Vulnerabilities
-
Two n8n sandbox escape flaws allow remote code execution
JFrog Security Research disclosed two eval injection flaws in n8n that can bypass sandboxes and allow remote code execution. One is rated CVSS 9.9. Users are advised to update affected versions.
-
Two malicious PyPI spellchecker packages delivered Python RAT and were downloaded over 1,000 times
Researchers found two malicious PyPI packages that hid a Base64 downloader in a Basque dictionary file and delivered a Python RAT after a January 21 2026 update. The packages were downloaded just over 1,000 times before removal.
-
Cellbreak Pyodide sandbox escape in Grist‑Core allows remote code execution
A Pyodide sandbox escape in Grist‑Core, CVE-2026-24002, can enable remote code execution and host runtime JavaScript. The flaw was fixed in version 1.7.9 on January 9, 2026. Update or set the sandbox to gvisor.
-
Multiple groups exploit WinRAR CVE-2025-8088 using Alternate Data Streams since July 2025
Multiple state-backed and criminal groups have exploited the high severity WinRAR path traversal CVE-2025-8088 since July 18, 2025. Exploits hide payloads in Alternate Data Streams and can drop persistent launchers to Startup folders.
-
Over 6,000 SmarterMail servers exposed and likely vulnerable to critical auth bypass
Shadowserver found more than 6,000 SmarterMail servers exposed and likely vulnerable to CVE-2026-23760, a critical authentication bypass that can reset admin passwords and allow remote code execution. A vendor fix was released in build 9511.
-
Microsoft issues emergency patch for Office zero-day CVE-2026-21509
Microsoft issued out-of-band patches for Office zero-day CVE-2026-21509, rated 7.8. Service-side protection covers newer builds and a registry workaround is provided for older Office versions. Federal agencies must remediate by February 16, 2026.
-
Git dependencies can bypass npm ignore-scripts protections, researchers find
Koi Security found that Git dependencies can circumvent npm’s –ignore-scripts protection and allow code execution. Several JavaScript package managers patched the flaws but npm closed the report and did not apply a fix
-
Malicious VSCode extensions with 1.5 million installs exfiltrate developer data
Two malicious Visual Studio Code extensions installed about 1.5 million times read and transmit open files and workspace data to China based servers, the technical analysis by Koi Security reports.
-
CISA adds four vulnerabilities to KEV catalog and sets federal patch deadline
CISA added four vulnerabilities to its Known Exploited Vulnerabilities catalog on January 22, 2026, citing active exploitation. Federal agencies must apply fixes by February 12, 2026 under BOD 22-01 to secure networks.
-
Critical GNU InetUtils telnetd flaw allows remote root login
A critical CVE-2026-24061 in GNU InetUtils telnetd allows remote authentication bypass and potential root login on versions 1.9.3 through 2.7 rated 9.8 CVSS. Administrators are urged to patch or disable telnetd.
