CISA has added four critical vulnerabilities to its Known Exploited Vulnerabilities catalog, including flaws in Google Chrome, TeamT5 ThreatSonar, Zimbra Collaboration Suite, and Windows Video ActiveX Control, with federal agencies required to patch by March 10, 2026.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog with four security flaws confirmed to be under active attack. This catalog serves as an authoritative list of vulnerabilities that pose immediate risks due to active exploitation in the wild, requiring Federal Civilian Executive Branch agencies to remediate them within strict deadlines - in this case by March 10, 2026.
Actively Exploited Vulnerabilities
Google Chrome Use-After-Free Vulnerability (CVE-2026-2441)
CVSS Score: 8.8
This heap corruption vulnerability allows remote attackers to execute arbitrary code when users visit specially crafted HTML pages. Google confirmed active exploitation in the wild, though technical details remain limited to prevent widespread weaponization. All Chrome users should immediately update to the latest version viachrome://settings/help.TeamT5 ThreatSonar Arbitrary File Upload (CVE-2024-7694)
CVSS Score: 7.2
Affects ThreatSonar Anti-Ransomware versions 3.4.5 and earlier. Attackers can upload malicious files leading to full system command execution on servers running the software. While exploitation methods remain unclear, organizations should upgrade to the latest version immediately.Zimbra Collaboration Suite SSRF Vulnerability (CVE-2020-7796)
CVSS Score: 9.8
This server-side request forgery flaw in Synacor Zimbra allows attackers to send crafted HTTP requests and access sensitive information. Threat intelligence firm GreyNoise observed approximately 400 IP addresses actively exploiting this vulnerability across multiple countries. Zimbra administrators should apply patches from their security advisory portal.Windows Video ActiveX Control Buffer Overflow (CVE-2008-0015)
CVSS Score: 8.8
A stack-based buffer overflow in a legacy Windows component enables remote code execution via malicious web pages. Microsoft confirms exploitation to deploy Dogkild malware, which disables security tools, overwrites system files, and propagates via removable drives. Although patched years ago, unupdated systems remain vulnerable. Microsoft's threat encyclopedia details mitigation steps.
Practical Mitigation Strategies
Security leaders should prioritize these actions:
- Patch immediately: Apply vendor-provided updates for all affected systems
- Inventory legacy software: Identify systems running older versions of Windows components or unpatched security tools
- Monitor network traffic: Detect SSRF exploitation attempts with egress filtering
- Enforce principle of least privilege: Limit installation rights for browser extensions and ActiveX controls
- Verify anti-ransomware tools: Confirm ThreatSonar installations are updated beyond v3.4.5
CISA's KEV catalog continues to be a critical resource for vulnerability prioritization. As noted by CISA Director Jen Easterly in a recent statement, "Timely patching of known exploited vulnerabilities remains the single most effective defense against common attacks." Organizations beyond the federal government should treat KEV listings as urgent action items given their active exploitation status.
Comments
Please log in or register to join the discussion