NVD disclosure day

Published threat advisories for January 21, 2026

CVE-2026-20045

Cisco Unified Communications Command Execution Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in Cisco Unified Communications products allows unauthenticated remote attackers to execute commands on the operating system. This could lead to unauthorized access and privilege escalation, impacting communication systems. The business risk is considered Critical.

NVD published: January 21, 2026 • CISA KEV

CVE advisoryKnown Exploit

CVE-2026-24061

GNU Inetutils Authentication Bypass Vulnerability.

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

GNU Inetutils telnetd has an authentication bypass vulnerability. This flaw allows unauthorized remote access by manipulating the USER environment variable. The business risk includes unauthorized system access and potential data compromise.

NVD published: January 21, 2026 • CISA KEV