The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of them being exploited in the wild.
Here is the list of vulnerabilities:
CVE-2026-2441 (CVSS score: 8.8) – Use-after-free vulnerability in Google Chrome allows remote attackers to potentially exploit heap corruption via a crafted HTML page. CVE-2024-7694 (CVSS Score: 7.2) – Arbitrary file upload vulnerability in TeamT5 ThreatSonar Anti-Ransomware versions 3.4.5 and earlier could allow an attacker to upload a malicious file and execute arbitrary system commands on the server. CVE-2020-7796 (CVSS Score: 9.8) – A server-side request forgery (SSRF) vulnerability in Synacor Zimbra Collaboration Suite (ZCS) could allow an attacker to send a crafted HTTP request to a remote host and gain unauthorized access to sensitive information. CVE-2008-0015 (CVSS Score: 8.8) – A stack-based buffer overflow vulnerability in the Microsoft Windows Video ActiveX control could allow an attacker to execute remote code by setting up a specially crafted web page.
The addition of CVE-2026-2441 to the KEV catalog comes days after Google acknowledged that “an exploit for CVE-2026-2441 does exist.” It is currently unknown how this vulnerability is being weaponized, but such information is typically withheld until the majority of users have been updated with the fix to prevent other threat actors from joining the wave of exploitation.
Regarding CVE-2020-7796, a report published in March 2025 by threat intelligence firm GreyNoise revealed that a cluster of approximately 400 IP addresses was actively exploiting multiple SSRF vulnerabilities, including CVE-2020-7796, targeting susceptible instances in the United States, Germany, Singapore, India, Lithuania, and Japan.
“When a user visits a web page containing an exploit detected as Exploit:JS/CVE-2008-0015, it may connect to a remote server and download other malware,” Microsoft notes in its Threat Encyclopedia. The company also said it is aware of cases where the exploit could be used to download and execute the Dogkild worm, which propagates through removable drives.
The worm has the ability to retrieve and execute additional binaries, overwrite certain system files, terminate a long list of security-related processes, and even replace the Windows host file to prevent users from accessing websites related to security programs.
It is currently unknown how the TeamT5 ThreatSonar Anti-Ransomware vulnerability is being exploited. Federal Civilian Executive Branch (FCEB) agencies are encouraged to apply the necessary amendments by March 10, 2026 for optimal protection.
Source link
