【資安漏洞預警】ISA新增2個已知遭駭客利用之漏洞至KEV目錄(2026/01/12-2026/01/18)

【資安漏洞預警】ISA新增2個已知遭駭客利用之漏洞至KEV目錄(2026/01/12-2026/01/18)
[Security Vulnerability Alert] Two known vulnerabilities exploited by hackers have been added to the KEV directory for ISA (2026/01/12-2026/01/18).

發布單位：圖資處數位服務組

日期範圍：2026/1/20 ～ 2026/7/20

發布單位：圖資處數位服務組

日期範圍：2026/1/20 ～ 2026/7/20

行政行政公告

全體

轉發台灣電腦網路危機處理暨協調中心資安訊息警訊 TWCERTCC-200-202601-00000015

[內容說明]
【CVE-2025-8110】Gogs Path Traversal Vulnerability (CVSS v3.1: 8.8)
【是否遭勒索軟體利用:未知】 Gogs存在路徑遍歷漏洞，PutContents API對符號連結處理不當，可能導致遠端程式碼執行。

【CVE-2026-20805】Microsoft Windows Information Disclosure Vulnerability (CVSS v3.1: 5.5)
【是否遭勒索軟體利用:未知】 Microsoft Windows Desktop Windows Manager存在資訊洩露漏洞，該漏洞允許已授權的攻擊者在本機洩露資訊。

[影響平台]
【CVE-2025-8110】請參考官方所列的影響版本 https://github.com/gogs/gogs/pull/8078

【CVE-2026-20805】請參考官方所列的影響版本 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20805

[建議措施]
【CVE-2025-8110】官方已針對漏洞釋出修復更新，請更新至相關版本 https://github.com/gogs/gogs/pull/8078

【CVE-2026-20805】官方已針對漏洞釋出修復更新，請更新至相關版本 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20805

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202601-00000015

[Content Description]
【CVE-2025-8110】Gogs Path Traversal Vulnerability (CVSS v3.1: 8.8)
【Exploited by Ransomware: Unknown】 Gogs has a path traversal vulnerability. Improper handling of symbolic links by the PutContents API could lead to remote code execution.

【CVE-2026-20805】Microsoft Windows Information Disclosure Vulnerability (CVSS v3.1: 5.5)
【Exploited by Ransomware: Unknown】 Microsoft Windows Desktop Windows Manager has an information disclosure vulnerability that allows an authorized attacker to disclose information on the local machine.

[Affected Platforms]
【CVE-2025-8110】Please refer to the official list of affected versions: https://github.com/gogs/gogs/pull/8078

【CVE-2026-20805】Please refer to the official list of affected versions: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20805

[Recommended Actions]
【CVE-2025-8110】An official patch update has been released for this vulnerability. Please update to the relevant version: https://github.com/gogs/gogs/pull/8078

【CVE-2026-20805】An official patch update has been released for this vulnerability. Please update to the relevant version: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20805

【資安漏洞預警】ISA新增2個已知遭駭客利用之漏洞至KEV目錄(2026/01/12-2026/01/18)
[Security Vulnerability Alert] Two known vulnerabilities exploited by hackers have been added to the KEV directory for ISA (2026/01/12-2026/01/18).

發布單位：圖資處數位服務組

日期範圍：2026/1/20 ～ 2026/7/20

行政行政公告

全體

相關附件

無

【返回上頁】

【資安漏洞預警】ISA新增2個已知遭駭客利用之漏洞至KEV目錄(2026/01/12-2026/01/18) [Security Vulnerability Alert] Two known vulnerabilities exploited by hackers have been added to the KEV directory for ISA (2026/01/12-2026/01/18).

發布單位：圖資處數位服務組

日期範圍：2026/1/20 ～ 2026/7/20

行政 行政公告

全體

相關附件

無

【返回上頁】

【資安漏洞預警】ISA新增2個已知遭駭客利用之漏洞至KEV目錄(2026/01/12-2026/01/18)
[Security Vulnerability Alert] Two known vulnerabilities exploited by hackers have been added to the KEV directory for ISA (2026/01/12-2026/01/18).

行政行政公告