CISA added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog on February 17, citing evidence of active exploitation in the wild.

What Got Flagged

  • CVE-2026-2441 (CVSS 8.8) — A use-after-free in Google Chrome that lets a remote attacker exploit heap corruption through a crafted web page. Google has confirmed in-the-wild exploitation.
  • CVE-2024-7694 (CVSS 7.2) — An arbitrary file upload flaw in TeamT5 ThreatSonar Anti-Ransomware (v3.4.5 and earlier) that allows attackers to upload malicious files and execute system commands.
  • CVE-2020-7796 (CVSS 9.8) — A server-side request forgery (SSRF) in Zimbra Collaboration Suite that grants unauthorized access to sensitive information. Roughly 400 IPs were seen exploiting this across multiple countries as far back as March 2025.
  • CVE-2008-0015 (CVSS 8.8) — A stack-based buffer overflow in Microsoft Windows Video ActiveX Control enabling remote code execution. Old, but still circulating via the Dogkild worm.

What to Do

  1. Update Chrome immediately. Automatic updates handle this for managed fleets, but verify rollout.
  2. Check Zimbra instances. The SSRF is critical (9.8) and has been exploited at scale. If you run ZCS, patch or isolate it now.
  3. Review your KEV list posture. Federal agencies face a March 10 remediation deadline, but every organization should treat KEV entries as urgent.

The age range here — 2008 to 2026 — is a reminder that unpatched legacy systems remain a real attack surface.