The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. This critical update necessitates immediate attention from organizations to mitigate potential attacks leveraging these security flaws.
The latest additions to the KEV catalog highlight a range of vulnerabilities affecting widely used software, including Google Chrome, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Synacor Zimbra Collaboration Suite. The inclusion of these flaws means that threat actors are actively leveraging them, increasing the risk for organizations that have not yet applied relevant patches.
CISA Identifies New Exploited Vulnerabilities
The U.S. cybersecurity watchdog confirmed the addition of four new security vulnerabilities on February 18, 2026. This move places a mandate on federal agencies to implement protective measures by a specified deadline. The identified vulnerabilities include CVE-2026-2441 in Google Chrome, CVE-2024-7694 in TeamT5 ThreatSonar Anti-Ransomware, CVE-2020-7796 in Synacor Zimbra Collaboration Suite, and CVE-2008-0015 affecting Microsoft Windows.
The inclusion of these specific CVEs indicates that CISA has obtained sufficient evidence to confirm their active exploitation by malicious actors. Organizations worldwide, beyond federal agencies, are strongly advised to prioritize patching these vulnerabilities to prevent compromise.
In-Depth Look at the Newly Cataloged Vulnerabilities
CVE-2026-2441: Google Chrome Use-After-Free Flaw
A use-after-free vulnerability in Google Chrome, designated CVE-2026-2441, carries a high CVSS score of 8.8. This flaw could enable a remote attacker to exploit heap corruption through a specially crafted HTML page. Google recently acknowledged that exploits for this vulnerability are already present in the wild. The specifics of how the vulnerability is being weaponized are currently being withheld to prevent wider adoption by threat actors.
CVE-2024-7694: TeamT5 ThreatSonar Anti-Ransomware File Upload Vulnerability
The TeamT5 ThreatSonar Anti-Ransomware software, specifically versions 3.4.5 and earlier, is affected by an arbitrary file upload vulnerability (CVE-2024-7694) with a CVSS score of 7.2. This vulnerability allows attackers to upload malicious files, potentially leading to arbitrary system command execution on the server. Information regarding active exploitation of this specific flaw remains limited.
CVE-2020-7796: Synacor Zimbra Collaboration Suite SSRF Vulnerability
A critical server-side request forgery (SSRF) vulnerability in Synacor Zimbra Collaboration Suite (ZCS), known as CVE-2020-7796, has a high CVSS score of 9.8. Threat intelligence firm GreyNoise reported in March 2025 that around 400 IP addresses were actively exploiting multiple SSRF vulnerabilities, including this one, to target susceptible Zimbra instances in various countries. This allows attackers to send crafted HTTP requests to remote hosts and gain unauthorized access to sensitive information.
CVE-2008-0015: Microsoft Windows Video ActiveX Control Buffer Overflow
Affecting Microsoft Windows Video ActiveX Control, CVE-2008-0015 is a stack-based buffer overflow vulnerability with a CVSS score of 8.8. Microsoft has noted that visiting a web page containing an exploit for this flaw can lead to the download and execution of additional malware. It has been observed that this exploit is used to download and run Dogkild, a worm that spreads through removable drives and can interfere with security software by modifying system files and preventing access to security-related websites.
Federal Agency Mandates and Future Implications
Federal Civilian Executive Branch (FCEB) agencies are mandated to apply the necessary fixes for these vulnerabilities by March 10, 2026. This deadline underscores the urgency for governmental organizations to fortify their defenses against these actively exploited threats. The inclusion of these vulnerabilities in CISA’s KEV catalog serves as a stark reminder of the ever-evolving threat landscape and the importance of proactive vulnerability management.
The continued addition of known exploited vulnerabilities to the KEV catalog signifies the ongoing efforts by CISA to guide organizations in prioritizing their security efforts. The agency consistently updates its list as new threats emerge and evidence of exploitation becomes available. Organizations should monitor CISA advisories and their KEV catalog regularly for the latest updates on critical vulnerabilities and recommended mitigation strategies.