POSTING DATE: 2026/01/23
[VULNERABILITY ALERT] ISA Adds 2 Known Exploited Vulnerabilities to KEV Catalog (2026/01/12-2026/01/18)
- Subject: [VULNERABILITY ALERT] ISA Adds 2 Known Exploited Vulnerabilities to KEV Catalog (2026/01/12-2026/01/18)
- Content Description:
- Forwarded from Taiwan Computer Emergency Response Team/Coordination Center Security Alert TWCERTCC-200-202601-00000015
- [CVE-2025-8110] Gogs Path Traversal Vulnerability (CVSS v3.1: 8.8)
- [Ransomware Exploitation: Unknown] Gogs contains a path traversal vulnerability where the PutContents API improperly handles symbolic links, which could lead to remote code execution.
- [CVE-2026-20805] Microsoft Windows Information Disclosure Vulnerability (CVSS v3.1: 5.5)
- [Ransomware Exploitation: Unknown] Microsoft Windows Desktop Window Manager contains an information disclosure vulnerability that allows an authorized attacker to leak information locally.
- Affected Platforms:
- [CVE-2025-8110] Please refer to the affected versions listed officially: https://github.com/gogs/gogs/pull/8078
- [CVE-2026-20805] Please refer to the affected versions listed officially: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20805
- Recommended Actions:
- [CVE-2025-8110] Official security updates have been released. Please update to the relevant versions: https://github.com/gogs/gogs/pull/8078
- [CVE-2026-20805] Official security updates have been released. Please update to the relevant versions: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20805
Computer and Communication Center
Network Systems Division, Respectfully
