CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update

Source: The Hacker News

Newly Added Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.

• CVE-2026-2441 (CVSS: 8.8) – Use‑after‑free in Google Chrome that may allow remote code execution via a crafted HTML page.
• CVE-2024-7694 (CVSS: 7.2) – Arbitrary file upload in TeamT5 ThreatSonar Anti‑Ransomware 3.4.5 and earlier, enabling malicious file upload and arbitrary command execution.
• CVE-2020-7796 (CVSS: 9.8) – Server‑side request forgery (SSRF) in Synacor Zimbra Collaboration Suite (ZCS) that can be used to access sensitive information on remote hosts.
• CVE-2008-0015 (CVSS: 8.8) – Stack‑based buffer overflow in Microsoft Windows Video ActiveX Control, allowing remote code execution via a specially crafted web page.

Additional Context

• CVE‑2026‑2441 – Google confirmed that an exploit for this Chrome zero‑day is active in the wild. Details on the weaponization are limited to avoid aiding other threat actors before a patch is widely deployed.

• CVE‑2020‑7796 – GreyNoise reported in March 2025 that a cluster of roughly 400 IP addresses was actively exploiting multiple SSRF flaws, including this one, targeting systems in the United States, Germany, Singapore, India, Lithuania, and Japan.

• CVE‑2008‑0015 – Microsoft’s threat encyclopedia notes that exploitation can cause a browser to download additional malware. The exploit has been observed delivering the Dogkild worm, which can propagate via removable drives, retrieve and execute additional binaries, overwrite system files, terminate security‑related processes, and modify the Windows Hosts file to block access to security‑related websites.

• CVE‑2024‑7694 – The exploitation method for the TeamT5 ThreatSonar vulnerability remains unclear. Federal Civilian Executive Branch (FCEB) agencies are advised to apply the required patches by March 10, 2026 for optimal protection.