Security Advisory: Weekly Advisory January 15th, 2026

In this week’s Security Advisory

• Palo Alto Patches DoS Vulnerability Crashing Firewall
• Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access
• SAP Security Patch Day January 2026 Addresses Critical Vulnerabilities
• Microsoft January 2026 Patch Tuesday
• Node.js Patches DoS Vulnerability
• Security Updates Released for Adobe, Chrome, and Firefox

Palo Alto Patches DoS Vulnerability Crashing Firewalls

Palo Alto has released a patch for a vulnerability affecting its GlobalProtect Gateway and Portal. The vulnerability, CVE-2026-0227 (CVSS 7.7/10), enables an unauthenticated attacker to cause a denial-of-service (DoS) to the firewall. A Proof-of-Concept also exists for this vulnerability. Palo Alto confirmed that this vulnerability only affects PAN-OS NGFW or Prisma Access configurations with a GlobalProtect gateway or portal enabled.

Affected Versions

• A full list of affected versions can be found here.

Recommendations

• Apply the latest updates.

More Reading / Information

• https://security.paloaltonetworks.com/CVE-2026-0227
• https://thehackernews.com/2026/01/palo-alto-fixes-globalprotect-dos-flaw.html

Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access

A vulnerability with a WordPress plugin called Modular DS has been actively exploited in the wild. The vulnerability, CVE-2026-23550 (CVSS 10/10), allows an unauthenticated user to gain access to the plugin and escalate their privileges to admin level. This is possible because the authentication system contains a “direct request” feature that allows authentication to be bypassed when certain parameters are met.

Affected Versions

• All versions of the plugin before and including 2.5.1.

Recommendations

• Update to the latest version of the plugin.

More Reading / Information

• https://thehackernews.com/2026/01/critical-wordpress-modular-ds-plugin.html
• https://nvd.nist.gov/vuln/detail/CVE-2026-23550

SAP Security Patch Day January 2026 Addresses Critical Vulnerabilities

SAP released 17 new security patches this week, fixing critical vulnerabilities across enterprise systems. This patch cycle addresses severe vulnerabilities targeting SAP’s essential infrastructure. Of note, CVE-2026-0501 (CVSS 9.9/10) is a SQL injection vulnerability in SAP’s 4 HANA’s General Ledger module, allowing authenticated attackers to execute arbitrary SQL queries. The result of which may directly compromise the integrity of financial data across S4CORE versions 102 through 109 in both private cloud and on-premises environments.

Affected Versions

• A full list of affected versions can be found here.

Recommendations

• Apply the latest updates.

More Reading / Information

• https://support.sap.com/en/my-support/knowledge-base/security-notes-news/january-2026.html
• https://www.securityweek.com/saps-january-2026-security-updates-patch-critical-vulnerabilities/

Microsoft January 2026 Patch Tuesday

Microsoft’s January 2025 Patch Tuesday includes security updates for 112 vulnerabilities, with one that has been exploited in the wild. The vulnerability being exploited is CVE-2026-20805, which is described as an important-severity information disclosure issue in the Desktop Windows Manager component of Windows. The advisory also contains patches for eight critical-severity vulnerabilities.

Affected Versions

• A full list of affected versions can be found here.

Recommendations

Apply the latest updates.

More Reading / Information

• https://msrc.microsoft.com/update-guide/vulnerability
• https://www.securityweek.com/microsoft-patches-exploited-windows-zero-day-111-other-vulnerabilities/

Node.js Patches DoS Vulnerability

Node.js has patched CVE-2025-59466 (CVSS 7.5/10), which if successfully exploited will trigger a denial-of-service (DoS) condition. This condition is present where “async_hooks” is enabled and triggered through a stack-based buffer overflow. Exploitation will cause Node.js to exit without it’s Exception Handler; skipping the applications error catcher creates the DoS condition.

Affected Versions

• A Node.js 20.20.0.
• Node.js 22.22.0.
• Node.js 24.13.0.
• Node.js 25.3.0.

Recommendations

• Upgrade to the most recent version.

More Reading / Information

• https://nodejs.org/en/blog/defenselessness/january-2026-dos-mitigation-async-hooks
• https://thehackernews.com/2026/01/critical-nodejs-vulnerability-can-cause.html

Security Updates Released for Adobe, Chrome, and Firefox

Adobe has released patches for 25 vulnerabilities in several products. Adobe also called urgent attention to CVE-2025-66516 (CVSS 10/10), which is an XML External Entity (XXE) injection bug in Apache Tika modules that could be exploited via XFA files placed inside PDF documents.

Google Chrome announced patches with an updated browser version, which has addressed ten new vulnerabilities. Successful exploitation of these can lead to buffer overflows and remote code execution.

Mozilla has released updates to Firefox ESR, Thunderbird, and Thunderbird ESR to address 16 new vulnerabilities. If exploited, some of these could lead to remote code execution.

Recommendations

• Apply the latest patches to any affected Adobe products.
• Upgrade to Google Chrome to version 144.0.7559.59 for Linux and as versions 144.0.7559.59/60 for Windows and macOS.
  • Recent versions of Google Chrome have auto-update enabled by default. Organizations should confirm that the setting is not disabled and that they are not running any versions where the auto-update setting was not enabled by default. If updates are not set to auto-update, organizations need to ensure that they are communicating the need to update browsers with their users. Follow-up confirmation that the updates have been applied to users is essential. Additionally, browsers must be restarted to apply updates.
• Upgrade to Mozilla Firefox to version 147.
  • Recent versions of Firefox have auto-update enabled by default. Organizations should confirm that the setting is not disabled and that they are not running any versions where the auto-update setting was not enabled by default. If updates are not set to auto-update, organizations need to ensure that they are communicating the need to update browsers with their users. Follow-up confirmation that the updates have been applied to users is essential. Additionally, browsers must be restarted to apply updates.

More Reading / Information

• https://helpx.adobe.com/security.html
• https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_13.html
• https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/

Recommendations

Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to “vendor-supported versions” only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, CyberMaxx strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.