{"id":214820,"date":"2026-02-18T01:52:00","date_gmt":"2026-02-18T06:52:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/18\/cisa-flags-four-security-flaws-under-active-exploitation-in-latest-kev-update\/"},"modified":"2026-02-18T06:45:07","modified_gmt":"2026-02-18T11:45:07","slug":"cisa-flags-four-security-flaws-under-active-exploitation-in-latest-kev-update","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/18\/cisa-flags-four-security-flaws-under-active-exploitation-in-latest-kev-update\/","title":{"rendered":"CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/02\/cisa-flags-four-security-flaws-under.html\">CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/02\/cisa-flags-four-security-flaws-under.html\">https:\/\/thehackernews.com\/2026\/02\/cisa-flags-four-security-flaws-under.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-18 01:52:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p><span class=\"p-author\">\ue804<span class=\"author\">Ravie Lakshmanan<\/span>\ue802<span class=\"author\">Feb 18, 2026<\/span><\/span><span class=\"p-tags\">Threat Intelligence \/ Vulnerability<\/span><\/p>\n<p>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.<\/p>\n<p>The list of vulnerabilities is as follows &#8211;<\/p>\n<ul>\n<li><strong>CVE-2026-2441<\/strong> (CVSS score: 8.8) &#8211; A use-after-free vulnerability in Google Chrome that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page.<\/li>\n<li><strong>CVE-2024-7694<\/strong> (CVSS score: 7.2) &#8211; An arbitrary file upload vulnerability in TeamT5 ThreatSonar Anti-Ransomware versions 3.4.5 and earlier that could allow an attacker to upload malicious files and achieve arbitrary system command execution on the server.<\/li>\n<li><strong>CVE-2020-7796<\/strong> (CVSS score: 9.8) &#8211; A server-side request forgery (SSRF) vulnerability in Synacor Zimbra Collaboration Suite (ZCS) that could allow an attacker to send a crafted HTTP request to a remote host and obtain unauthorized access to sensitive information.<\/li>\n<li><strong>CVE-2008-0015<\/strong> (CVSS score: 8.8) &#8211; A stack-based buffer overflow vulnerability in Microsoft Windows Video ActiveX Control that could allow an attacker to achieve remote code execution by setting up a specially crafted web page.<\/li>\n<\/ul>\n<p>The addition of CVE-2026-2441 to the KEV catalog comes days after Google acknowledged that &#8220;an exploit for CVE-2026-2441 exists in the wild.&#8221; It&#8217;s currently not known how the vulnerability is being weaponized, but such information is typically withheld until a majority of the users are updated with a fix so as to prevent other threat actors from joining the exploitation bandwagon.<\/p>\n<p>As for CVE-2020-7796, a report published by threat intelligence firm GreyNoise in March 2025 revealed that a cluster of about 400 IP addresses was actively exploiting multiple SSRF vulnerabilities, including CVE-2020-7796, to target susceptible instances in the U.S., Germany, Singapore, India, Lithuania, and Japan.<\/p>\n<p>&#8220;When a user visits a web page containing&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/02\/cisa-flags-four-security-flaws-under.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update https:\/\/thehackernews.com\/2026\/02\/cisa-flags-four-security-flaws-under.html Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":214821,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiMthhoYB21iUycGm4t9Z8XBCzBHeEBnyGAy0VYV_szV8cL19wb2nn0OSqFBl35b7viP2cIkWdNIULp3eZHNPXMAjdyL67hvTY7wlYizhDDysYKzSinMqCJrh44qfrrdTmfT3Dx9H_gJlFayVV0NoDAP_JSPHDLo0WQjM4d7AGdA-wo8mf1vmoZIPrjBZQY\/s1600\/cisa-kev.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,31,27],"class_list":["post-214820","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/214820"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=214820"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/214820\/revisions"}],"predecessor-version":[{"id":214822,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/214820\/revisions\/214822"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/214821"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=214820"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=214820"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=214820"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}