Patch Roundup February 10

MongoDB: Pre-Authentication Denial of Service (CVE-2026-25611)

Severity: 8.7 (High)

Affected: MongoDB Server 7.0, 8.0, 8.2 prior to fixed releases

This is the standout issue outside the traditional Patch Tuesday players.

CVE-2026-25611 allows an unauthenticated attacker to send specially crafted messages that exhaust server memory and crash the MongoDB instance.

Key points:

• No authentication required
• Network reachable
• Direct availability impact

If MongoDB is exposed, intentionally or not, this becomes a straightforward disruption vector.

MongoDB also addressed several other server-side issues this month:

• Query planner crashes
• Segmentation faults
• Stack exhaustion via deeply nested expressions
• Resource collisions in internal locking mechanisms

Most of these require authorized access, but they reinforce a theme. Complex query handling remains a stress point in database engines.

If MongoDB underpins production services, this is a patch-now situation.

Intel: Firmware and Management Layers Under the Microscope

Intel released a large set of advisories on February 10, many focused on firmware and management subsystems. These do not always make it into traditional patch cycles, but they matter.

Intel AMT and CSME Network DoS (CVE-2025-32008)

Severity: 8.6+ (High)

Impact: Unauthenticated network denial of service

Layer: Management firmware

This vulnerability affects Intel Active Management Technology and Converged Security and Management Engine. An unauthenticated attacker on the network can trigger a denial of service condition.

That is important because:

• It operates below the operating system
• It impacts remote management infrastructure
• It is often overlooked in patch governance programs

Firmware rarely gets the same urgency as OS patching. It should.

Intel TDX Module Privilege Escalation and Information Disclosure

Intel Trust Domain Extensions modules received multiple fixes, including a high severity race condition under CVE-2025-30513.

These issues:

• Affect hypervisor-level trust boundaries
• Require privileged local access
• Impact confidentiality and integrity

They are not remotely exploitable, but they are relevant in cloud and multi-tenant virtualization scenarios.

Server Firmware Update Utility High Severity Local EoP

CVE-2025-25210 and CVE-2025-22453 affect Intel’s Server Firmware Update Utility.

These are local privilege escalation vulnerabilities requiring privileged access, but they exist inside tooling responsible for firmware updates, which means they often run in high-trust contexts.

This month reinforces a broader lesson. Management tools are attack surface.

QNAP: Storage Platforms Still a Soft Target

On February 12, QNAP released multiple advisories across:

• QTS
• QuTS hero
• Qsync Central
• File Station 5

Issues include:

• Path traversal
• Improper input validation
• Memory corruption
• Denial of service

Most require authenticated access, but NAS appliances are frequently exposed or misconfigured in small and mid-sized environments.

Storage devices tend to fall into the configure once and forget category. That mindset is exactly what attackers rely on.

Cisco TelePresence and RoomOS Remote Endpoint Disruption

CVE-2026-20119

Severity: 7.5 (High)

Cisco patched a denial of service issue in TelePresence CE and RoomOS software. An attacker can cause a device to reload by triggering crafted text rendering, for example through a malicious meeting invitation.

Important details:

• Unauthenticated
• No user interaction required
• Remote trigger

In environments heavily dependent on video collaboration, this becomes an easy way to disrupt operations.

It is not data theft. It is availability disruption. That still matters.

Fortinet FortiClientEMS SQL Injection (CVE-2026-21643)

Severity: 9.1 (Critical)

Affected: FortiClientEMS 7.4.4

This is a critical SQL injection vulnerability in FortiClientEMS. Because the input isn’t sanitized, an unauthenticated attacker could send crafted HTTP requests to the administrative interface and potentially execute arbitrary code on the system.

Key points:

• Unauthenticated remote code execution
• Affects a specific version branch (7.4.x)
• High impact on confidentiality, integrity, and availability

While no active exploitation has been confirmed, the severity and ease of potential exploitation make this a high-priority patch. Fortinet has released version 7.4.5 to address the issue.

IBM: Middleware and Automation Stack Cleanup

IBM addressed a broad set of vulnerabilities across:

• webMethods Integration Server
• Business Automation Workflow
• Event Automation
• Planning Analytics

Notable items include:

• Critical vulnerabilities in embedded components
• Command injection in IBM Event Automation under CVE-2025-64756
• Java SDK issues affecting automation platforms under CVE-2026-1188

The pattern here is not a single catastrophic bug. It is dependency sprawl.

Enterprise middleware stacks bundle large numbers of third-party libraries. Patch governance needs to account for that.

AMD, HP, and Driver-Level Updates

AMD released processor and graphics driver fixes this month, including issues inherited across OEM advisories.

HP addressed:

• Printer information disclosure
• Denial of service conditions
• Firmware-related weaknesses

Individually, these are not headline events. Collectively, they show how deeply embedded firmware and driver-level vulnerabilities are in enterprise environments.

HPE Aruba Networking Private 5G Core (HPESBNW05002)

HPE released a security bulletin addressing four vulnerabilities affecting Aruba Private 5G Core versions 1.24.3.0 through 1.24.3.3. The issues are rated High to Medium severity.

CVE-2026-23595 (High – CVSS 8.8)

An unauthenticated authentication bypass in the application API allows a remote attacker to create an administrative account without logging in. This could lead to full system takeover, configuration changes, and access to sensitive data.

CVE-2026-23596 (Medium – CVSS 6.5)

An improper access control issue in the management API allows an unauthenticated attacker to trigger service restarts, potentially causing service disruption or denial of service.

CVE-2026-23597 and CVE-2026-23598 (Medium – CVSS 6.5)

Information disclosure vulnerabilities in the API error handling could expose sensitive system details such as user accounts, roles, and configuration data. While not directly granting access, this information could help attackers plan further attacks.

Resolution

HPE recommends upgrading to Private 5G Core version 1.25.1.0 or later, which resolves these issues. There are no workarounds for the affected versions.

Palo Alto Networks PAN-OS Advanced DNS Security (CVE-2026-0229)

PAN-OS is the operating system that runs Palo Alto Networks firewalls. The Advanced DNS Security (ADNS) feature is part of its threat prevention capabilities. It inspects DNS traffic to detect and block malicious domains, command-and-control activity, and DNS-based attacks.

When enabled, ADNS works with spyware profiles to block, alert on, or sinkhole suspicious DNS requests.

Summary of CVE-2026-0229

CVE-2026-0229 (Medium – CVSS 6.6, CVSS-B 8.7) is a denial-of-service vulnerability in the ADNS feature that allows an unauthenticated network attacker to send a specially crafted packet that triggers a firewall reboot. Repeated exploitation can force the firewall into maintenance mode, causing service disruption.

• Attack Vector: Network
• Privileges Required: None
• User Interaction: None
• Impact: High availability impact (system reboot / DoS)
• Exploit status: No known active exploitation

This issue does not impact Cloud NGFW or Prisma Access.

Affected Versions

The vulnerability affects:

• PAN-OS 12.1 versions 12.1.2 through 12.1.3
• PAN-OS 11.2 versions 11.2.0 through 11.2.9

Not affected:

• PAN-OS 12.1.4 and later
• PAN-OS 11.2.10 and later
• PAN-OS 11.1 (all)
• PAN-OS 10.2 (all)
• Cloud NGFW
• Prisma Access

Exposure Requirements

The firewall must:

• Have Advanced DNS Security enabled, and
• Have a spyware profile configured with block, sinkhole, or alert actions (anything other than allow).

Resolution

There are no workarounds and no detection signature available. The only fix is to upgrade:

• Upgrade PAN-OS 12.1 to 12.1.4 or later
• Upgrade PAN-OS 11.2 to 11.2.10 or later
• Upgrade any unsupported versions to a supported fixed release

Apple: Zero-Day Actively Exploited

Apple pushed updates across iOS, iPadOS, macOS, watchOS, tvOS, and visionOS to fix CVE-2026-20700, a memory corruption flaw in the system’s dynamic linker (dyld).

Why this matters:

• The vulnerability was a zero-day, meaning attackers were already using it before a patch was available.
• Successful exploitation could allow arbitrary code execution, essentially letting an attacker run malicious software on a device.
• Apple described the attacks as “extremely sophisticated” and targeted.

Apple also included fixes for related WebKit issues. Since WebKit powers Safari and all browsers on iOS, even third-party browsers depend on these patches.

Action step: Install the latest OS update on your Apple devices as soon as possible.

Google Chrome: Multiple Security Fixes

Google released Chrome 145 for Windows, macOS, and Linux, addressing at least 11 security vulnerabilities.

While Google doesn’t immediately publish full technical details for all flaws, several involved potential remote code execution risks triggered by malicious web content.

This type of issue typically requires nothing more than visiting a compromised website.

Action step: Restart Chrome to ensure you’re running the latest version, or check under Settings → About Chrome to confirm it has updated.

Why This Pattern Matters

This wasn’t routine housekeeping. At least one of these flaws was actively exploited. That tells us two things:

• Attackers are continuously probing widely used platforms.
• Fast patching really does reduce real risk.

Most successful compromises today happen on unpatched systems. Updates are not just feature releases, they’re frontline security fixes.

A Clear February Pattern

Across vendors, February’s theme was consistent:

• Firmware hardening
• Privilege escalation fixes
• Denial of service stability patches
• Management interface exposure
• Middleware dependency cleanup

There were fewer dramatic remote code execution headlines and more infrastructure-level corrections.

Those are the kinds of issues that quietly prevent bigger problems later.

How This Connects to the Broader Patch Cycle

If you have not yet reviewed our full breakdowns:

• Microsoft Patch Tuesday
• Adobe Security Updates
• GitLab Advisory Review
• SAP Security Notes
• FortiOS Updates
• WAGO Industrial Security
• WPvivid

Those posts cover the primary enterprise application and network stack changes.

This roundup focuses on what sits underneath: databases, firmware, hardware trust layers, and management tooling.

Ignoring those layers creates blind spots.

Final Thoughts

Not every vulnerability needs panic.

But unauthenticated denial of service in databases, network-reachable management firmware, and privilege escalation in hypervisor trust modules are not background noise.

They are infrastructure-level risk.

Patch governance should include:

• Firmware lifecycle tracking
• Management interface exposure audits
• Database service exposure validation
• Appliance patch reviews
• Middleware dependency visibility

Organizations that treat firmware and management utilities as part of their real attack surface, not just background components, will always be ahead.

Disclaimer

This overview highlights vulnerabilities we consider operationally significant from February’s broader release cycle. It is not an exhaustive list of every advisory published during this period.

Organizations should review vendor security bulletins directly, validate their asset inventory, and assess exposure within their specific environments before making risk decisions.

References