February 18, 2026

CISA Identifies Four Actively Exploited Security Vulnerabilities in Latest KEV Update

Vaibhav February 18, 2026
CISA-Identifies-Four-Actively-Exploited-Security-Vulnerabilities-in-Latest-KEV-Updatedata
Post Views: 16

US CISA Adds Four Security Vulnerabilities to KEV Catalog

The US Cybersecurity and Infrastructure Security Agency (CISA) has added four security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, indicating that these flaws are currently being actively exploited by threat actors.

Affected Vulnerabilities

  • CVE-2026-2441, a use-after-free vulnerability in Google Chrome with a CVSS score of 8.8, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  • CVE-2024-7694, an arbitrary file upload vulnerability in TeamT5 ThreatSonar Anti-Ransomware versions 3.4.5 and earlier, with a CVSS score of 7.2, which could allow an attacker to upload malicious files and achieve arbitrary system command execution on the server.
  • CVE-2020-7796, a server-side request forgery (SSRF) vulnerability in Synacor Zimbra Collaboration Suite (ZCS) with a CVSS score of 9.8, which could allow an attacker to send a crafted HTTP request to a remote host and obtain unauthorized access to sensitive information.
  • CVE-2008-0015, a stack-based buffer overflow vulnerability in Microsoft Windows Video ActiveX Control with a CVSS score of 8.8, which could allow an attacker to achieve remote code execution by setting up a specially crafted web page.

Exploitation Details

The addition of CVE-2026-2441 to the KEV catalog comes shortly after Google acknowledged that an exploit for this vulnerability exists in the wild. However, the exact method of exploitation is currently unknown, and this information is typically withheld until a majority of users have been updated with a fix.

According to a report by threat intelligence firm GreyNoise in March 2025, a cluster of around 400 IP addresses was actively exploiting multiple SSRF vulnerabilities, including CVE-2020-7796, to target susceptible instances in several countries.

The exploitation of CVE-2008-0015 is also known to involve a worm that can retrieve and run additional binaries, overwrite system files, terminate security-related processes, and replace the Windows Hosts file. However, the exact mechanism of exploitation for CVE-2024-7694 is currently unclear.

Remediation Requirements

Federal Civilian Executive Branch (FCEB) agencies are required to prioritize the remediation of these vulnerabilities, as they are considered to be under active exploitation.



About Author

Vaibhav

See author's posts

More Stories

AI-Powered-Cyberattacks-Surge-3-195-Incidents-Every-Weekdata

AI-Powered Cyberattacks Surge: 3,195 Incidents Every Week

Vaibhav February 18, 2026
Qodo-Unveils-AI-Powered-Governance-System-for-Code-Quality-Assurance-and-Controldata

Qodo Unveils AI-Powered Governance System for Code Quality Assurance and Control

Vaibhav February 18, 2026
AI-Powered-Network-Detection-for-MSSP-Environments-Enhanced-Cybersecurity-Solutionsdata

AI-Powered Network Detection for MSSP Environments: Enhanced Cybersecurity Solutions

Vaibhav February 18, 2026

You may have missed

AI-Powered-Cyberattacks-Surge-3-195-Incidents-Every-Weekdata

AI-Powered Cyberattacks Surge: 3,195 Incidents Every Week

Vaibhav February 18, 2026
Qodo-Unveils-AI-Powered-Governance-System-for-Code-Quality-Assurance-and-Controldata

Qodo Unveils AI-Powered Governance System for Code Quality Assurance and Control

Vaibhav February 18, 2026
AI-Powered-Network-Detection-for-MSSP-Environments-Enhanced-Cybersecurity-Solutionsdata

AI-Powered Network Detection for MSSP Environments: Enhanced Cybersecurity Solutions

Vaibhav February 18, 2026
ED-Tracks-Mule-Accounts-in-Digital-Arrest-Cyber-Fraud-Attaches-1-76-Croredata-1

ED Tracks Mule Accounts in Digital Arrest Cyber Fraud, Attaches ₹1.76 Crore

Vaibhav February 18, 2026
Real-Time-AI-Behavioral-Intent-Analysis-for-Secure-Agent-Managementdata

Real-Time AI Behavioral Intent Analysis for Secure Agent Management

Vaibhav February 18, 2026
en_USEnglish
en_USEnglish