The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog with four newly flagged security flaws that are currently under active exploitation.
The move signals heightened risk to organizations, particularly U.S. federal agencies, as the vulnerabilities affect widely used platforms including Google Chrome, Microsoft Windows, and enterprise collaboration systems.
Newly Added Vulnerabilities
The four vulnerabilities added to the KEV catalog include:
1. Google Chrome Use-After-Free Flaw
CVE-2026-2441, CVSS 8.8
A high severity use-after-free vulnerability in Google Chrome could allow remote attackers to trigger heap corruption using a specially crafted HTML page.
Google recently confirmed that exploitation has been observed in the wild. Technical details remain limited, a common practice intended to prevent copycat attacks before patches are widely deployed.
2. TeamT5 ThreatSonar Arbitrary File Upload
CVE-2024-7694, CVSS 7.2
An arbitrary file upload vulnerability affects TeamT5 ThreatSonar Anti-Ransomware versions 3.4.5 and earlier. Successful exploitation could enable attackers to upload malicious files and execute arbitrary system commands on vulnerable servers.
At present, public reporting has not detailed how this flaw is being weaponized.
3. Synacor Zimbra SSRF Vulnerability
CVE-2020-7796, CVSS 9.8
A critical server-side request forgery, SSRF, vulnerability in Synacor Zimbra Collaboration Suite, ZCS, enables attackers to send crafted HTTP requests to remote systems and potentially access sensitive data.
Threat intelligence company GreyNoise reported in March 2025 that approximately 400 IP addresses were actively exploiting multiple SSRF flaws, including CVE-2020-7796. Targeted regions included the United States, Germany, Singapore, India, Lithuania, and Japan.
4. Microsoft Windows Video ActiveX Buffer Overflow
CVE-2008-0015, CVSS 8.8
A legacy stack-based buffer overflow vulnerability in Microsoft Windows Video ActiveX Control can allow remote code execution via a specially crafted web page.
According to Microsoft’s threat intelligence documentation, exploitation may trigger the download of additional malware. In some cases, the flaw has been used to deploy Dogkild, a worm capable of:
- Propagating through removable drives
- Downloading and executing additional binaries
- Terminating security related processes
- Overwriting system files
- Modifying the Windows Hosts file to block access to security websites
Active Exploitation Concerns
The inclusion of these flaws in the KEV catalog confirms that attackers are actively exploiting them in real world scenarios. CISA requires Federal Civilian Executive Branch, FCEB, agencies to remediate listed vulnerabilities within specified timelines.
For this update, affected agencies must apply patches by March 10, 2026.
Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
