026-1220

---

資料來源

• Microsoft Edge

---

相關連結

• https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#january-23-2026
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-1220

Microsoft Edge Denial of Service Vulnerability

Release Date: 27 Jan 2026

RISK: Medium Risk

TYPE: Clients - Browsers

A vulnerability was identified in Microsoft Edge. A remote attacker could exploit this vulnerability to trigger denial of service condition on the targeted system.

---

Impact

• Denial of Service

---

System / Technologies affected

• Microsoft Edge version prior to 144.0.3719.92

---

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

• Update to version 144.0.3719.92 or later

---

Vulnerability Identifier

• CVE-2026-1220

---

Source

• Microsoft Edge

---

Related Link

• https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#january-23-2026
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-1220

VMWare 產品多個漏洞

發佈日期: 2026年01月26日

風險: 極高度風險

類型: 操作系統 - 網絡操作系統

於 VMware 產品發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發權限提升及遠端執行任意程式碼。

 

注意：CVE-2024-37079 已被廣泛利用。可存取 vCenter Server 的惡意使用者可透過傳送特製的網路封包觸發 CVE-2024-37079，並可能導致遠端執行程式碼。因此，風險等級被評為極高度風險。

---

影響

• 遠端執行程式碼
• 權限提升

---

受影響之系統或技術

• VMware  vCenter Server 7.0
• VMware  vCenter Server 8.0
• VMware Cloud Foundation 4.x
• VMware Cloud Foundation 5.x

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

• 安裝供應商提供的修補程式：
• https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453

---

漏洞識別碼

• CVE-2024-37079
• CVE-2024-37080
• CVE-2024-37081

---

資料來源

• VMware

---

相關連結

• https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453

VMWare Products Multiple Vulnerabilities

Release Date: 26 Jan 2026

RISK: Extremely High Risk

TYPE: Operating Systems - VM Ware

Multiple vulnerabilities were identified in VMware products. A remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege and remote code execution on the targeted system.

 

Note: CVE-2024-37079 is actively exploited in the wild. A malicious actor with network access to vCenter Server may trigger CVE-2024-37079 by sending specially crafted network packets, potentially leading to remote code execution. Hence, the risk level is rated as Extremely High Risk.

---

Impact

• Remote Code Execution
• Elevation of Privilege

---

System / Technologies affected

• VMware  vCenter Server 7.0
• VMware  vCenter Server 8.0
• VMware Cloud Foundation 4.x
• VMware Cloud Foundation 5.x

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

• Apply fixes issued by the vendor:
• https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453

---

Vulnerability Identifier

• CVE-2024-37079
• CVE-2024-37080
• CVE-2024-37081

---

Source

• VMware

---

Related Link

• https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453

思科產品多個漏洞

發佈日期: 2026年01月22日

風險: 極高度風險

類型: 保安軟件及應用設備 - 保安軟件及應用設備

於思科產品發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發阻斷服務狀況、跨網站指令碼、遠端執行任意程式碼及權限提升。

 

注意：

CVE-2026-20045 正在被廣泛利用。 由於 HTTP 請求中使用者輸入資料的驗證不當，攻擊者可以透過向受影響設備的 Web 管理介面發送一系列特製的 HTTP 請求來利用此漏洞。成功利用此漏洞後，攻擊者可以獲得底層作業系統的使用者級存取權限，進而提升至 root 權限。因此，風險等級被評為極高度風險。

---

影響

• 阻斷服務
• 權限提升
• 遠端執行程式碼
• 跨網站指令碼

---

受影響之系統或技術

• Cisco IEC6400 Wireless Backhaul Edge Compute Software
• Cisco Intersight Connected Virtual Appliance (CVA)
• Cisco Intersight Private Virtual Appliance (PVA)
• Cisco Packaged CCE
• Cisco Unified CCE
• Cisco Unified CM
• Cisco Unified CM IM&P
• Cisco Unified CM SME
• Cisco Unity Connection
• Cisco Webex Calling Dedicated Instance

請參考供應商發佈的連結以了解受影響的版本：

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-pcce-xss-2JVyg3uD
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-privesc-p6tBm6jk
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iec6400-Pem5uQ7v
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-pcce-xss-2JVyg3uD
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-privesc-p6tBm6jk
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iec6400-Pem5uQ7v
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b

---

漏洞識別碼

• CVE-2026-20045
• CVE-2026-20055
• CVE-2026-20080
• CVE-2026-20092
• CVE-2026-20109

---

資料來源

• Cisco

---

相關連結

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-pcce-xss-2JVyg3uD
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-privesc-p6tBm6jk
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iec6400-Pem5uQ7v
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b

Cisco Products Multiple Vulnerabilities

Release Date: 22 Jan 2026

RISK: Extremely High Risk

TYPE: Security software and application - Security Software & Appliance

Multiple vulnerabilities were identified in Cisco products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, cross-site scripting, remote code execution and elevation of privilege on the targeted system.

 

Note:

CVE-2026-20045 is being exploited in the wild. Due to improper validation of user-supplied input in HTTP requests, an attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. Hence, the risk level is rated as Extremely High Risk.

---

Impact

• Denial of Service
• Elevation of Privilege
• Remote Code Execution
• Cross-Site Scripting

---

System / Technologies affected

• Cisco IEC6400 Wireless Backhaul Edge Compute Software
• Cisco Intersight Connected Virtual Appliance (CVA)
• Cisco Intersight Private Virtual Appliance (PVA)
• Cisco Packaged CCE
• Cisco Unified CCE
• Cisco Unified CM
• Cisco Unified CM IM&P
• Cisco Unified CM SME
• Cisco Unity Connection
• Cisco Webex Calling Dedicated Instance

For affected versions, please refer to the link issued by the vendor:

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-pcce-xss-2JVyg3uD
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-privesc-p6tBm6jk
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iec6400-Pem5uQ7v
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b

 

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-pcce-xss-2JVyg3uD
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-privesc-p6tBm6jk
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iec6400-Pem5uQ7v
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b

---

Vulnerability Identifier

• CVE-2026-20045
• CVE-2026-20055
• CVE-2026-20080
• CVE-2026-20092
• CVE-2026-20109

---

Source

• Cisco

---

Related Link

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-pcce-xss-2JVyg3uD
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-privesc-p6tBm6jk
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iec6400-Pem5uQ7v
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b

GitLab 多個漏洞

發佈日期: 2026年01月22日

風險: 中度風險

類型: 伺服器 - 其他伺服器

於 GitLab 發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發阻斷服務狀況及繞過保安限制。

---

影響

• 阻斷服務
• 繞過保安限制

---

受影響之系統或技術

• GitLab Community Edition (CE) 18.8.2, 18.7.2, 18.6.4 以前的版本
• GitLab Enterprise Edition (EE) 18.8.2, 18.7.2, 18.6.4 以前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

• https://about.gitlab.com/releases/2026/01/21/patch-release-gitlab-18-8-2-released/

---

漏洞識別碼

• CVE-2025-13335
• CVE-2025-13927
• CVE-2025-13928
• CVE-2026-0723
• CVE-2026-1102

---

資料來源

• GitLab

---

相關連結

• https://about.gitlab.com/releases/2026/01/21/patch-release-gitlab-18-8-2-released/

GitLab Multiple Vulnerabilities

Release Date: 22 Jan 2026

RISK: Medium Risk

TYPE: Servers - Other Servers

Multiple vulnerabilities were identified in GitLab. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and security restriction bypass on the targeted system.

---

Impact

• Denial of Service
• Security Restriction Bypass

---

System / Technologies affected

• GitLab Community Edition (CE) versions prior to 18.8.2, 18.7.2, 18.6.4
• GitLab Enterprise Edition (EE) versions prior to 18.8.2, 18.7.2, 18.6.4

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://about.gitlab.com/releases/2026/01/21/patch-release-gitlab-18-8-2-released/

---

Vulnerability Identifier

• CVE-2025-13335
• CVE-2025-13927
• CVE-2025-13928
• CVE-2026-0723
• CVE-2026-1102

---

Source

• GitLab

---

Related Link

• https://about.gitlab.com/releases/2026/01/21/patch-release-gitlab-18-8-2-released/

Zoom 產品遠端執行程式碼漏洞

發佈日期: 2026年01月21日

風險: 中度風險

類型: 用戶端 - 辦公室應用

於 Zoom 產品發現一個漏洞。遠端攻擊者可利用此漏洞，於目標系統觸發遠端執行任意程式碼。

---

影響

• 遠端執行程式碼

---

受影響之系統或技術

• Zoom Node Meetings Hybrid (ZMH) MMR module 5.2.1716.0 之前的版本
• Zoom Node Meeting Connector (MC) MMR module 5.2.1716.0 之前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之官方網站，以獲得更多詳細資料。

安裝軟件供應商提供的修補程式：

 

• https://www.zoom.com/en/trust/security-bulletin/zsb-26001/

---

漏洞識別碼

• CVE-2026-22844

---

資料來源

• Zoom

---

相關連結

• https://www.zoom.com/en/trust/security-bulletin/zsb-26001/

Zoom Products Remote Code Execution Vulnerability

Release Date: 21 Jan 2026

RISK: Medium Risk

TYPE: Clients - Productivity Products

A vulnerability was identified in Zoom Products. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.

---

Impact

• Remote Code Execution

---

System / Technologies affected

• Zoom Node Meetings Hybrid (ZMH) MMR module versions prior to 5.2.1716.0
• Zoom Node Meeting Connector (MC) MMR module versions prior to 5.2.1716.0

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 

• https://www.zoom.com/en/trust/security-bulletin/zsb-26001/

---

Vulnerability Identifier

• CVE-2026-22844

---

Source

• Zoom

---

Related Link

• https://www.zoom.com/en/trust/security-bulletin/zsb-26001/

Google Chrome 阻斷服務狀況漏洞

發佈日期: 2026年01月21日

風險: 中度風險

類型: 用戶端 - 瀏覽器

於 Google Chrome 發現一個漏洞。遠端攻擊者可利用此漏洞，於目標系統觸發阻斷服務狀況。

---

影響

• 阻斷服務

---

受影響之系統或技術

• Google Chrome 144.0.7559.96 (Linux) 之前的版本
• Google Chrome 144.0.7559.96/.97 (Mac) 之前的版本
• Google Chrome 144.0.7559.96/.97 (Windows) 之前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

安裝軟件供應商提供的修補程式：

• 更新至 144.0.7559.96 (Linux) 或之後版本
• 更新至 144.0.7559.96/.97 (Mac) 或之後版本
• 更新至 144.0.7559.96/.97 (Windows) 或之後版本

---

漏洞識別碼

• CVE-2026-1220

---

資料來源

• Google Chrome

---

相關連結

• https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_20.html

Google Chrome Denial Of Service Vulnerability

Release Date: 21 Jan 2026

RISK: Medium Risk

TYPE: Clients - Browsers

A vulnerability was identified in Google Chrome. A remote attacker could exploit this vulnerability to trigger denial of service condition on the targeted system.

---

Impact

• Denial of Service

---

System / Technologies affected

• Google Chrome prior to 144.0.7559.96 (Linux)
• Google Chrome prior to 144.0.7559.96/.97 (Mac)
• Google Chrome prior to 144.0.7559.96/.97 (Windows)

---

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

• Update to version 144.0.7559.96 (Linux) or later
• Update to version 144.0.7559.96/.97 (Mac) or later
• Update to version 144.0.7559.96/.97 (Windows) or later

---

Vulnerability Identifier

• CVE-2026-1220

---

Source

• Google Chrome

---

Related Link

• https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_20.html

甲骨文產品多個漏洞

發佈日期: 2026年01月21日

風險: 中度風險

類型: 伺服器 - 數據庫伺服器

於甲骨文產品發現多個漏洞，遠端攻擊者可利用這些漏洞，於目標系統觸發權限提升、阻斷服務狀況、遠端執行程式碼、敏感資料洩露、資料篡改及繞過保安限制。

 

---

影響

• 阻斷服務
• 遠端執行程式碼
• 繞過保安限制
• 資料洩露
• 權限提升
• 篡改

---

受影響之系統或技術

• Oracle MySQL
• Java SE
• Oracle Database Server
• WebLogic Server
• VirtualBox

 

有關其他 甲骨文 產品，請參閱以下連結:

https://www.oracle.com/security-alerts/cpujan2026.html

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

 

https://www.oracle.com/security-alerts/cpujan2026.html

---

漏洞識別碼

• https://www.oracle.com/security-alerts/cpujan2026.html

---

資料來源

• Oracle

---

相關連結

• https://www.oracle.com/security-alerts/cpujan2026.html

Oracle Products Multiple Vulnerabilities

Release Date: 21 Jan 2026

RISK: Medium Risk

TYPE: Servers - Database Servers

Multiple vulnerabilities were identified in Oracle Products, a remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege, denial of service condition, remote code execution, sensitive information disclosure, data manipulation and security restriction bypass on the targeted system.

 

---

Impact

• Denial of Service
• Remote Code Execution
• Security Restriction Bypass
• Information Disclosure
• Elevation of Privilege
• Data Manipulation

---

System / Technologies affected

• Oracle MySQL
• Java SE
• Oracle Database Server
• WebLogic Server
• VirtualBox

 

For other Oracle products, please refer to the link below:

https://www.oracle.com/security-alerts/cpujan2026.html

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

 

https://www.oracle.com/security-alerts/cpujan2026.html

---

Vulnerability Identifier

• https://www.oracle.com/security-alerts/cpujan2026.html

---

Source

• Oracle

---

Related Link

• https://www.oracle.com/security-alerts/cpujan2026.html

Microsoft Edge 多個漏洞

發佈日期: 2026年01月19日

風險: 中度風險

類型: 用戶端 - 瀏覽器

於 Microsoft Edge 發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發阻斷服務狀況、遠端執行任意程式碼及繞過保安限制。

---

影響

• 遠端執行程式碼
• 阻斷服務
• 繞過保安限制

---

受影響之系統或技術

• Microsoft Edge 144.0.3719.82 之前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

安裝軟件供應商提供的修補程式：

• 更新至 144.0.3719.82 或之後版本

---

漏洞識別碼

• CVE-2026-0899
• CVE-2026-0900
• CVE-2026-0901
• CVE-2026-0902
• CVE-2026-0903
• CVE-2026-0904
• CVE-2026-0905
• CVE-2026-0906
• CVE-2026-0907
• CVE-2026-0908
• CVE-2026-21223

---

資料來源

• Microsoft Edge

---

相關連結

• https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#january-14-2026
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0899
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0900
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0901
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0902
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0903
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0904
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0905
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0906
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0907
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0908
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21223

Microsoft Edge Multiple Vulnerabilities

Release Date: 19 Jan 2026

RISK: Medium Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution and security restriction bypass on the targeted system.

---

Impact

• Remote Code Execution
• Denial of Service
• Security Restriction Bypass

---

System / Technologies affected

• Microsoft Edge version prior to 144.0.3719.82

---

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

• Update to version 144.0.3719.82 or later

---

Vulnerability Identifier

• CVE-2026-0899
• CVE-2026-0900
• CVE-2026-0901
• CVE-2026-0902
• CVE-2026-0903
• CVE-2026-0904
• CVE-2026-0905
• CVE-2026-0906
• CVE-2026-0907
• CVE-2026-0908
• CVE-2026-21223

---

Source

• Microsoft Edge

---

Related Link

• https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#january-14-2026
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0899
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0900
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0901
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0902
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0903
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0904
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0905
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0906
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0907
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0908
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21223

Juniper Junos OS 多個漏洞

發佈日期: 2026年01月16日

風險: 中度風險

類型: 操作系統 - Network

於 Juniper Junos OS 發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發遠端執行程式碼、阻斷服務狀況、洩露敏感資料、權限提升及繞過保安限制。

---

影響

• 阻斷服務
• 資料洩露
• 繞過保安限制
• 權限提升
• 遠端執行程式碼

---

受影響之系統或技術

• Junos OS
• Junos OS Evolved

詳情請參閱以下連結﹕

https://supportportal.juniper.net/s/global-search/%40uri#sortCriteria=date%20descending&f-sf_articletype=Security%20Advisories&numberOfResults=25

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

請參閱 2026-01 安全公告。

• https://supportportal.juniper.net/s/global-search/%40uri#sortCriteria=date%20descending&f-sf_articletype=Security%20Advisories&numberOfResults=25

---

漏洞識別碼

• CVE-2024-50302
• CVE-2025-52987
• CVE-2025-59959
• CVE-2025-59960
• CVE-2025-59961
• CVE-2025-60003
• CVE-2025-60007
• CVE-2025-60011
• CVE-2026-0203
• CVE-2026-21903
• CVE-2026-21905
• CVE-2026-21906
• CVE-2026-21907
• CVE-2026-21908
• CVE-2026-21909
• CVE-2026-21910
• CVE-2026-21911
• CVE-2026-21912
• CVE-2026-21913
• CVE-2026-21914
• CVE-2026-21917
• CVE-2026-21918
• CVE-2026-21920
• CVE-2026-21921

---

資料來源

• Juniper Network

---

相關連結

• https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-A-specifically-crafted-show-chassis-command-causes-chassisd-to-crash-CVE-2025-60007
• https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-Receipt-of-a-specifically-malformed-ICMP-packet-causes-an-FPC-restart-CVE-2026-0203
• https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-If-a-specific-request-is-processed-by-the-DNS-subsystem-flowd-will-crash-CVE-2026-21920
• https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-and-MX-Series-When-TCP-packets-occur-in-a-specific-sequence-flowd-crashes-CVE-2026-21918
• https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-MX10k-Series-show-system-firmware-CLI-command-may-lead-to-LC480-or-LC2101-line-card-reset-CVE-2026-21912
• https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-Evolved-A-Linux-kernel-vulnerability-in-the-HID-driver-allows-an-attacker-to-read-information-from-the-HID-Report-buffer-CVE-2024-50302
• https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-BGP-update-with-a-set-of-specific-attributes-causes-rpd-crash-CVE-2025-60003
• https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-A-specifically-malformed-GTP-message-will-cause-an-FPC-crash-CVE-2026-21914
• https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-DHCP-Option-82-messages-from-clients-being-passed-unmodified-to-the-DHCP-server-CVE-2025-59960
• https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Optional-transitive-BGP-attribute-is-modified-before-propagation-to-peers-causing-sessions-to-flap-CVE-2025-60011
• https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-Specifically-malformed-SSL-packet-causes-FPC-crash-CVE-2026-21917
• https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-MX-Series-with-MX-SPC3-or-MS-MPC-Receipt-of-multiple-specific-SIP-messages-results-in-flow-management-process-crash-CVE-2026-21905
• https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-Evolved-Flapping-management-interface-causes-MAC-learning-on-label-switched-interfaces-to-stop-CVE-2026-21911
• https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-EX4k-Series-QFX5k-Series-In-an-EVPN-VXLAN-configuration-link-flaps-cause-Inter-VNI-traffic-drop-CVE-2026-21910
• https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-Space-TLS-SSL-server-supports-use-of-static-key-ciphers-ssl-static-key-ciphers-CVE-2026-21907
• https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Paragon-Automation-A-clickjacking-vulnerability-in-the-web-server-configuration-has-been-addressed-CVE-2025-52987
• https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-Subscribing-to-telemetry-sensors-at-scale-causes-all-FPCs-to-crash-CVE-2026-21903
• https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-EX4000-A-high-volume-of-traffic-destinated-to-the-device-leads-to-a-crash-and-restart-CVE-2026-21913
• https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-specific-IS-IS-update-packet-causes-memory-leak-leading-to-RPD-crash-CVE-2026-21909
• https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-telemetry-collectors-are-frequently-subscribing-and-unsubscribing-to-sensors-chassisd-or-rpd-will-crash-CVE-2026-21921
• https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Unix-socket-used-to-control-the-jdhcpd-process-is-world-writable-CVE-2025-59961
• https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Executing-a-specific-show-command-leads-to-an-rpd-crash-CVE-2025-59959
• https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Use-after-free-vulnerability-In-802-1X-authentication-daemon-can-cause-crash-of-the-dot1xd-process-CVE-2026-21908
• https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-With-GRE-performance-acceleration-enabled-receipt-of-a-specific-ICMP-packet-causes-the-PFE-to-crash-CVE-2026-21906