SAP Security Patch Day Delivers 17 Fixes Including Four Critical HotNews Vulnerabilities

SAP released its January 2026 Security Patch Day package containing 17 security notes, with four rated as critical HotNews vulnerabilities requiring immediate attention. The most severe issue is CVE-2026-0501, a SQL injection flaw in S/4HANA Financials with a CVSS score of 9.9 that allows authenticated attackers with low privileges to execute arbitrary SQL queries and completely compromise financial data systems. Additional critical vulnerabilities include CVE-2026-0500, a remote code execution flaw in Wily Introscope Enterprise Manager with a CVSS score of 9.6 that enables unauthenticated attackers to achieve complete system takeover, and CVE-2026-0492, a privilege escalation vulnerability in SAP HANA database scoring 8.8 that allows authenticated users to compromise database integrity. Organizations running SAP environments are urged to apply emergency patches immediately, with RedRays’ automated code scanner having independently identified one of the critical missing authorization vulnerabilities in NetWeaver Application Server ABAP.

CISA Orders Federal Agencies to Patch Actively Exploited Gogs Path Traversal Vulnerability

The Cybersecurity and Infrastructure Security Agency added CVE-2025-8110 to its Known Exploited Vulnerabilities catalog after confirming active exploitation of the high-severity Gogs vulnerability with a CVSS score of 8.7. The flaw stems from improper symbolic link handling in the PutContents API that bypasses protections implemented for a previously patched vulnerability, allowing authenticated attackers to overwrite sensitive files outside repositories and achieve remote code execution. Wiz Research discovered the zero-day while investigating malware infections in July and identified over 1,400 exposed Gogs instances globally, with more than 700 showing signs of compromise through suspicious repositories with random eight-character names created by automated attack tools. Federal agencies must apply mitigations by February 2, 2026, with ServiceNow recommending all organizations disable open-registration settings and restrict server access through VPN or IP allow-lists until patches can be deployed.

Critical ServiceNow AI Platform Vulnerability Enables Unauthenticated User Impersonation

ServiceNow disclosed CVE-2025-12420, a critical authentication bypass vulnerability in its AI Platform with a CVSS score of 9.3 that allows unauthenticated attackers to impersonate legitimate users and perform all operations the target user is entitled to execute. The flaw was discovered by SaaS security firm AppOmni and researcher Aaron Costello in October 2025, with ServiceNow deploying rapid remediation on October 30 to most hosted instances while providing security updates to self-hosted customers, partners, and affected Store App versions. The vulnerability represents a significant privilege escalation risk where attackers could step into the digital identity of privileged employees without ever authenticating, potentially enabling data theft, unauthorized configuration changes, and lateral movement within enterprise environments. Organizations running self-hosted ServiceNow AI Platform deployments, particularly those with Now Assist and Virtual Agent components, should immediately verify patch status and audit logs for unusual impersonation activity.

UK Government Launches £210 Million Cybersecurity Initiative to Address Critical Public Sector Risks

The United Kingdom government announced a £210 million cybersecurity program targeting critically high risks across public sector systems that remain dependent on vulnerable legacy platforms. The comprehensive initiative includes creation of a Government Cyber Unit for enhanced cross-department coordination and accountability, establishment of the Government Cyber Coordination Centre for strategic national defense operations, and launch of the first Government Cyber Profession to address persistent skills shortages supported by a dedicated Cyber Resourcing Hub. The investment responds to escalating threats against government infrastructure and follows analysis showing widespread reliance on outdated systems that lack modern security controls, representing one of the largest public sector cybersecurity commitments in recent UK history.

Over 10,000 Fortinet Firewalls Exposed to Actively Exploited Five-Year-Old 2FA Bypass Flaw

More than 10,000 Fortinet firewalls remain exposed online and vulnerable to attacks exploiting CVE-2020-12812, a critical two-factor authentication bypass vulnerability originally patched in July 2020. The improper authentication flaw allows attackers to log in to unpatched FortiGate SSL VPN devices without being prompted for the second factor of authentication by simply changing the username’s case when LDAP is enabled in specific configurations. Fortinet warned on December 24 that threat actors are actively abusing this five-year-old vulnerability in the wild, with the Shadowserver Foundation identifying over 9,700 vulnerable instances globally, including more than 1,200 in the United States. The vulnerability has been exploited by multiple ransomware groups including Play and Hive, as well as Iranian APT actors, and was added to CISA’s Known Exploited Vulnerabilities catalog in 2021 with orders for federal agencies to remediate by May 2022.